Thanks, but I'm not really after the exact configuration of iptables here (even though it's good to know), more the answer to; if it is possible. I'm not sure that the computer will be undetectable in a lan if you merely block all output on the interface. (Yes of course it's just to follow the cable from the hub/switch but I'm interested in iptables here ) Are all packets transported via the ip-tables chains in linux? Are there absolutly none that the kernel sends anyway (really low level stuff) or can be tricked into sending? If so; would it be possible for anyone to put up a linux box running a sniffer for example ethereal and by blocking all output with iptables be undetectable by the other connected computers?