Basic restrictive firewall * Only open ports needed for kerberos, afs, ntp, dns requests, ssh * Only root can open http connections (for apt) * Outgoing icmp requests disabled for now -- this was thh default, not certain if there are any advantages/disadvantages to this * Include local in/out ports using local conffiles (for now, fwtool will surface properly eventually)