> But... what do you want to do by filtering OUTPUT ? Sure, you can drop INVALID > packets, filter floods, stop packets coming from root and so on, but if you > want to allow normal internet activity from the box, you have to allow NEW > connections on OUTPUT to any host/port... There's always a (good) chance that someone will comprimise the machine and use it to DDOS, scan, spam etc - filtering output to allow only what you need for normal usage (dns, web, ping etc) makes it less useful as a hacked box. Gavin
