Your intent may be better served by allowing it to listen on all, but create blocking rules in the [presumably] static internal interfaces. Yes, you must add a new rule every time you add another interface, but that's still less administration than the alternative. It's not as elegant as having each individual application decide what it listens to, but then again a separately controlled and audited firewall really is more appropriate and secure.
You can set interface-based rules, which should satisfy your need there. RB --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
