Hello. I'm was studying the smurf protection and was astonished to see that a RETURN rule without any IP restriction is written first in the chain : -A smurfs -s 0.0.0.0/32 -j RETURN -A smurfs -m addrtype --src-type BROADCAST -g smurflog -A smurfs -s 224.0.0.0/4 -g smurflog That mean that all packets will return and none will go into the smurflog chain (and then be dropped), right ? I tested the smurf attack to see how Shorewall would behave, unfortunately current Linux kernel considers them to be martians and thus prevent them from reaching Shorewall. I'm also wondering why Shorewall is sometimes using "addrtype MULTICAST" and other times as above "-s 224.0.0.0/4" ? Information about my setup : Shorewall version 4.5.21.7 fetched from Debian testing repository. H. Werner ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech