> 192.168.1/24 is not a valid netmask huh? In linux and BSD I always use 192.168.1/24 (how shortcut of 192.168.1.0/24) and so on... > hint: using /24 everywhere is nonsense why? My goal is allow 192.168.1.0/24 (net) and deny 192.168.1.50 (host) thanks Pol