> Another option is to automate the updates and leave the hard work > to us! the op was discussing port-specific filtering for dns only. could you explain how i can automake my /etc/ipfw.rules leaving the hard work to you? e.g. add deny udp from 203.49.118.0/24 to any 53 randy