I don't like the idea of using the firewall that comes with ispconfig. Can anyone help me with my iptables rules so as the web server will still wortk after I switch the firewall on ?? Chain OUTPUT (policy ACCEPT) target prot opt source destination block 0 -- anywhere anywhere Chain block (3 references) target prot opt source destination ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT 0 -- anywhere anywhere state NEW,RELATED,ESTABLISHED LOG tcp -- anywhere anywhere tcp spts:1024:65535 dpt:ssh LOG level warning prefix `ssh connect:' ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:ssh LOG tcp -- anywhere anywhere tcp spts:1024:65535 dpt:ftp LOG level warning prefix `ftp connect:' ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:ftp LOG tcp -- anywhere anywhere tcp spts:1024:65535 dpt:smtp LOG level warning prefix `nameserver connect:' ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:smtp LOG tcp -- anywhere anywhere tcp spts:1024:65535 dpt:domain LOG level warning prefix `dns_tcp connect:' ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:domain LOG udp -- anywhere anywhere udp spts:1024:65535 dpt:domain LOG level warning prefix `dns_udp connect:' ACCEPT udp -- anywhere anywhere udp spts:1024:65535 dpt:domain LOG tcp -- anywhere anywhere tcp spts:1024:65535 dpt:www LOG level warning prefix `web connect:' ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:www LOG tcp -- anywhere anywhere tcp spts:1024:65535 dpt:81 LOG level warning prefix `81 connect:' ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:81 LOG tcp -- anywhere anywhere tcp spts:1024:65535 dpt:https LOG level warning prefix `ssl-www connect:' ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:https LOG tcp -- anywhere anywhere tcp spts:1024:65535 dptop3s LOG level warning prefix `s-pop3 connect:' ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dptop3s ACCEPT 0 -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT icmp -- anywhere anywhere icmp destination-unreachable LOG 0 -- anywhere anywhere LOG level warning prefix `rejected packet:' DROP 0 -- anywhere anywhere