Jetico test configuration: - Factory settings - "Optimal Protection" Direct connection via DUN/RASPPPoE; Modem in Bridge mode, no NAT et all. Meaning to say no "active" protection whatsoever and nothing out of the ordinary to report for the past I don't know how long! Issue: I've a Workstation PC (not acting Gateway at this time) and desire to run with Jetico, without fuss or degrade to security, basic Server processes; a FTP daemon, VNC and then some. Even though outbound monitoring and ultimately control is my only real interest and concern! Problem: "Application" rule can be [accept any *] (or specific) and yet really must I add a permanent "System IP" rule for Port 21 (FTP) fixed open? If I omit this additional rule, remote borne connection requests always hit the Jetico wall. 2006-07-28 5:38:26.914 reject Block All not Processed IP Packets 40 TCP incoming packet 18.104.22.168 me.me.me.me 58298 21 TTL: 110; TOS: 0; ID: 0080; TCP flags: SYN ; TCP Seq: 75661AD5 Sure one defines similar rules in their hardware router but in software we can make forward decisions based on the statefulness of resident applications and their present bindings all the while obeying your rules aimed at them. That is in a nutshell, open and shut doors and restrict access dynamically on a case application need basis. So yeah, network/registry issue or is this a Jetico limitation? Note the Application protection component layer does function OK otherwise I wouldn't be wasting my time, I recognize Jetico's power as a table rule based firewall and strong process I wish I could say integration and tie to packets a la full blown SPI? High time I coded my own PF. Though I favour Sandboxing. I hear you, Paranoid2000, Phant0m, I hear you.