Hi all and Roman specifically. As some of you may have already noticed, the FTP connection tracking in iptables/netfilter, the packet filtering code in the 2.4 kernels, is subject to a nasty bug, that, similarly to the Check Point and PIX issues last year, potentially renders the packet filter completely useless as arbitrary connections from an FTP server can be established. Those interested in the details can check out: http://netfilter.samba.org/security-fix/index.html. The netfilter crew have made a patch available that alleviates the issue, but it is for kernel 2.4.3 and not 2.4.2, which is the latest available from and officially supported by SuSE. In the light of this IMHO significant security issue, are SuSE planning on releasing a patched version of a 2.4 kernel anytime soon? I know that you don't recommend 2.4 for production machines yet, but that should not IMHO lead to delays in the distribution of fixes for important security issues such as this. Regards, Tobias Reckhard -- Tobias Reckhard secunet Security Networks AG Tel : +49(6196)95888-42 Mergenthalerallee 77 Fax : +49(6196)95888-88 D-65760 Eschborn E-Mail: reckhard@secunet.de