As I mentioned in another thread I have created an IPTABLES firewall script for Elastix/CentOS. It takes in account of allowing all outbound+established connections, RTP port ranges, signaling, Hylafax print-to-fax FTP passiv, SSH, and https. My intention was to negate the need for another piece of hardware to control firewalling and put the Elastix box directly on the public internet. Mainly because I am using SIP trunking without analog cards whatsoever. So far so good. My nmap port-scan on the box shows that the back-end stuff is locked out. If the Admins at Elastix are interested, I can supply my code as a favor for offering such a great open-source product.