Hi all I have a default policy of DROP for the INPUT, OUTPUT AND FORWARD. I was thinking what just before the end of a FORWARD chain, I would use something like this. $IPT -t filter -A FORWARD -j -j REJECT --reject-with icmp-host-unreachable $IPT -t filter -A FORWARD -j DROP Would anyone be kind to advise me on whether this is ok. I defianltly think it will slow some applications from continuously retrying. Kind Regards Brent Clark