I just need some clarification please. Take for example the following two rules: iptables -t nat -A PREROUTING -i $ext_card -s $client_IP -d $my_ext_ip -p tcp --dport 80 -j DNAT --to $int_web_IP:80 iptables -A FORWARD -i $ext_card -d $int_web-IP -p tcp --dport 80 -j ACCEPT According to my thinking the above rule would be unsafe as the source was not specified on the FORWARD rule. As the would allow anyone using the firewall as a gateway to have access to $int_web_IP on port 80. Is that correct? Paulo
