Hi, I just have a suggestion for ghostwall. 1) The blocked connections log for TCP, UDP, ICMP, and RAW can be combined into one log. I don't think there is a real need to have 4 different logs for that. If they were combined it would be less confusing, plus we would still be able to identify which is which because it would state that in the "TYPE" column. 2) What I think would be really useful is a log for allowed connections as well. I just made a careless rule that was to "loose" and it was allowing more connections than it should have. If I had an allowed log I would have noticed that and tightened up the rule. Another great feature to the logs would be an additional column that displays the rule that triggered the event. For example, i have a rule called "test", and this rule caused some connection to be blocked or allowed... whatever the case may be. In the log, the last colum should tell me that this event was triggered because of the rule "test".