Hi to all. I have some troubles with ipset. Maybe I do something wrong (of course!), but cant get it working. First of all, I've tried to change a bit this script https://github.com/RMerl/asuswrt-merlin/wiki/Using-ipset#peer-guardian I've got this one: http://pastebin.com/vA8d0gAx 'banlist' is my list of undesireble IPs. I dont want them go to my little web-site inside of my network behind a router. Just portforwarding for 80 port. That's why I use the PORTFORWARD iptables chain. I guess it's right. For now, when I do 'ipset -L', I see my list of undesireble IPs. Let's say it's ok. But when I manually enter Code: iptables -I FORWARD -m set --set banlist src -j DROP iptables -L shows the following Code: Chain FORWARD (policy DROP) target prot opt source destination DROP all -- anywhere anywhere set banlist src And internet dies. Even no pings until i delete recent rule. How can I get it done right way? One script, one ipset list just block them all. 'banlist' is just a file with the only column. One IP per every string. Perhaps I need to drop packets from those IPs earlier than in FORWARD chain? They create very huge amount of traffic Thanx in advance!