Any comments on having this rule in my IPF; Pass out quick on xl0 all keep state xl0 is my WAN interface. I have rules blocking all non-routable IPs coming IN. I figure this beats writing rules for every workstation that uses different services. But is it safe? I think this the only way to get passive ftp working as well. Or is their another way? Thanks Randall