Hello, I just blocked a range of ports via firewall2-custom.rc.config, just as an example: for target in DROP; do for chain in input_ext input_dmz input_int forward_int forward_ext forward_dmz; do iptables -A $chain -j $target -p tcp --dport 4000:6000 done done the used section is fw_custom_before_port_handling. The iptables syntax seem to be okay, but if I do this and connect to the ISP SuSEfirewall2 seem to block every incoming connection, so the connections seems to be "dead", though establishing the connection is okay. When blocking a single port e.g. with iptables -A $chain -j $target -p tcp --dport 4001 it works fine and no problems occur. So, is there a known problem when blocking a whole range of ports with the "X:Y" syntax of iptables and SuSEfirewall2 ? The used version is SuSEfirewall2 2.1. Thanx Malte