I have a CentOS 4.2 machine. lokkit shows that a firewall is enabled, and it is customized to allow SSH, Web, and DNS traffic only. But if I run nmap against the server IP (from my home machine, outside the local network) it shows over 1000 open ports. Am I not understanding nmap, or is there something seriously wrong here? Here is a small snip of the nmap output (I can include it all if that is helpful, but it is quite long): (The 202 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 1/tcp open tcpmux 2/tcp open compressnet 3/tcp open compressnet 4/tcp open unknown 5/tcp open rje 6/tcp open unknown 7/tcp open echo 8/tcp open unknown 9/tcp open discard 11/tcp open systat 12/tcp open unknown 13/tcp open daytime 14/tcp open unknown 15/tcp open netstat 16/tcp open unknown 17/tcp open qotd 20/tcp open ftp-data 22/tcp open ssh 24/tcp open priv-mail 25/tcp open smtp 26/tcp open unknown