Hi I am new to the list but I have gone through archives and several internet resources before, but I can't find a detailed answer, so I am asking ... I have a machine running SLES7 (fully updated), which has only one ethernet interface (eth0). The machine is running SAP and Oracle and I want to ensure that only some IP addresses can connect to SAP (which is running on ports 3200, 3300, 4800, 3600); all other services except ssh should be unavailable to the local network. What do I want? I want to have access to SAP/Oracle from only a few IP addresses and all other services blocked (except ssh which should be public). I have tried to use SuSEfirewall without success (it won't start if I do not specify an extrenal device and if I specify it, I lock myself). Any suggestions? Thanks, Dietmar