A few hosts behind my gateway want to accept general inbound internet connections. As discussed earlier there is a lot of crap and the gateway I run is off a residential internet connection. Combine that with some limited bandwidth radio links. I have been thinking about applying some IP blacklists using the ipset tool. ex: https://github.com/trick77/ipset-blacklist I am not super savvy on the more advanced functions of tcpip in the Linux networking stack. Since those in all the inbound packets from the internet are encapsulated at UCSD, how can I apply blacklisting? Can I apply them to the eth1 (wireless lan) output interface somehow? Examples are especially helpful. Thanks Steve, kb9mwr