Now and them I see strange log entries like this, coming from dns servers: Jun 12 13:27:48 nimrodel kernel: SuSE-FW-ILLEGAL-TARGET IN=ppp0 OUT= MAC= SRC=192.203.230.10 DST=81.41.200.5 LEN=124 TOS=0x00 PREC=0x00 TTL=44 ID=24563 PROTO=UDP SPT=53 DPT=1024 LEN=104 (repeated four times within one second) If I reverse search for the name, I find that: cer@nimrodel:~> host 192.203.230.10 10.230.203.192.in-addr.arpa. domain name pointer E.ROOT-SERVERS.NET. This port is marked as: # 1024/udp Reserved Now, what on earth (pardon me!) is that machine - a dns root server of all things - trying to send to that port? Should I open it on the firewall? My machine doesn't have a permanent network connection, but a V90 modem now and then. I have bind9 set up as a cache (forwarding queries to my ISP, then to the root servers if that fails), with SuSE 8.1. -- Cheers, Carlos Robinson