iptables-save on rhel5 outputs: -A RH-Firewall-1-INPUT -s 12.3.4.5/255.255.0.0 -p tcp -m tcp -j ACCEPT whereas rhel6 outputs -A RH-Firewall-1-INPUT -s 12.3.4.5/16 -p tcp -m tcp -j ACCEPT Wanting to normalise iptables-save to one form or the other (preferably using the dotted quad netmask), the best I can come up with is a line by line grep (for optimisation perhaps, since a match wont happen often) for /<number> and then extract the number, pass to cidr2mask, and replace /<number> in that line (this is part of a self contained shell script that will be executed on the fly on another host, so I'd rather not rely on anything that isn't already in RHEL, ie no writing a perl sript myself unless it's a one liner perl -e thing). What flag to iptables-save am I missing where it does this for me? -- Tim Connors