Hello Folks, So, just offering my opinion on what I personally feel is an "issue" for OpenSUSE with regards to its firewall. Currently, SuSEFirewall2 invokes ip(6)tables each time it needs to add a rule - this goes completely against what is advocated by the Netfilter developers as it is not atomic and is costly in terms of performance; iptables-restore on the other hand, is atomic and restores everything in one fell swoop. Additionally, whilst SuSEFirewall2 does provide for allowing you to configure your own rules, it's not particularly robust, nor supported. Thus, my suggestion is as follows: Modify SuSEFirewall2 so that rule building happens *once* and from that point, ip(6)tables-save and ip(6)tables-restore is all that gets used. SuSEFirewall2 need only do a rebuild if the rules are modified. Doing it this way carries the benefit that initialisation of Netfilter at bootup will be far more efficient. It also has the benefit that any advanced user is free to customise their iptables ruleset as they see fit, currently, the only other way I have found to do that is dragging across iptables scripts from Enterprise Linux and disabling SuSEFirewall2. Regards, Oliver -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org