Hi, I use iptable with a kernel 2.4.2 with this rules for pop3 and DNS # ---------------------------------------------------------------------------- # DNS client (53) # --------------- iptables -A INPUT -p udp \ -s $NAMESERVER_1 --sport 53 \ -d $IPADDR --dport $UNPRIVPORTS -j ACCEPT iptables -A OUTPUT -p udp \ -s $IPADDR --sport $UNPRIVPORTS \ -d $NAMESERVER_1 --dport 53 -j ACCEPT iptables -A INPUT -p tcp ! --syn \ -s $NAMESERVER_1 --sport 53 \ -d $IPADDR --dport $UNPRIVPORTS -j ACCEPT iptables -A OUTPUT -p tcp \ -s $IPADDR --sport $UNPRIVPORTS \ -d $NAMESERVER_1 --dport 53 -j ACCEPT # ------------------------------------------------------------------ # POP server (110) # Acces pour : # ---------------- iptables -A INPUT -p tcp \ -s $popclient --sport $UNPRIVPORTS \ -d $IPADDR --dport 110 -j ACCEPT iptables -A OUTPUT -p tcp ! --syn \ -s $IPADDR --sport 110 \ -d $popclient --dport $UNPRIVPORTS -j ACCEPT with $IPADDR = ip adress for localhost $popclient = ip adresse for the pop client $UNPRIVPORTS="1024:65535" $NAMESERVER_1 = ip adress dor the name server -****************************************************************- with this rules I have 10 seconds for the response time, without iptables it's immediatly. WHat is wrong ? -- Henri Valeins Résonance Magnétique des Systèmes Biologiques UMR 5536 CNRS/Université Victor Segalen Bordeaux 2 146 rue Léo-Saignat (case 93) 33076 BORDEAUX cedex tel 33 (0)5 57 57 17 85 fax 33 (0)5 57 57 45 56