Greetings to all, could you please help me with some pointers - I'm a relatively fresh user of firewall2 and perhaps I'm getting some basic things wrong. The firewall is on a workstation with just one connection (eth0) and is used as a packet-filter. I want to allow a service to be accessed only from trusted hosts - let's say the NTP (Network Time Protocoll - port 123) should only be allowed (via upd) to IP a.b.c.d (say the server I want to synchronize with). Hence in /etc/rc.config.d/firewall2.rc.config I set FW_TRUSTED_NETS="a.b.c.d,udp,123" But then the packets are dropped with the log Dec 23 12:38:22 k2 kernel: SuSE-FW-DROP-DEFAULTIN=eth0 OUT= MAC=blahblah SRC=a.b.c.d DST=m.y.i.p LEN=76 TOS=0x00 PREC=0x00 TTL=233 ID=56172 DF PROTO=UDP SPT=123 DPT=123 LEN=56 The packets get only thru when I add the ntp-port to the DMZ-Services with FW_SERVICES_DMZ_UDP="ntp" and add eth0 as the DMZ-device with FW_DEV_DMZ="eth0" But now (I think) the service is accessible to everyone, the whole internet became the DMZ, and specifying the FW_TRUSTED_NETS is not needed at all - or am I wrong? Thanks for any help or pointer. Michael