Thanks Dee! The letter "I" was the missing clue...im too tired to think now ;-). But now it works. The only difference from your script was that i wanted to block LAN users to access certain sites on the internet. I changed the command to the following: iptables -I FORWARD -d XXX.XXX.XXX.XXX --dport XX -j DROP So now i can go to bed and sleep. Again, thank you very much! /Richard Klovfors iptables: Deny a specific host: iptables -I INPUT -s XXX.XXX.XXX.XXX -j DROP Block ports by adding the following firewall rules: # Allow loopback access. This rule must come before the rules denying port access!! iptables -A INPUT -i lo -p all -j ACCEPT - This rule is essential if you want your own computer to be able to access itself throught the loopback interface iptables -A OUTPUT -o lo -p all -j ACCEPT iptables -A INPUT -p tcp -s 0/0 -d 0/0 --dport 2049 -j DROP - Block NFS iptables -A INPUT -p udp -s 0/0 -d 0/0 --dport 2049 -j DROP - Block NFS iptables -A INPUT -p tcp -s 0/0 -d 0/0 --dport 6000:6009 -j DROP - Block X-Windows iptables -A INPUT -p tcp -s 0/0 -d 0/0 --dport 7100 -j DROP - Block X-Windows font server iptables -A INPUT -p tcp -s 0/0 -d 0/0 --dport 515 -j DROP - Block printer port iptables -A INPUT -p udp -s 0/0 -d 0/0 --dport 515 -j DROP - Block printer port iptables -A INPUT -p tcp -s 0/0 -d 0/0 --dport 111 -j DROP - Block Sun rpc/NFS iptables -A INPUT -p udp -s 0/0 -d 0/0 --dport 111 -j DROP - Block Sun rpc/NFS iptables -A INPUT -p all -s localhost -i eth0 -j DROP - Deny outside packets from internet which claim to be from your loopback interface. Regards, /Dee