In all this mess remember to accept packets to "lo" from your box as well as posibly icmp errors....
$iptables -A INPUT -i lo -j ACCEPT #Established related will take care of the return packets $iptables -A INPUT -p ICMP --icmp-type 0 -j ACCEPT echo "Accepting ECHO REPLYS" $iptables -A INPUT -p ICMP --icmp-type 3 -j ACCEPT echo "Accepting DESTINATION UNREACHABLE" $iptables -A INPUT -p ICMP --icmp-type 5 -j ACCEPT echo "Accepting REDIRECTS" #maybe #$iptables -A INPUT -p ICMP --icmp-type 8 -j ACCEPT #echo "Accepting ECHO" $iptables -A INPUT -p ICMP --icmp-type 11 -j ACCEPT echo "Accepting TIME EXCEEDED" And. if your doing this remotely copy this to a file make it exacutable and set cron to run it every hour or so while your working out the bugs ...so if you do lock yourself out the system will open itself back up without you having to go anywhere. #!/bin/sh # Flush and Reset IPTABLES to default values for f in filter nat mangle do $iptables -t $f -F $iptables -t $f -X done # Reset default policy # filter table for r in INPUT FORWARD OUTPUT do $iptables -t filter -P $r ACCEPT done .....my $0.02 -alex -- [EMAIL PROTECTED] mailing list