> Firewall loads before mount -a; probably at that point only the > root filesystem is mounted. If the match extensions are on /usr, > we can't get to them. I bet badhost has a separate /usr partition > and goodhost has /usr on the rootfs. Well, it's true that /usr is mounted on a different partitition, but this is the case for both goodhost and badhost. Indeed, this is how I mounted my partitions on badhost: Filesystem Mounted on /dev/hda2 / /dev/hda1 /boot /dev/hda8 /home /dev/hda6 /tmp /dev/hda3 /usr /dev/hda7 /var And this is goodhost: /dev/sda2 / /dev/sda1 /boot /dev/sda3 /data /dev/sda5 /home /dev/sda8 /tmp /dev/sda7 /usr /dev/sda9 /var /dev/sda10 /var/lib/pgsql > If so, yes, this is an OS bug. And don't just write set to a file, > do "mount > /root/firewall-mounted-fs" too. (I hope /root isn't a > symlink or otherwise on a different FS.) Sorry, I don't follow this last bit... Thanks so much for helping me through this!!! :-)