None of the examples configuring SuSEfirewall appear to really address my configuration, which leads me to believe: a) I'm doing something stupid, or b) the examples should be updated to include a similar config. I'm running SuSE 7.2 on a machine with a single ethernet interface to my LAN where I have a DSL Router (Cayman 3220-H) providing access to the internet. I wish to protect this machine from internet-based attacks while allowing inbound http and smtp access. However, I also want machines on the LAN to have greater access (i.e. access to Samba services, telnet, ftp, etc.). What I've done is configured one interface (the external, untrusted interface -- name my ethernet LAN eth0). And I've allowed http, smtp, and domain access using FW_SERVICES_EXTERNAL_TCP="www smtp domain" FW_SERVICES_EXTERNAL_UDP="domain" And, in order to allow local machines on my LAN to access other services, I've explictly listed those machines and services under FW_SERVICES_TRUSTED_ACL My LAN is configured with a netmask of 255.255.255.248 (which corresponds to the number of static IP addresses allocated to me by my DSL provider). Assuming I want all machines on the LAN to have the same access to the Linux server, and that my net's address is aaa.bbb.ccc.ddd, should I use: FW_SERVICES_TRUSTED_ACL=aaa.bbb.ccc.ddd/29,tcp,xxx etc. or list each host,prototol,port explictly, or should I list aaa.bbb.ccc.ddd/29 under FW_TRUSTED_NETS? What is the "right" way to consider all the machines on the LAN as trusted but also have my external DSL gateway/router on that same LAN? And should I treat the ip address that corresponds to the Router specially, since it appears to be directly accessible from the internet and lies within my LAN address range? Thanks much. -- Eric