>>> term deny-port-zero {
>>> from {
>>> protocol [ tcp udp ];
>>> source-port 0;
>>> destination-port 0;
>>> }
>>> then {
>>> count deny-port-zero;
>>> sample;
>>> discard;
>>> }
>>> }
my read of the manual sez that this will only match packets
with BOTH dest and source ports of 0.
i think you need two separate terms.
randy