Clearly, my eyes aren't as sharp when I'm half-awake. Here's the culprit:
: REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with : icmp-host-prohibited That's the tail end of the chain, so any rules appended to that chain (like the Tomcat rule I showed you) will never be reached. Rerun the "iptables --list" command, but use the switch to show rule numbers. You can then run the other iptables command I showed you, but use *insert* instead of *append*. Be sure to insert above that last reject rule. See the iptables docs/manpage for more info, commandline switches, etc. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]