>Better stick with Gavin's suggestion if possible. Or do some scripting >to get server's IP address before calling iptables. ... or use a source ip match and the negation feature to extend the rule to skip traffic from internal addresses greetings Guido