Hello... Today I have stopped on next problem. I've just want to block almost all connection on 80 port in my router with destination list's addresses. "Almost" because some connection are forwarded to another router in my LAN. So this is the rule: iptables -A FORWARD -p tcp -port 80 -d ! 192.168.131.0/24 && 192.168.110.0/24 -j DROP But it doesn't work.... in iptables spec. -d is only connect with single address not list. I found also iprange extension but it doesn't suit me. Is it possible to have list destination/source addresses in iptables rule? Thanks, Marcin
