[lotsa snips] >> Is the "-i eth0 redundant" if I have "-s" *and* "-d" arguments >> ? TT> no. think address spoofing. Hmm. I used to think that but doesn't route filter take care of this? cheers, BM -- To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org