In Shorewall 1.2.*, you could refer to interfaces in the hosts file that were not defined in the interfaces file. That''s no longer true in 1.3.*. Unfortunately, if your existing configuration has such references, your only indication is that when you try to start Shorewall 1.3.*, you see: Activating rules... iptables: No chains/target/match by that name The ''firewall'' script currently in CVS contains a change that reports this problem with a clearer error message when the hosts file is being verified in the "check", "start" and "restart" commands. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net