Hi Stem et al: From the FW sticky forums see: I use Dhcp as I have a DSL/Cable with shared router and have disabled DNS. This works fine. But I have questions: With my current FW I took this sticky port advice and tried to implement it. How? I have failed so far to achieve this! How do I create a rule allowing svchost.exe -k netsvcs UDP local port 68? if their is no way to put a local port in a rule? Does local imply incoming packet direction? How do I create another rule allowing svchost.exe -k netsvcs remote port 67? Does remote imply outgoing packet direction? If these rules can be created then what is not specifically allowed will be denied, right? On any restricted port list should/how should/can users work these 67/68's in some way to advance PC security?