Barry Greene has already written up a great overview, and provides links to best practices on ISP port filtering, pro & con. http://www.senki.org/exploitable-port-filtering/ My advice is consistent with Barry's, but I should I done my web research first :-)