The file /etc/sysconfig/iptables sets up the rules for firewalls. According to the file, it is generated by the program "system-config-securitylevel" When I set up my laptop with the GUI, the only incoming service I intended to open was ssh (which is configured with keys for security). However, when I look at the iptables file I see some extra ACCEPT lines: -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT Those services are: 50 = remote mail checking protocol 51 = IMP Logical Address Maintenance 5353 = Multicast DNS (used by zeroconf) 631 = Internet Printing Protocol and Cups The last two work with printer configuration, I don't know why the first two are opened. I commented out the ACCEPT lines, and things still work fine (so far). I assume this will bollix up some printer autodiscovery features, but I don't want or need those. I am far more worried about those ports being used for future hostile exploits. I imagine the next time I fiddle with the GUI configuration on my SL4.4 laptop these lines will get uncommented. The silent opening of ports is a bug, IMHO. What is the best way to fix the system-config-securitylevel program to either ask explicitly or not turn on these ports? Should this be considered a security flaw in SL4.4 ? Keith PS: In related behavior, the cups server on my laptop used to broadcast its printers. I turned that off with "BrowseInterval 0" in /etc/cups/cupsd.conf. I want cups to service only internal requests, and do not need to broadcast availability to the world. Zeroconf printing is a wonderful thing sometimes, but not on roaming laptops! -- Keith Lofstrom [log in to unmask] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs