On Thu, Jul 10, 2008 at 6:08 PM, MHR <mhullrich at gmail.com> wrote: > ACCEPT tcp -- anywhere anywhere state NEW > tcp dpt:login > ACCEPT tcp -- anywhere anywhere state NEW > tcp dpt:shell It seems right to me... Try using "iptables -vL", it will show you how many packets have matched that rule. Then try to rsh or rlogin and see if the numbers change. That should give you a clue to whether it's working or not. HTH, Filipe P.S.: Once again: although it's great that you are digging into the problem, using iptables, and learning a lot on the process, you should *REALLY* consider ditching rsh/rlogin and sticking to SSH. I would consider using rsh/rlogin instead of SSH today about the same as using gopher instead of the WWW these days (for those of you who still remember it).