One best practice is not to allow all TCP and UDP ports to be forwarded,
rather allow just the port which is required to be forwarded.
I have always wondered that the ubuntu machine which I work with receives
lots of security updates, if so why not the modems which is directly on the
line of fire, I will start a new thread about this, instead of hijacking
this email thread.
The port forwarding that I use is normally done with MODEMs which
either forward all TCP and UDP
ports from the public interface to a local IP or you can forward a
particular TCP or UDP port.
--Regards,