Me: UNIX bod. Mac: Mac-mini OSX version: 10.mumble (How do you tell from the command line?) Ethernet Cable: Teh IntarWeb!1! (DHCP via cable box) Wireless: Household Secure Network (WPA preshared key) Purpose: It provides a house with internet access via a secured wireless LAN, while providing them with a mail server, firewall protection, a fileserver, a web cache, maybe a public website, and anything else I think of later. (Not bad for a small box by the telly!) Difficulty: No GUI (I SSH to it from my Nokia 9300 phone) Problem: I want to close all UDP/TCP ports listening on the Internet, while keeping them open on the wireless LAN. No, ipfw is not the answer. I want to believe the apps aren't that badly programmed that they listen on all interfaces of a multi-IP firewall (precluding you ever from running different ones on different virtual interfaces!) No, I'm not installing Linux. If OSX says it's a modern OS it should be able to prove it. I have made significant progress, but I'm interested in how other people have done it, because *dear GOD* I must be doing something wrong for it to be this difficult!! In particular: launchd. This appears to be missing an admin interface... or somebody needs to be shot. PS: That 'Share My Wireless' GUI thing that should have made this *oh* so easy, turned out to be utterly, stunningly, useless. It was nicely connected to the house wireless LAN with WPA, and I click that magic button, and it promptly disconnects, and gives my neighbours open unfettered access to my internet. That's not just unintuitive, it's downright hazardous!