Hi, I'm using the SuSEfirewall2 script V2.1 on a machine which is running e.g. leafnode on port 119, no connection from the internet on port 119 should be allowed. A normal home user's machine so to say. Leafnode is protected with the tcpd wrapper, nevertheless, I'm curious why SuSEfirewall2 seems to accept packages on port 119, although it shouldn't. FW_SERVICES_[EXT,DMZ,INT]_[TCP,UDP] are set to "" FW_AUTOPROTECT_SERVICES="yes" When I telnet the machine, packages go through SuSEfirewall2 and tcpd refuses the connect, but I expected SuSEfirewall to block any traffic on port 119, why doesn't this happen ? I expected so see something like "SuSE-FW-DROP Default IN=ppp0 ... SRC=... DST=... SPT=... DPT=119" that doesn't happen. Now, how does SuSEfirewall2 handle ports < 1024 which are not mentioned in the preferences, traffic on port 119 seem to be accepted, though nowhere allowed. I don't want the tcpd to be the "last line of defense", I'd like to get this traffic blocked by the SuSEfirewall2. The same applies e.g. to the IPP protocol (CUPS printer system) on port 631, if I telnet it, okay the connection is refused, but theres no "SuSE-FW-DROP Default IN=ppp0 ... SRC=... DST=... SPT=... DPT=631" appearing which I expected to see, with port 80 this works ! Any connection attempt causes a "SuSE-FW-DROP Default IN=ppp0..." message. SuSEfirewall2 V 2.1 from www.suse.de/~marc/SuSE.html on a SuSE 7.3, Kernel 2.4.19, iptables v1.2.2 Thanx Malte