Hi!
well, I have had good feedback from SUSE and other users of the Japanese language server, Canna. As far as security at a software level is concerened, I think it is secure. However, it still shows as an open port 5680 when tested with nmap. I have been told that while the software settings are secure, if I want to make it invisible to nmap, I would need kernel level firewalling.
What about using ipchains directly for that job? (untested) ipchains -A input -s 127.0.0.1 -d 127.0.0.1 5680 -p tcp -i lo -j ACCEPT ipchains -A input -d 127.0.0.1 5680 -p tcp -j DENY ipchains -A input -d xxx.xxx.xxx.xxx 5680 -p tcp -j DENY (Replace xxx.xxx.xxx.xxx with your ethernet-ip-address) These commands deny all tcp-access to your local port 5680, if not from your localhost. -- MfG, Chr. Erpelding ce-data Datentechnik