In my opinion the correct strategy for pretty well any system manager is to put # Deny everything not explicitly allowed in hosts.allow ALL: ALL in /etc/hosts.deny, then figure out what you need in hosts.allow to make services work. This way you may lose a service for an hour or so while you experiment with different service names; the other way you can very easily end up running an unprotected service for ever because you have made a mistake. This certainly applies to workstation managers who are unlikely to want to run services anyway, and it applies to managers of important servers who are very serious about security. So, a request to SuSE: how about changing the default? You could distribute a well-documented hosts.allow which made it pretty well impossible to choose the wrong service name. Regards, Bob ============================================================== Bob Vickers R.Vickers@cs.rhul.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhul.ac.uk/home/bobv Phone: +44 1784 443691