Sebastian Davie wrote:
> Hi Sven
>
> Thanks for that! I was only trying to block FTP to check my settings!
> FTP was something that I could get instant results on!
>
> All ok .. So from now on I wall always set "Source Port Range" to all
> and only block on the "Destination Port range" --- Would that be the
> best practice?
>
>   
not necessarily. you might have an application that uses a pre-defined 
source port, in which case, you want to filter by that. but to block LAN 
access TO certain services on the WAN, yes, assume random source ports 
and block the destination ports.

Sven