I noticed that with FC5t2 the iptables firewall still has the -j REJECT --reject-with icmp-host-prohibited rule instead of a more secure -j DROP. What is the reason behind this? Maybe there should be an 'advanced' option in the system-config- securitylevel which let you choose to do a drop instead of sending icmp host prohibited messages. I think this is a sensible option for servers connected to the Net. You can of course alter the file /etc/sysconfig/iptables by hand but this can possibly be overwritten by system updates. Jurgen -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list