> Further I would suggest limiting it, either or both "--syn" > or "-m state --state NEW". You only need one packet logged > per connection attempt. Wouldn't putting the rules in the nat table instead of the filter table, achieve that same thing and avoid evaluating the rules for every packet? Andrew ----------------------------------- Andrew Cant Developer LogiSense Corporation "IP Billing and Traffic Management" e: acant@xxxxxxxxxxxxx p: 1-519-249-0508 x4108 w: www.logisense.com weblog: http://blog.logisense.com forum: https://ssl.logisense.com/support/forum
