We have ipchains firewalling on a RedHat 6.1 box here at work and we are having some problem with people running mail servers on the cable-modem dominated sections of the network (24.0.0.0). Here is the rule we have for that: IPCHAINS="/sbin/ipchains" LOCALNET="IP/NETMASK" $IPCHAINS -A input -l -s 24.0.0.0/8 -d $LOCALNET -j DENY Now, what I'd like to do is just allow access to port 25 for the whole subnet to eilminate my having to throw in specific IPs in and restart the firewall. Its like just a problem with my understanding of TCP/IP(or, more likely, IPchains) but here is what I have tried which didn't seem to work: $IPCHAINS -A input -p tcp -s 24.0.0.0/24 -d $LOCALNET 25 -j ACCEPT I also tried it without the port number. My big problem is not understanding what the mask "/24" is doing in this case (and many others)... Suggestions? Does anyone have a better philosophy regarding cable-modem users? Should I be punting all of their packets into oblivion? It feels good but it starting to become more of a staple and thus we may run into problems eventually... Thanks. ____________________________ Mike Neuharth ADCS Technology Specialist http://www.umn.edu/adcs E-Mail : mjn at umn.edu Page Mail : 6126486512 at page.metrocall.com http://supermonkeycollider.dyndns.org/ ____________________________