>> Also, is there a way to block people running FSP without blocking all >> udp packets or relying on blocking udp to certain ports? I may not >> be around full-time on this system, so it is conceivable for a user >> to set up their own fsp server in their home dir and not have me >> notice it for a few weeks or so. > >Why would you _want_ to block that? That doesn't put your system at >any more risk than it already is by allowing said user connectivity to >the world of any sort, as far as I can see. I don't want people to pirate to/from my machine. It's a waste of diskspace to have all 35 megs of the latest game taking up space I could be using for increased functionality (perl, etc) >Unless you have some users connecting via, say, dialup, that you want >to restrict from all network access of any sort; in this case, the only >effective measures I can see are either (a) a sufficiently restricted >environment that they can't import arbitrary programs or (b) having the >kernel refuse network services to them unconditionally. I will have users via dialup but network services are important, including being able to ftp to and telnet to my site. I was hoping that the router could screen packets by protocol type. Perhaps I could write a daemon to determine what any UDP listeners are and report back.