> Also, is there a way to block people running FSP without blocking all > udp packets or relying on blocking udp to certain ports? I may not > be around full-time on this system, so it is conceivable for a user > to set up their own fsp server in their home dir and not have me > notice it for a few weeks or so. Why would you _want_ to block that? That doesn't put your system at any more risk than it already is by allowing said user connectivity to the world of any sort, as far as I can see. Unless you have some users connecting via, say, dialup, that you want to restrict from all network access of any sort; in this case, the only effective measures I can see are either (a) a sufficiently restricted environment that they can't import arbitrary programs or (b) having the kernel refuse network services to them unconditionally. der Mouse mouse@collatz.mcrcim.mcgill.edu