Having listened with interest to the discussions on the WWW-security and Firewalls lists, I'm wondering what specific risks I would assume should I decide to allow desktop PC's and MACs unlimited access to the Internet on ports 53 (DNS) and 80 (http), while maintaining the usual inbound filtering (DNS _only_ to our DNS server, SMTP _only_ to our mail relay, and nothing else inbound whatsoever). Thanks, Pete