Hello, My server is on Mandriva 10.1 eth0 is WAN with static IP connected to 512K DSL eth1 is LAN - 192.168.0.0/24 and 192.168.21.0/24 I want to use IP + MAC filtering to allow/deny clients acces to net as follows. A FORWARD -i eth1 -o eth0 -s 192.168.0.5 \ -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT How do you handle a client connected to the LAN via wireless. In such a case there will be more than one MAC address in the route. Can you have multiple MAC in one rule or it is better to have multiple rule for the same IP for each MAC. Thanks in advance Varun