> $IPTABLES -A INPUT -m state --state NEW, > ESTABLISHED,RELATED -j ACCEPT > $IPTABLES -A OUTPUT -m state --state NEW, > ESTABLISHED,RELATED -j ACCEPT > $IPTABLES -A FORWARD -m state --state NEW, > ESTABLISHED,RELATED -j ACCEPT I do not think you want this. Since you don't specify protocol and/or port, you are accepting any packet that is NEW, RELATED or ESTABLISHED. That means any packet. This is the same as having a policy of ACCEPT for all filter chains with no rules to block anything. If you want to filter anything, leave the NEW out of the rules, or just set policy to ACCEPT and skip these rules. (Btw, do you have policy set to DROP for INPUT, OUTPUT and FORWARD so that these rules make sense ?) Gr, Rob
