This may be quite basic for some of you. I'm using my own firewall script on a Suse 8.2P box. See below. Clients can connect and login but when a command like LS or GET is given, nothing happens. It seems data transfer is not possible. It doesn't make a difference whether passive mode is used or not. When I add a line to the script like this: IPTABLES -A INPUT -p tcp -s A.B.C.D -j ACCEPT then client with IP =A.B.C.D can transfer data. Of course this is not what I want because it is a potential risk. Any help will be appreciated. Regards, Jeroen Taalman Anywise This is the script I use: #!/bin/sh iptables -F # iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # # set defaults (policies) # iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP # # use connection state to bypass rule checking iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # # allow these ports iptables -A INPUT -p tcp -s 0/0 --dport 22 -j ACCEPT # SSH iptables -A INPUT -p tcp -s 0/0 --dport 20 -j ACCEPT # FTP iptables -A INPUT -p tcp -s 0/0 --dport 21 -j ACCEPT # FTP iptables -A INPUT -p tcp -s 0/0 --dport 25 -j ACCEPT # SMTP iptables -A INPUT -p tcp -s 0/0 --dport 80 -j ACCEPT # HTTP iptables -A INPUT -p tcp -s 0/0 --dport 443 -j ACCEPT # HTTPS iptables -A INPUT -p tcp -s 0/0 --dport 1984 -j ACCEPT # BB c2s iptables -A INPUT -p tcp -s 0/0 --dport 3306 -j ACCEPT # MySQL iptables -A INPUT -p tcp -s 0/0 --dport 3310 -j ACCEPT # MySQL iptables -A INPUT -p tcp -s 0/0 --dport 5222 -j ACCEPT # Jabber c2s iptables -A INPUT -p tcp -s 0/0 --dport 5269 -j ACCEPT # Jabber s2s iptables -A INPUT -p tcp -s 0/0 --dport 10000 -j ACCEPT # Webmin # # syn flood protection iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT # # furtive port scanner iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT # # ping of death iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT iptables -A INPUT -p icmp --icmp-type echo-request -j DROP