I posed this questin a few days ago. I got no response, so I've been digging, and maybe I can ask a slightly different question. System: SuSE 6.4 running SuSEfirewall 4.2 Symptom: Output DENY messages when sending mail. I've also sometimes seen these directed at my ISP's DNS servers. When sending mail, I get four repetitions of the following, but the mail goes thru: output DENY ppp0 PROTO=1 my.ip.ad.dr:3 isp.smtp.ip.addr:3 L=108 S=0xC0 I=5893 F=0x0000 T= After reading thru SuSEfirewall, I discovered that the messages disappear when I set FW_ALLOW_FW_TRACEROUTE = "yes" , although my reading of the script looks like they're still being denied by the '# deny all other type 3' rule, which isn't logged. So it's transparent, with the same effect. I tried hacking the script, moving the $DENY port-unreachable $LDC just outside the bracket, and changing it to $ACCEPT port-unreachable $LAC. Now I can turn off FW_ALLOW_FW_TRACEROUTE again. I'm still invisible to traceroute, and sending mail gives me just one message in the log: output ACCEPT ppp0 PROTO=1 64.79.87.98:3 64.79.64.32:3 L=108 S=0xC0 I=26218 F=0x0000 T=255 (#3) The destination address is my ISP's mail relay host. So now my mail is going out without the delay of waiting for four timeouts. But I still have the question of what is going on here? I have not been able to find any documentation of the various parameters displayed with the log message. What port is my ISP's mail host trying to connect to, and why? Is this normal smtp behaviour? Can someone point me to the RFC that defines all the ICMP sub-types? -- Rick Green