Someone who explains to me why I cant just append rule 3,4,5,6 at the end of the INPUT rules (APPEND) instead I have to INSERT them? Is it because of rule 23 which cannot be overwritten? Would make sense to me. Then I better insert right bevore line 23, right?

Is this a serious question? [snip]

23 DROP all -- 0.0.0.0/0 0.0.0.0/0 24 REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 reject-with tcp-reset [snip]

Of course you *can* append rules 3-6 at the end of the INPUT chain, but they won't have any effect because of rule 23, which matches each and every IP packet and drops it on the floor. Rule 23 is in no way read-only, where did you get that idea? BTW, rule 24 is superfluous as well, it will never be hit, you might as well remove it. Tobias