Ok, I have a dialup connection to the internet. I want to let hosts on my internal net use my ISP's domain name service. For 9.1 I had: FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS domain 4000" But in 9.2 the startup process complained about this line so I commented it out in SuSEfirewall2. Now of course, attempts by hosts on my internal net to use dns fail and lines like this appear in /var/log/messages: Feb 3 23:26:49 hrnowl kernel: SFW2-FWDint-DROP-DEFLT IN=eth0 OUT=modem0 SRC=192.168.86.4 DST=199.170.88.29 LEN=56 TOS=0x10 PREC=0x00 TTL=63 ID=1 DF PROTO=UDP SPT=1034 DPT=53 LEN=36 Feb 3 23:26:49 hrnowl kernel: SFW2-FWDint-DROP-DEFLT IN=eth0 OUT=modem0 SRC=192.168.86.4 DST=199.170.88.10 LEN=56 TOS=0x10 192.168.86.4 is a host on my internal net and 199.170.88.10 and 199.170.88.29 are my ISP's dns servers! I believe the log entries are complaining about a UDP packet that was trying to go from my ISP's domain name service to my a host on my internal net. Now that FW_ALLOW_INCOMING_HIGHPORTS_UDP is not allowed, how do allow packets like this to go thru? Thank You. -- Paul Elliott 1(512)837-1096 pelliott@io.com PMB 181, 11900 Metric Blvd Suite J http://www.io.com/~pelliott/pme/ Austin TX 78758-3117