>Good advice but do you know of any of the cheaper home units (SMC, >Netgear, Siemens, Dlink, Linksys etc..) that can actually be configured >with default DENY?
Yes. The Linksys routers are default deny. You must specifically say what ports are allowed in. >Everyone I have seen is default allow and you block from there. You can >block various things like IRC and SMTP but you have to do it manually. I >have a few floppy linux routers that I mess with that are default DENY >but they each have disadvantages too. >A cheap self contained router/firewall that had the >ability to default deny, block by IP and range, block by DNS name, and >block by time period would be great. While I'm dreaming, I'd also like >the ability of limiting the services forwarding fuction to specific ip's >instead of the firewall blindly forwarding selected ports over to another >machine, like now I forward ssh port 22 to my Linux machine but have to >maintain specific rules on that machine of where I can connect from, same >with port 80 to a second machine. There is no consumer-level product that will do that. However, Linux iptables can do most, if not all, of what you are asking for. And they can be set up for relatively cheap; $100 or less if you buy a used computer on ebay. -- Mark K. Pettit [EMAIL PROTECTED]
