Hi list, as a newbie to Linux I decided to use SuSEpersonal-firewall for simplicity reasons. Works fine on a T-DSL line with dial-on-demand. To learn how the fw works i looked at the output of iptables -L . Now, after some days i looked again and found that the "forward" rules get longer and longer. I am not sure, but my guess is that for each dial-up a new line is added. The line is: Chain FORWARD (policy ACCEPT) target prot opt source destination TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU and on and on, 40 lines at last count. Does anybody know the reason for this? Has this something to do with how the script for the pers. fw is invoked at each dial-up? Thanks, Ekki