Hello I am new to this mailing list, I have a problem with iptables configuration I have an iptables file with following content: [I just briefed the content] -------------------------- :PREROUTING ACCEPT [831:64633] :POSTROUTING ACCEPT [20:1927] :OUTPUT ACCEPT [11:1333] -A POSTROUTING -s 192.168.0.1 -o eth1 -j MASQUERADE # LINE 1 -A PREROUTING -s 192.168.0.1 -p tcp -m mac --mac-source ! 00:30:48:54:AA:5A -j DROP #LINE 2 ------------------------------ at first it was just "LINE 1" but soon I figured out that some users cloning the existing IPs and try to connect to the internet. so I added the "LINE 2" to match their MAC Address and drop the packets if it isnt original. but now it seems that internet pages loading speed is diminished, I think this action (adding line 2) caused checking packets too much and that is why the it is slowed down. my question is if there is another way to determine the cloned IPs and drop them. is REJECTING faster than DROP? if yes how to use REJECT option ? any suggestion would be of a great help. thank you very much in advance. -- Regards, Mohammad -------------------------- see my blog: http://brainable.blogspot.com/ another in Persian: http://fekre-motefavet.blogspot.com/