I have a sudden need to firewall a machine to allow a list of ports to a list of subnets. FW_SERVICES_EXT_TCP="ftp ftp-data ssh smtp domain http pop3 sftp netbios-ns netbios-dgm netbios-ssn ldap https smtps rsync ftps-data ftps imaps pop3s sunrpc" FW_TRUSTED_NETS=<8 distinct class C networks> So effectively I want to say, "Only trusted nets get anything, and then only services on the list". Trouble is, using the trusted nets concept I have to list the entire cross product, every possible combination. Without that uglyness, can I do it within SuSEFirewall2 or am I down to ipchains? TIA, michaelj -- Michael James michael.james@csiro.au System Administrator voice: 02 6246 5040 CSIRO Bioinformatics Facility fax: 02 6246 5166