I think the easiest (and most secure) way to handle this problem it to configure the firewall to deny all outbound traffic, then allow only those few specifc ports that you want. Configure PRO->EXT just like you would EXT->PSN.
Remember, security and convenience are inversely proportional! -- Alex Howansky Wankwood Associates http://www.wankwood.com/
