Ken after Mike: > > No one has mentioned this, but the way I understand it is that > > specifying the @ will let any node on the network attempt to > > connect to the HP3000. This can be VERY significant in terms > > of security. > > Yup..... That's why we took the "@" sign out again shortly after > putting it in. By using the right level of subnet masking we were > able to specify the valid IP ranges for all our users without going > to pages and pages of individual entries. It's a nice security > "feature": If the user's IP address is not in the configured range, > all they get in response from the 3000 is.....: silence. The "@" sign in the router config in NMMGR and all the fancy subnet masking there do not have any effect on who can send packets *to* the 3000. It only controls whether the 3000 knows where to direct *replies* to these packets. Removing the "@" sign (i.e. not having a default gateway) will do nothing to protect the system from UDP datagrams, broadcast messages of various types, pings o' death, short shameful connections, etc. G.