Hi list! SuSE Linux 8.1, SuSEfirewall2-3.1-26 I'm trying to ping and traceroute from the internal masqueraded net. But the internal masq. net should only ping/traceroute, nothing else. The problem is that in FW_MASQ_NETS only tcp and udp are accepted, icmp is not. Why? So setting FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="yes" and FW_ALLOW_FW_TRACEROUTE="yes" isn't enough, the internal net isn't masqueraded as it should. I would like to do something like FW_MASQ_NETS="192.168.1.0/24,0/0,icmp" but SuSEfirewall2 will throw an error on this: lines 1583 to 1586 from /sbin/SuSEfirewall2: 1583 test "$PROTO" = tcp -o "$PROTO" = udp || { 1584 echo "Error: The protocol with FW_MASQ_NETS must be tcp or udp -> $NETS" 1585 NET2="" 1586 } Any ideas how to do this? Would it be possible to extend the script to allow also icmp as a valid protocol? Thanks, Richard -- Richard Ems ... e-mail: r.ems@gmx.net ... Computer Science, University of Hamburg Unix IS user friendly. It's just selective about who its friends are.