Trying to limit client access to port 8500 doesn't solve
issues of servers running on other ports besides port 8500 or port
80. What about other common ports such as 8080, and so on?
Does the charity want to limit all access, even local
resources on their INTRANET or only limit INTERNET access. I would
assume that the charity would want access to local resources on
their subnet but not allow external access, except for a maybe a
select few workstations.
It's much easier to control by using a hardware firewall. If
the charity is using a broadband connection through a cablemodem or
DSL, consider adding a router with built-in firewall such as a
LinkSys Broadband Router..
Many of the routers available are easily configurable as to
which ports can be allowed or prohibited, such as blocking all
traffic and only allowing some traffic to specific IP's, and so on.
The basic level of these of these types of routers run around $100
One other option available if the charity has a spare pc
laying around is to configure the pc as a dedicated firewall with
options such as allowing traffic to only specific types of sites
that might be helpful in the charity's efforts. Maybe it might be
worthwhile for a volunteer being able to access a website for
contact information from their target donor but limit access to