[...]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^>> Why do you believe that you need protection for something which is >> not there at all? You wrote that you don't have any service bound to
^^^^^^^^^^^^^^^^^^^^^^>> the external interface. If that's true, then there's nothing that
[...]>> possibly could be attacked.
One thing is that I don't want to provide any service... and other very different is that I have programs which open ports... (i.e. mldonkey) and this ports it could be attacked... that's what I want to prevent.
mldonkey is a server, so if you run that program you *have* a service bound to the external interface - which contradicts the precondition above.
As long as you do not run any server processes you don't need a packet filter.
Ralf
