Hi. Some problems/features/questions: System: SuSEfirewall v2.6, eth0 to the internet (cable modem), eth1 to internal network (192.168.x.x/24). 1. FW_SERVICE_DHCLIENT= yes fw rule:$IPCHAINS -A input -j "$ACCEPT" -p udp -s 0/0 67 -d 255.255.255.255/32 68 $LAA packets denied from my cable provider: input DENY eth0 PROTO=17 gateway.cable:67 eth0-ip:68 my rule:$IPCHAINS -A input -j "$ACCEPT" -p udp -s 0/0 67 -d 0/0 68 $LAA Is the cable provider sending invalid packets: having my interface ip specified when it should be 255.255.255.255 ? Or should the rule be as I modified? 2. I have dhcpd to the internal network, but not to the internet: FW_SERVICE_DHCPD=no and START_DHCPD=yes If START_DHCPD = yes, dhcp is allowed for BOTH the internal and internet interfaces. There should be a different setting for internal/external dhcpd and START_DHCPD should be ignored. As I have FW_PROTECT_FROM_INTERNAL="no", I removed the test for START_DHCPD 3. Why this rules with ippp0 hard coded ? $IPCHAINS -A forward -j "$DENY" -d 10.0.0.0/8 -i ippp0 $IPCHAINS -A forward -j "$DENY" -d 192.0.0.0/8 -i ippp0 I removed them from from the script, as there is already in place a rule denying packets from the net to 192/8. Carlos ---- Carlos Costa e Silva <ceccs@keysoft.pt> Keysoft Lda Lisboa - Portugal