Looking for a way to block those 404 hoppers I match the outgoing packages from sport 80 for the string 404. Now that I have those classified I needed a way to block them when they would return. Normaly i would use the recent module for this. But as its a outgoing packet and recent normally uses the source ip I would block myself to come back in. But the man pages has the --rdest option which matches/saves on the destination ip. That would be cool but I would need it to block on the incoming package....