Short while ago I discover that only first interface in "interface" file with dhcp option have added rule for dhcp #Example from cmd "shorewall status" Chain eth1_in (1 references) pkts bytes target prot opt in out source destination 2 1152 ACCEPT udp --- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68 0 0 ACCEPT icmp --- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 430 35218 loc2fw all --- * * 0.0.0.0/0 0.0.0.0/0 But eth2 have only: Chain eth2_in (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmp --- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 all2all all --- * * 0.0.0.0/0 0.0.0.0/0 There must be a small glith in firewall script..... -- Rafa³ Dutko MCCNet Sp. z o.o. email: rafal.dutko@mccnet.pl