hi. i hope this isn't off topic because i can't think of any tips at the moment. although i'll try to put one in anyways. --------- we have a netopia r5300 t1 router for our company's broadband connection. although it's not a *real* firewall it does have filtering capabilities. so i would like to use what we've got and get some filtering going on. (all win2k machines, active directory, dns, dhcp for the clients.) however, my problem is not knowing what to keep open. i know to keep port 80 open for http, 443 for https, 25 for smtp... but that's about where my research has led me. (to be clear, blocking ports on the gateway [the t1 router] does not restrict flow on our intranet correct?) here is a list of what we use that utilizes the internet... (basically i'm not sure what hidden, or not-so-obvious ports are being used that i should know about.) http : 80 https : 443 smtp : 25 time service : (?) outlook web access (i'll guess that owa utilizes both http or https?) exchange2000, we only use smtp for sending mail, but i'm not sure if there are any other ports related to exchange 2k and say, outlook web access that i should be aware of. dns : (?) dhcp : (?) no telnet, no ftp, no terminal services. so. what do you guys think? any and all ideas, questions, comments, resources, answers, anecdotes, (and antidotes for that matter ;) testimonies, etc. will be helpful i'm sure thanks, chris.