If your kernel version is before 2.1.102; you need the ipfwchains patch to the 2.1.x or 2.0.x kernel series. You need to be running a kernel compiled with CONFIG_IP_FIREWALL (for 2.1.102 and above) or CONFIG_IP_FIREWALL_CHAINS set to `y'. You can tell that your current kernel is compiled with this by looking for `/proc/net/ip_fwchains' - if it exists, then your kernel is ready for the ipchains utility. See the HOWTO (available in plain text here, or from the web page in other formats) for details. There is also an excellent quick reference card by Scott Bronson, in A4 and US Letter sizes (best printed double-side). This was written in Word Perfect 7 on Linux; ask bronson@soda.berkeley.edu if you want it in that format. The concept and chunks of the implementation were grabbed from ipfwadm 2.3; the name has been changed to avoid confusion, as `ipfwadm' will NOT work with kernels with the new firewall code. Also, I took the opportunity to rationalize the command line parameters, making it perhaps more difficult for ipfwadm users (not necessarily a bad thing, as it highlights the differences) but hopefully making things more sane in the long run. In recognition of the fantastic work done by Jos Vos, without whom I would have had no code or concepts to guide me, here is the original copyright notice from many of the files. (Do NOT contact Jos with problems in these utilities; they are almost certainly things I wrecked, and complaining to him would be unfair and unrewarding). ================ Copyright (c) 1995,1996 by X/OS Experts in Open Systems BV. All rights reserved. Author: Jos Vos <jos@xos.nl> X/OS Experts in Open Systems BV Kruislaan 419 1098 VA Amsterdam The Netherlands E-mail: info@xos.nl WWW: http://www.xos.nl/ ================ Paul ``Rusty'' Russell, Paul.Russell@rustcorp.com.au. & Michael Neuling, mneuling@radlogic.com.au