Hi, 1) I have multiple (ip)sets containing addresses to blacklist. I could add them to the blrules file but for statistics (I need to know how many connections were blocked from set A and how many were blocked from set B) I need to differentiate between the sets. Can I do that with blrules or do I have to use the rules file? If I have to use the rules file, would I experience performances issues because rules like tcp flag checks will run before my drop rules? 2) I saw the "RATE LIMIT" and "CONNLIMIT" columns in the blrules file. Can somebody explain to me the usage scenario of these columns in blacklist? Does it mean if I set a limit of 10 cons per minute that only 10 connection per minute will be blacklisted? 3) I need to log each blacklisted connection attempt. But to prevent my logs from filling up with redundant data I'd like to set a log limit like "log only 1 connection attempt per host/dst port combination per n seconds" like I can do in the rules file. This doesn't seems to be possible with the blrules files, right? Regards, Igor ------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk