Sean Carolan wrote: > I do have a rule for blocking TCP, forgot to mention that. You can > see from my tcpdump output above that the inbound packet is UDP > though. I wonder why iptables doesn't block it even with this rule? Try to insert the rule (-I) instead of append (-A). I recall encountering weirdness between using the two different methods for adding a rule. I don't know why, but it seems to make a difference in some cases. The man page doesn't make it clear to me what the difference is and why it (might) cause a change of behavior. I'm not an iptables expert, for my real firewalls I use OpenBSD. nate