Betcha dollars to donuts you got a rogue dhcp server In-house. Unless you hung a machine on the wrong side of the firewall its most probable that it is infact comeing from your network.
Ports? We don't need no stinkin ports...
Some ports seems to stink (ok - higher ip rev) cat /etc/services | grep -i dhcp ?? /sbin/SuSEfirewall2 snip ------ ###################### # Allow DHCP replies # ###################### test "$FW_SERVICE_DHCLIENT" = yes && { $LAA $IPTABLES -A INPUT -j LOG ${LOG}-ACCEPT -p udp --sport 67 -d 255.255.2 $IPTABLES -A INPUT -j "$ACCEPT" -m state --state ESTABLISHED -p udp --spor } test "$FW_SERVICE_DHCPD" = yes && { $LAA $IPTABLES -A INPUT -j LOG ${LOG}-ACCEPT -p udp --sport 68 -d 255.255.2 $IPTABLES -A INPUT -j "$ACCEPT" -m state --state NEW,ESTABLISHED -p udp -- } ----- snap shows that udp-ports 67/68 are involved. Pleaze enlight us ! They smell ! :O)_ Michael Appeldorn PS: Me german (as you can read) - so what means : Betcha dollars to donuts ?