Hi I use a box with suse linux 7.1 and kernel 2.2.x to connect a small network via DSL to the internet. I use the SuSEfirwall script in version 4.3 and it works fine. The problem is named when I install named as caching-only nameserver and have the option FW_AUTOPROTECT_GLOBAL_SERVICES = "yes" in my firewall.rc.config the script will generate a rule to block the high-port on which named is expecting the answer. I have set FW_ALLOW_INCOMING_HIGHPORTS_UTP = "yes", but the rule to block the port is generated before the ACCEPT 1024- 65355 rule. What's my mistake ? Greeting Manfred Meerkötter Gönnheimer Elektronic GmbH Dr. Julius Leber Str. 2 67433 Neustadt Tel. 06321/49919-13 Fax. 06321/49919-41