Hi all, I am looking to modify Tomato's egress filtering rules to change things from the default ACCEPT all and block specifics, to DENY all and allow specifics. Basically I want to have more outgoing control. In addition, I need to allow only specific devices/MACs access to the the WAN - this can be easily done in the access restrictions section. I have tried adding custom iptables rules to the 'firewall' script section (adding to the 'restrict' chain) with great results. Unfortunately this seems to break port forwards. If anyone is intimate with the iptables chains in Tomato, or has some suggestions on how to accomplish this (mods?), I would greatly appreciate any suggestions or feedback. Thanks in advance and Merry Christmas to all! EDIT: I want to block all outgoing Net access for internal LAN users except the following: TCP 25, 80, 443, 465,587 and a few others. The only way I can think of to deny ports other than these is to create a bunch of 'deny ranges'. This would do the job, but make adding new ports more troublesome.