Hi all, This is part of my iptables -L -n -v. Please note that tcp packets are not rejected but dropped by the reject rule. But counters say they're rejected. This is the rule I use: iptables -A INPUT -p 6 -s 0/0 --sport 1024: -d xxx.xxx.xx.xx --dport 25 -i $waneth -j REJECT --reject-with tcp-reset 3 144 LOG all -- eth1 * 0/0 0/0 LOG flags 0 level 4 prefix `INPUT: ' 3 144 REJECT tcp -- eth1 * 0/0 xxx.xxx.xx.xx tcp spts:1024:65535 dpt:25 reject-with tcp-reset 0 0 DROP all -- eth1 * 0/0 0/0 As you can see the drop rule doesn't count any packets. But packets are dropped. Please see iptraf below: 212.254.101.100:23822 = 3 144 S--- eth1 xxx.xxx.xx.xx:25 = 0 0 ---- eth1 If working with tcp-reset I'd rather expect something like this: 212.254.101.100:23824 = 1 48 S--- eth1 xxx.xxx.xx.xx:25 = 1 40 RESET eth1 this is made manually by stopping smtpd but leaving the ports open for connection. Thank you for any help. Philipp