I've been lurking around for a while and followed this discussion with interest. I have the problem here that reloading the firewall rules after connecting to mu ISP takes so long (about 12-15 seconds), that for instance my DNS times out and gives up because the firewall is dropping the responses which it should get. Yes, I know that upgrading to a more powerfull computer might also fix this delay, but I hate to upgrade the 'ol Pentium 133 which handles internet traffic via ISDN, just because reloading the firewall rules takes too long, while it is running idle most of the time (even once the connection is established and the firewall rules are reloaded). What puzzles me, is how filtering based on information received from my ISP (the local IP) might give additional protection against a spoofing via the same ISP. If someone manages to attack the servers at my ISP and manages to spoof an address, how can I trust ANYTHING which is coming from there. In this case, the local IP which is handed out via DHCP. I bluntly changed the SuSEfirewall2 script to allow traffic with a local destination for any of the local IPs I might get (a query to whois gave me all local addresses I may get from my ISP) even before the connection is made. As long as the destination is within this range, this prevents me from having to reload the firewall rules when I connect to my ISP. I don't expect my ISP to change this range very frequently, so this should (and does so far) work most of the time. Am I missing something important here? Regards, Arjen