Hi,
Starting Firewall Initialization: (phase 3 of 3) iptables v1.1.2: Unknown arg `--syn' Try `iptables -h' or 'iptables --help' for more information.
iptables v1.1.2: Unknown arg `--sport' Try `iptables -h' or 'iptables --help' for more information.
iptables v1.1.2: Unknown arg `--syn' Try `iptables -h' or 'iptables --help' for more information.
iptables v1.1.2: Unknown arg `--sport' Try `iptables -h' or 'iptables --help' for more information.
iptables v1.1.2: Unknown arg `--syn' Try `iptables -h' or 'iptables --help' for more information.
iptables v1.1.2: Unknown arg `--sport' Try `iptables -h' or 'iptables --help' for more information.
Well, unfortunately I can't find SuSEfirewall2, but it seems that these extensions are used in rules, where the protocol isn't defined. It's a prerequisite to tell iptables the protocol, otherwise these extensions won't work. The --syn option for example only makes sense, if it's checked against a tcp-package, but not for udp-packages. Examples iptables -A INPUT -i ppp0 -p tcp --sport 1024:65535 --dport 25 -j ACCEPT [THIS WOULD WORK}] iptables -A INPUT -i ppp0 --sport 1024:65535 --dport 25 -j ACCEPT [THIS WOULD NOT WORK}] This is something that should be doublechecked with the script itself, not with your config file. Greetings, Bodo