I am trying to restrict ports below 1024 on my internal network interface. In /etc/sysconfig SuSEfirewall my configuration says: FW_MASQ_NETS="192.168.100.0/24,0.0,tcp,1024:65535" When I restart SuSEfirewall the logs show: rcSuSEfirewall2 restart Starting Firewall Initialization (phase 2 of 3) iptables v1.2.9: invalid TCP port/service `65535' specified Try `iptables -h' or 'iptables --help' for more information. iptables v1.2.9: invalid TCP port/service `65535' specified Try `iptables -h' or 'iptables --help' for more information. iptables v1.2.9: invalid TCP port/service `65535' specified This happens with any port or portrange I choose. I tried also FW_MASQ_NETS="192.168.100.0/24,tcp,1024:65535" as described in the SuSE examples. In this SuSEfirewall complains: The protocol with FW_MASQ_NETS must be tcp, udp or empty-> 192.168.100.0/24,tcp,1024:65535 Thanks for any advice! Best wishes Enrique -- Dirk Enrique Seiffert CaribeNet S.A. - Cartagena - Colombia www.caribenet.com