44net-request(a)hamradio.ucsd.edu wrote: Hi Tom, Yes, it is correct. It reads the output of the diff command which has lines like: < 1.2.3.4 It puts the < or > into $d and the IP address into $ip. Then it either deletes or inserts the IP address in the list using the case/esac on $d. You can copy/paste the script and run it and check using: iptables -L ipipfilter -vn to see if it works OK. You can run it again and nothing should change. When all is OK you can change the ampr-ripd startup to add the -x option and modify the firewall to use ipipfilter instead of ACCEPT for -p 4. Make sure in the startup sequence of the system you run the script once before the firewall is loaded, so that the ipipfilter target does exist before the rule for -p 4 is loaded. I have my own script that sets up the entire firewall, so I call the script from there. Rob