I just moved to Tomato from ISA Server. Wow, QOS is great. I am making progress getting everything working, but I've never used IPTables before. I need to have a server completely blocked from the Internet, EXCEPT allow NTP. NTP: udp port 123. LAN server address is 192.168.0.4 The NTP server it needs to access is (fictional) 18.104.22.168. I did a block-everything rule in the gui, but I haven't been able to figure out how to form the rule for IPTables to allow this port through to the server, or where to put it. (Firewall script?). If anyone could kickstart me going, I would really appreciate your help.