Hi all, I have a ipchains rule like this: #ipchais -A input -s 0/0 -p tcp -y -j REJECT so I can block all the SYN packets used by port scanners and avoid them... but now I run a smtp server (postfix), and my box must accept SYN packets to port 25. I don't want that anybody knows ( using a scanner ) which is the open port. My question: How can I block port scanners(like nmap) and run my server without problems? thanks a lot []'s Eduardo --