Hi Kurt I copied your ipchains firewall from SecurityPortal. I ve got a question about Anti Spoofing. You've done it like this: # ANTI-SPOOFING ipchains -A input -p all -j DENY -s 10.0.0.0/8 -i eth0 -d 0.0.0.0/0 ipchains -A input -p all -j DENY -s 127.0.0.0/8 -i eth0 -d 0.0.0.0/0 ipchains -A input -p all -j DENY -s 192.168.0.0/16 -i eth0 -d 0.0.0.0/0 ipchains -A input -p all -j DENY -s 172.16.0.0/16 -i eth0 -d 0.0.0.0/0 ipchains -A input -p all -j DENY -s $ETH0IP -i eth0 -d 0.0.0.0/0 First question: Do spoofers use IP Adresses only of private IP ranges? Second question: Where is the difference to : echo 1 > /proc/net/sys/ipv4/conf/all/rp_filter (frankly I don't know exactly what this does, I've read this line in suse-security mailinglist one month ago) Thank you Philipp