Hi -- My system specs: Small LAN, mixed Windows and SuSE Linux 7.1. One box is directly connected to the Internet via a cable modem, performing firewall and masquerading duty for the other machines on the system. This box is running the kernel from k_i386-2.4.16-34.i386.rpm. It also runs SuSEfirewall2 (2.1.0) and ICSA DHClient (from the 7.1 distribution CDRom). When it's working, it works very well. My problem: When the DHCP lease times out, the firewall box can't acquire a new one. It appears that the firewall's anti-spoofing rules are blocking the DHCP server's reply. At the time when this happens, I get numerous SuSE-FW-DROP-ANTI-SPOOFING messages with source port = 67 and destination port = 68. At this point, I lose all Internet connectivity until I reboot the firewall box. My configuration includes FW_SERVICE_DHCLIENT="yes". Although I have a reasonable theoretical understanding of iptables, I have to admit that the SuSEfirewall2 script, especially in the area of antispoofing, is well beyond me. If anyone can help with this, I'm all ears. Thanks, -- Alan Hadsell "Whatever does not kill me makes me stranger".