Hello, Some people asked about matching [blocking] Kaaza 2 sessions. So try this simple rule: iptables -I FORWARD -i $internal_interface -p tcp -m string --string "KazaaClient" -j REJECT --reject-with tcp-reset [Or maybe worth to try -j TARPIT] In above rule I don''t specify separate ports due to dynamic port allocation. This rule works fine, catches and reset completly Kaaza 1 and 2 versions. Regards, tw -- ---------------- ck.eter.tym.pl "Never let shooling disturb Your education"