The grep command cleared up how everything worked together, thanks.
> The idea is that one should configure tinyfirewall when connected to the > net in order to have a ppp interface ... wich is a bit stupid. We'll have > indeed to check for a ipppx or pppx interface. > > I'll have a look at it. I was looking at shorewall web site and there is a small reference to configuring ppp0 DSL connections. This was the source of the problem. I remember ppp0 from this simple fact you connect to ppp0 not eth0. > shields up ? A simple web site for checking for common open ports on windoze system. It reports on open, closed, stealth ports. https://grc.com/x/ne.dll?bh0bkyd2 > what do mean by "limited outgoing connections" ? Opps, "limited *to* outgoing connections, which I figured out is the default. I think there is some confusion over leaving ports open for servers (e.g., ftp server or a dns server) and no open ports at all. Apps will open ports when needed, thus limited to outgoing connections. now I would recommend including a "Standalone workstation (no server connections)" option to tinyfirewall. This is what is missing and I believe many people will be looking for. Add the ppp0 checks and it should cover the average user, which is the point, no? the result of grep now is /etc/shorewall/zones:net Net Internet zone /etc/shorewall/interfaces:net ppp0 detect /etc/shorewall/policy:fw net ACCEPT /etc/shorewall/policy:net all DROP info /etc/shorewall/policy:all all REJECT info when I did the test again port 80 was not stealth but closed and this probably do to the browser so technically with no programs running the firewall should make the connection invisible (stealth) to any outside connections. You would have to test that on a network setup thou. I am use to using ZoneLabs 'ZoneAlarm' on Windows (excellent program) that is an adaptive firewall so all ports are stealth by default, even if a program is actively using a port. Gabriel
