Hi, I've posted about my problem that I couldn't ping my linux whatever my shorewall config was. In fact my file /proc/sys/net/ipv4/icmp_echo_ignore_all had a 1 into it. Is it a shorewall bug to let it filled even if my policy accepts all even icmp ? Anyways now it works! GREAT!!!