The problem with editing inetd.conf is that I don't know if I'll break something I need like samba.
I have a set of firewall rules I knocked up from http://www.linuxdoc.org/HOWTO/IP-Masquerade-HOWTO-6.html#Strong-IPFWADM-Rule sets :input REJECT :forward DENY :output REJECT -A input -s 192.168.0.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j ACCEPT -A input -s 192.168.0.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i ppp0 -j REJECT -l -A input -s 0.0.0.0/0.0.0.0 -d 217.35.25.225/255.255.255.255 -i ppp0 -j ACCEPT -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i lo -j ACCEPT -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -j REJECT -l -A forward -s 192.168.0.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i ppp0 -j MASQ -A forward -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -j REJECT -l -A output -s 0.0.0.0/0.0.0.0 -d 192.168.0.0/255.255.255.0 -i eth0 -j ACCEPT -A output -s 0.0.0.0/0.0.0.0 -d 192.168.0.0/255.255.255.0 -i ppp0 -j REJECT -l -A output -s 192.168.0.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i ppp0 -j REJECT -l -A output -s 217.35.25.225/255.255.255.255 -d 0.0.0.0/0.0.0.0 -i ppp0 -j ACCEPT -A output -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i lo -j ACCEPT -A output -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -j REJECT -l It uses a rather clever command extip="`/sbin/ifconfig ppp0 | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`" to get the external interface. Not sure how it'll handle a disconnect - reconnect - accept new dynamic IP number situation.