Quoting Rodrigo Barbosa <rodrigob at suespammers.org>: > Humm, that should be relatively simple: > > iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j ACCEPT You probably want to use INPUT chain of filter table for this: iptables -A INPUT -p tcp --destination-port 80 -j ACCEPT If INPUT chain of filter table has default policy set to DROP, putting an ACCEPT target into PREROUTING chain of nat table isn't going to let the packet go through the firewall. ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.