Hi! I don't use a frontend. I use SuSEfirewall and modified the /sbin/SuSEfirewall2 script. I added a chain to block users. Then I have a new variable in /etc/sysconfig/SuSEfirewall2 to edit and ca block specific IPs. Must be at the beginning of the script where iptables are initialized after the start command. First they are flushed, then they are set to disallow anything that's not allowed. I put it after: ############################################ # # # Now we begin to set the filter rules ... # # # ############################################ # Set default rules + flush # ############################# <snip> $IPTABLES -t mangle -X Put your rules here! For example: for IP in $FW_BLOCK_IP; do $IPTABLES -A INPUT -j "$DROP" -s $IP -d SERVERIP -i eth1 done Then add the line in /etc/sysconfig/SuSEfirewall2: FW_BLOCK_IP="1.2.3.4 2.3.4.0/16" Separate IP's or ranges with spaces! This blocks traffic to IP SERVERIP from networkdevice eth1. Philippe P.S.: Every rule that comes at the beginning will be processed and similar rules after that will not be processed. Don't block yourself as well! Try /sbin/SuSEfirewall2 stop /sbin/SuSEfirewall2 test All correct, no errors, then proceed? /sbin/SuSEfirewall2 stop /sbin/SuSEfirewall2 start to set new rules. A "restart" does not flush all rules everytime propper.