Hi Jürgen,

checking my logs today I found that my firewall accepts some (not all!) packets to TCP high ports, although I thought I had them all closed. The firewall script is the latest update for 8.1, the system is SuSE 8.1 with all current patches installed. Any ideas? Maybe the packets in your log are answer packets to a connection your computer initiated. Guess your computer initiates an ftp connection to some computer in the internet. The destination port is the port 21 of the ftp server, and the source port is e.g. port 1234 of your computer. So the answer packet from the ftp server has source port 21, and the destination port is the port 1234 of your computer. Do you want the firewall to drop this packet? Bye Uli -- Ulrich Roth IMPACT Business & Technology Consulting GmbH Im Mediapark 8 / KölnTurm D-50670 Koeln Phone +49-221-93 70 80-29 Fax +49-221-93 70 80-15 E-Mail: roth@impact.de