I''m not sure if this is incorporated into v4.1 or not, but I made this patch against 4.0.9. It basically implements the NONAT keyword in the masq table, allowing exceptions to be specified before MASQ entries. Sure, you can put exceptions on the individual masq rules, but if the exception is matched, it continues down the list processing more rules. So rather than having to put the same exceptions on every rule in the file, the NONAT catches it for every subsequent rule. Similar to the operation of NONAT in the rules table, but for the interface_masq chains. Patches against shorewall-perl, Nat.pm. -G ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/