For me the default iptables script is a little to lenient. For my laptop with no server services I minimized the script to these lines. Did not want icmp and ping coming in, a stealth box. Web, email and gaim all seem to be working. Am I missing something? Everything from the outside should be dropped right? One thing I'm not sure of is syn-flood but they should be dropped also. -Louis *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m tcp ! --syn -m state --state NEW -j DROP -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT COMMIT
