Hi All, I have just installed 7.3 for sparc and would like to ask about iptables. Say I have only two services running, SSH and HTTP and I configure my iptables like such: <do the relevant flushing and chain creation> iptables -A http-ac -p TCP -s 172.16.0.0/0 -d $myhost --dport 80 -j ACCEPT iptables -A http-ac -p TCP -s 0/0 -d $myhost --dport 80 -j REJECT Basically I am accepting anything from class B and denying the rest. iptables -A ssh-ac -p TCP -s 172.16.0.0/0 -d $myhost --dport -j ACCEPT iptables -A ssh-ac -p TCP -s 0/0 -d $myhost --dport 22 -j REJECT If I do an NMAP I get Port State Service 22/tcp open ssh 80/tcp open http Now what I want to ask is, is my firewall safe? Meaning, There are thousands of ports "available" but not listening and all I am doing is rejecting and allowing on those that are listening and "ignoring" the rest. If I open an x-window I notice that port 6000 becomes visible. Does this then mean that while ports are being opened by other applications I am at risk? But if the above two services are all that run, then I should be fine right? If I add one line to my firewall such as iptables -A INPUT -j REJECT then if someone were to install something on the maching on port 8989 for instance or if my x windows was running, it would help right? The reason why I am asking, is because I have tried adding the top two rules plus the "reject everything else" rule and I notice problems in sending mail from cron jobs, dns entries to port 53 denied (in the logs), etc. What UDP ports should I be blocking? Is there a list out there somewhere? And last Q, the protocols that iptables allows are ONLY icmp, udp and tcp - am I right in understanding this from all the docs I read? Thanks for the help!! Rgds Terence