Hi, I'm having a small problem upgrading my SuSEfirewall2 from V1.6 to V2.1. As we know, it is not possible to connect to the external IP of the Firewall from the inside (in my case masqueraded) network. Thanks to this mailing-list, I found out you had to add following line to your custom-rule-file: fw_custom_before_antispoofing() { iptables -A INPUT -i eth0 -s 172.20.30.40/29 -d 212.186.214.227 -j ACCEPT true } In V1.6, this worked perfectly. In V2.1, it does not. The log says: Dec 27 22:00:23 chello212186214227 kernel: SuSE-FW-NO_ACCESS_INT->FWEXT IN=eth0 OUT= MAC=00:02:44:0d:30:ac:00:02:44:0d:30:ab:0 8:00 SRC=172.20.30.42 DST=212.186.214.227 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=49600 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=4100 I would be glad if you could help me out... regards, Florian Pressler _________________________________________________________________ Werden Sie Mitglied bei MSN Hotmail, dem größten E-Mail-Service der Welt. http://www.hotmail.com/de