> RH-Firewall-1-INPUT all -- anywhere anywhere > DROP all -- ip176-0.netcathost.com/24 anywhere wrong order - if the RH Firewall accepts it it won't be dropped... you want: > Chain INPUT (policy ACCEPT) > target prot opt source destination > DROP all -- ip176-0.netcathost.com/24 anywhere > RH-Firewall-1-INPUT all -- anywhere anywhere