Diana

> something is trying to connect to udp port 500, you're not running
> isakmpd, so nothing is listening on 500, so an icmp "host unreachable"
> packet gets sent out.  Put an explicit block statement for udp port 500
> to drop the packet.


Yes.  Thought that was it.  My own experience with iptables suggested 
that someone wasn't being all that honest with my own box.  
Fortunately it isn't connected to the net for more than a few minutes.

Anyone want to suggest the syntax for such a line ?

Thanks



-- 
Richard