> absolutely !!! -t filter is the place to filter. -t nat is the place > to do NAT-related stuff, and not filtering. > > if you wanna filter packets coming TO your firewall machine, then > your rules should be in INPUT chain > > if you wanna filter packets going out FROM your firewall machine, > then your rules should be in OUTPUT chain > > if you wanna filter packets passing your firewall (ie, getting > routed), then your rules should be in FORWARD chain. Remember that > packets go and come, so depending the case, 2 rules are necessary to > fully accept a forwarded packet For packets going to the machine, i already am using the INPUT chain. My confusion was the filtering on the nat table, but now i'm clear thanks to you :) -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html