To test the new ECN Shorewall 1.4 feature that I announced recently, I have enabled ECN on my firewall and on my mail/list server. I''ve collected a list of IP addresses that were timing out on email delivery and put them in my /etc/shorewall/ecn file. One user emailed me this morning to say that his version of Short was reporting non-zero reserved bits in SYN packets from mail.shorewall.net. I''m assuming that an upgrade of Snort should fix that problem but we''ll see. ECN (RFC 3168) is on standards track so we should all be upgrading to software/firmware that supports it. Please let me know if any other anomalies have resulted. Thanks, -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net