On 10/31/2014 01:20 AM, Always Learning wrote: > -R 4web 5 -p tcp --dport 888 -s 192.168.2.1/23 -j ACCEPT That will only work if you want to permit from source addresses in the 192.168.2.1 and 192.168.3.1 netblocks. I think you want a -s 192.168.1.1/23 <anecdote> When I was first starting out in IT, I was transitioning from Comms Engineering, where I was mentored by one of the guy who helped build the PSTN telephone network in AU. The two things he hammered home to me where; * Always check the lines you're working on, and then checking the numbers again. and * Always know how to use a different set of tools, because your preferred one may not be available when you need it the most. </anecdote>