ok let me ask this first can i just have ipchains on the box without changing and routig etc that is set now as i wouldnt want to make an major overhaul! This is no problem, but the whole thing (blocking nimda "attacks" to your linux box) is really useless, as many have non-static ip-adresses and you will soon have a huge blocking table, which results in poor performance. If you have really too much entries in your logs (filling up the disks), clean them with a script that removes all those entries or contact the provider of the infected hosts. Blocking of huge address ranges doesn't solve any problems.
Markus Gaugusch -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.at X Against HTML Mail / \