> OK, I saw the problem. The default for FORWARD chain is > another chain called block and its rules don't block this traffic. Well, ehm, not really. The policy DROP for the chain means that all traffic that doesn't get ACCEPTed, REJECTed (or whatever) by one of your rules is DROPped. Do you have another rule in the chain the ACCEPT's this traffic, before it reaches your DROP rule ? Because then the packets are accepted before the ever reach the DROP chain. Gr, Rob
