Ok as I understand it... if you are running the services on the same machine as the firewall then no special treatment is needed. the special treatment comes from having machines MASQed or NATed behind the firewall and offering services on them.. When this comes to play you have to use connnection tracking... and in a lot of cases the community has already written modules for this ie the FTP and IRC contrack modules you mentioned... Search the following URL for modules containting ===== In the absence of order there will be chaos. __________________________________ Do you Yahoo!? Exclusive Video Premiere - Britney Spears http://launch.yahoo.com/promos/britneyspears/
