Antony, I made mistake in specifying the port greater than 1024, and I meant >1024. ---- Anyway, for a more complex configuration same as example you wrote, can you tell me what is the benefit? If I just accept packets w/ ACK flag that is of the conneciton has a established state in the state table, rather than accepting every packets that seems to be of a connection in established state. I mean plz explain more :) , and give examples of disclosure if I don't use stateful feature. I wrote those rules, set of 4 rules. I can't underestand it's necessity, yet. Regards __Radien__
