Hello all, I need a little (alot?) of help creating a ruleset. What I want to do is very simple: 1) I want to allow the entire Internet to access my webserver on ports 80 and 443. 2) I want to dis-allow EVERYTHING else (ftp, mail, ..EVERYTHING) to ANYONE besides individuals with specific MAC addresses, with the exception of ARP (because I don't know the MAC address of my Gateway). 3) Those machines with the allowed MAC addresses I want to allow pretty much anything. However, I also have a few questions: a) is the above configuration safe? Is it possible for someone to spoof a MAC address? b) is there any possible vulnerability in allowing all ARP traffic? should I bother calling my ISP and asking them for the MAC address of my gateway? or is there a way I can find this out on my own? My situation: I have my server co-located at my ISP. I only want the public to be able to access my website on ports 80 and 443. However, from my home computer (or my laptop when on the road), I would like to be able to connect to the server with remote desktop, file sharing (netBios, etc.), SMTP, POP3, and pretty much any other server/service that I would like to provide myself with...but I don't want the public being able to connect to these services - the ONLY ports I want the public to connect to are 80 and 443 for my website. I figured the best way to do this is with the above scenario (using the MAC addresses of my home computer and laptop) as I do not have a static IP at home or when I'm on the road. Also, THE MACHINE NEEDS TO BE ABLE TO CONNECT TO ITSELF, so that my web application can send e-mails (my mailserver is running on the same box) and connection to SQL Server (also running on the same box). I would most appreciate it if someone could create me an example ruleset file and e-mail it to me at firstname.lastname@example.org (please put the word RULESET in capital letters in the SUBJECT line)...Thanks in advance!