Hi, I have configured iptables server on server1 (192.168.0.1/24). Now I want to allow user root on server1 to be connected to network and all other users on server1 will not be able to ping other PCs. So I did this: -------------------------------------------------------- #iptables -F #service iptables stop #iptables -A OUTPUT -m owner --uid-owner 0 -j ACCEPT #iptables -A OUTPUT -j DROP #iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere OWNER UID match root DROP all -- anywhere anywhere -------------------------------------------------------- Still other users including root can ping other PCs. Why is this not working? Also I have some diffulties understanding Connection Tracking(NEW, ESTABLISHED, RELATED, INVALID) concept. Can any one help me? Any practical guide available on internet for iptables??? TnR, Hiren