We, too, have a "Game Consoles" role. When we create the filter, we assign the user to this role. In this role, we block ports 20, 21, 22, 23, 80, 443, 6667, and 8080. In addition, we restrict access to any on-campus IP ranges (not including ResNet IP ranges). We allow all other traffic. Apparently some games use a couple of these ports, but we inform our users that we view these filter creations as a security vulnerability since a user could potential trick us into creating one for their PC. We figured these restrictions would "cripple" any user smart enough to think of obtaining a filter for their PC. We also created an online form for obtaining and inserting the MAC addresses to the CAM. When a request is submitted, we save it into a local MySQL database. We send a confimation email to the user, and the office staff reviews the request. We check if the user has previously submitted requests, check the MAC manufacturer, etc. If all appears well, we use our own form to submit the MAC to the CAM. The script is programmed in PHP. If anyone is interested, we're willing to send the code for the form. You can check it out at http://resnet.calpoly.edu/index.php?page=50. It has definitely helped streamline the filter creating process for us. Kyle Dodson [log in to unmask] http://resnet.calpoly.edu