Hi, I'm in trouble with firewals-2.6-33 and ipchains-1.3.9-173 (SuSE7.0). I like to run bind9 on the firewall and this are the settings from /etc/rc.config.g/firewall.rc.config: FW_DEV_WORLD="ippp0" #FW_DEV_WORLD_ippp0="192.168.2.99 255.255.255.255" # e.g. for exernal interface ippp0 FW_DEV_INT="eth0" FW_DEV_INT_eth0="192.168.0.4 255.255.255.0" # e.g. for internal interface eth0 FW_DEV_DMZ="" #FW_DEV_DMZ_eth1="192.168.1.1 255.255.255.0" # e.g. for dmz interface eth1 FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_NETS="192.168.0.0/24" FW_MASQ_DEV="$FW_DEV_WORLD" # e.g. "ippp0" or "$FW_DEV_WORLD" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_GLOBAL_SERVICES="yes" # "yes" is a good choice FW_SERVICES_EXTERNAL_TCP="smtp domain" # Common: smtp domain FW_SERVICES_EXTERNAL_UDP="domain" # Common: domain FW_SERVICES_DMZ_TCP="smtp domain" # Common: smtp domain FW_SERVICES_DMZ_UDP="domain syslog" # Common: domain syslog FW_SERVICES_INTERNAL_TCP="ssh smtp domain www 3128" # Common: ssh smtp domain FW_SERVICES_INTERNAL_UDP="domain" # Common: domain FW_TRUSTED_NETS="" FW_SERVICES_TRUSTED_TCP="" # Common: ssh FW_SERVICES_TRUSTED_UDP="" # Common: syslog time ntp FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" # Common: "ftp-data" (sadly!) FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" # Common: "dns" FW_SERVICE_DNS="yes" # if yes, FW_SERVICES_*_TCP needs to have port 53 FW_SERVICE_DHCLIENT="no" # if you use dhclient to get an ip address FW_SERVICE_DHCPD="no" # set to "yes" if this server is a DHCP server FW_SERVICE_SAMBA="no" # set to "yes" if this server uses samba as client FW_FORWARD_TCP="" FW_FORWARD_UDP="" FW_FORWARD_MASQ_TCP="" FW_FORWARD_MASQ_UDP="" FW_REDIRECT_TCP="" FW_REDIRECT_UDP="" FW_LOG_DENY_CRIT="yes" FW_LOG_DENY_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="yes" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_FW_TRACEROUTE="no" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_MASQ_MODULES="autofw cuseeme ftp irc mfw portfw quake raudio user vdolive" But starting the firewall-script leads to this errors- Starting Firewall Initialization: (final run) /sbin/ipchains: invalid port/service `1024 blackjack 1024 blackjack 1024 blackjack 1024 blackjack 1024 blackjack' specified Try `/sbin/ipchains -h' or '/sbin/ipchains --help' for more information. Whats going wrong? Yours Thom -- Experience is directly proportional to the value of equipment destroyed. -- Carolyn Scheppner ------------------------------------------------------------------- bye bye (c) by Thom | Thorsten Marquardt | EMail: THOM@kaupp.chemie.uni-oldenburg.de | Member of the pzt project. | http://www.pzt.de -------------------------------------------------------------------