Geo, The problem is simple. If you put in a single route-map entry 2 matchs entries, it must match both of them to set the interface to Null0. If you'd like to match all ICMP packets and also 92 lenght packets, try to do this: route-map nachi-worm permit 10 match ip address 199 set interface Null0 ! route-map nachi-worm permit 10 match length 92 set interface Null0 ! Good luck, tell me how it works. Luckas.- -----Mensaje original----- De: Geo. [mailto:georger@getinfo.net] Enviado el: Viernes, 22 de Agosto de 2003 01:17 p.m. Para: nanog@merit.edu Asunto: Cisco filter question Perhaps one of you router experts can answer this question. When using the cisco specified filter access-list 199 permit icmp any any echo access-list 199 permit icmp any any echo-reply route-map nachi-worm permit 10 ! --- match ICMP echo requests and replies (type 0 & 8) match ip address 199 ! --- match 92 bytes sized packets match length 92 92 ! --- drop the packet set interface Null0 interface <incoming-interface> ! --- it is recommended to disable unreachables no ip unreachables ! --- if not using CEF, enabling ip route-cache flow is recommended ip route-cache policy ! --- apply Policy Based Routing to the interface ip policy route-map nachi-worm why would it not stop this packet