I have a Mandrake box serving as a NAT/Firewall box. My IPCHAINS ruleset is as follows: default incoming policy of REJECT remote interface, any source, going to WAN interface address is valid outgoing policy of reject local interface, any source, going to LAN is valid forwarding policy is DENY If I wish to offer a service on the Linux box to the outside world, need I configure IPCHAINS to allow access to that service? For instance, if I wish to offer SSH on port 22 from the WAN, must I specifically allow access to that port? Regards, Nathan