Hi, thanks for your help. Actually, I wanted to block all incoming traffic that is not related to connections originating from my machine. Should a default policy of dropping all packets plus allowing only related packages be sufficient ? e.g. $IPTABLES -P INPUT DROP $IPTABLES -A INPUT -i $EXTIF -s $UNIVERSE -d $EXTIP -m state --state \ ESTABLISHED,RELATED -j ACCEPT Is there any way to test iptables-based firewalls without access to a second machine ? I installed the rule you told me and commented out the one allowing connections to the firewall - but how can I test that it works for me (except testing if my email/mozilla works)? Thanks, Hilmar > try something as: > > #Substitute values for yours. > #your iptables binary > IPT=iptables > #your external iface > EFACE=ppp0 > > $IPT -A INPUT -i $EFACE -p tcp --dport ssh --syn -j DROP > Say us if that is your need and if that works fine for you. -- DSL Komplett von GMX +++ Supergünstig und stressfrei einsteigen! AKTION "Kein Einrichtungspreis" nutzen: http://www.gmx.net/de/go/dsl
