CM >* JW (jw@centraltexasit.com) [020430 15:15]: CM >> bismuth:~ # iptables -A INPUT -p tcp -i eth0 -s 192.168.0.110 -j CM >> DENY iptables v1.2.5: Couldn't load target CM >> `DENY':/usr/lib/iptables/libipt_DENY.so: cannot open shared object CM >> file: No such file or directory CM > CM >DENY is an ipchains target, you want DROP...I've done the same CM >thing. Ok, that's fine, and that works. But I can't figure out how to drop everything on <port> _except_ a certain IP. From everything I've read this should be correct: iptables -A INPUT -p tcp --destination-port 5001 -j DROP ! -s 192.168.0.110 Meaning, drop every connection to 5001 except from 192.168.0.110 . But that doens't work. Any more ideas? Also, I thoughtmaybe I had to do 2 rules: iptables -A INPUT -p tcp --destination-port 5001 -j DROP iptables -A INPUT -s 192.168.0.110 -p tcp --destination-port 5001 -j ACCEPT But that fails with the "can't find *accept.so*" error. Over the years I have tried to learn ipchains/iptables about 6 times, and it always gets the best of me. For some reason the instructions I find just never work. At least not like I expect them to. Since I never see other people complaining about it, I'll assume it's me that's the problem, but.... what is it that I'm missing? Thanks. -- ---------------------------------------------------- Jonathan Wilson System Administrator Clickpatrol.com Cedar Creek Software http://www.cedarcreeksoftware.com