I'm trying to reduce the attack surface to a home machine that is always on and connected to the Internet. It is running CentOS 5.4, with tight iptables rules and sits behind a Verizon FiOS firewall/switch also configured with tight rules. I was wondering how to best block all network access to it when I log off...then unblock it when I log on. Changing iptables requires root access...as does running ifdown and ifup scripts. I could change the permissions on ifdown and ifup and run them from the login/logout scripts, but I'd prefer not to do that. Any tips? DaveM