-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here's a quick hint ;) #!/bin/bash INTIF=eth0 EXTIF=eth1 SMTP=192.168.0.2/32 HTTP=192.168.0.3/32 IMAPS=192.168.0.4/32 SSH=192.168.0.0/24 iptables -P INPUT ACCEPT iptables -F INPUT iptables -P OUTPUT ACCEPT iptables -F OUTPUT iptables -P FORWARD DROP iptables -F FORWARD iptables -t nat -F iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT iptables -A FORWARD -i $EXTIF -o $INTIF -d $SMTP \ -p tcp --dport 25 -j ACCEPT iptables -A FORWARD -i $EXTIF -o $INTIF -d $HTTP \ -p tcp --dport 80 -j ACCEPT iptables -A FORWARD -i $EXTIF -o $INTIF -d $IMAPS \ -p tcp --dport 993 -j ACCEPT iptables -A FORWARD -i $EXTIF -o $INTIF -d $SSH \ -p tcp --dport 22 -j ACCEPT iptables -A FORWARD -i $EXTIF -o $INTIF -m state \ --state ESTABLISHED,RELATED -j ACCEPT .. the usual disclaimer - I just wrote it, didn't even execute it to see if it works. HTH anyway. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+KW6plDG6Z61nQGIRAiCZAKC3svABwK73cT9jhq8zCK+Gx+WA7ACg7ki1 Tv7wUkzn+Qn3Y9qvcnzZl/I= =/wxj -----END PGP SIGNATURE-----