Hi, I'm a beginner and noticed than when I do e.g. iptables -A INPUT ... -s 10.0.0.2/24 ... this gets interpreted as "allow from source 10.0.0.0/24" i.e. from the entire network. I think it would be more beginner-proof if iptables would interpret this as incorrect input and error. Or at least, interpret 10.0.0.2/24 as 10.0.0.2/32. So if there is incorrect input, and that input is automatically re-interpretet (which in itself is unsafe, I would think), then at least interpret it in the way that is more restrictive (i.e. single IP instead of subnet). Otherwise I like iptables a lot, thanks for all the great work! Regards, Stefan