Oh I forgot to mention, one more thing I'm worrying about. I believe it's not possible to track the state of UDP connections, and since I run a caching DNS there will be some UDP traffic and I'm afraid my current rule set might drop those packets. Does anyone know how to allow this traffic with a default DROP policy? (This also goes for the NAT, with ICQ n stuff which I believe uses UDP as well). I just hope I'm totally wrong on this one and that the --state RELATED,ESTABLISHED will pick these up.
Kind regards, Ferry van Steen -------------------------------------------------------