Hi, While going over the last things for the DMZ server I found a part which I do not understand there copule of hardcoded areas like line 841 in SuSEFirewall 5.1 I have only enabled www and https and allowed ping for external and for trusted IP I have enbaled ssh. Why these hardcoded line are necessary I do not understand. if it was 1024:65535 it would have made more sense to me, as these are safer (relative to 600:65534). # This sucks, we need this rule so we can receive data ... hello stealth scan for i in $DEV_INT $DEV_DMZ $DEV_WORLD; do $IPCHAINS -A input -j "$ACCEPT" -p tcp -d $i 600:65535 '!' -y $LAA done and here why ftp-data port is hard coded for i in $DEV_INT $DEV_DMZ $DEV_WORLD; do $IPCHAINS -A input -j "$ACCEPT" -p tcp -d $i 20 '!' -y $LAA done I know I can change these entries but rather then doing them blindly I would like understand the reasoning Thanks -- Togan Muftuoglu