I am wondering if this is possible. I would like to have port 80 be accessible to the outside world, but redirect it to other ports internally depending on source. I want to blanket deny all ports on the server except port 80. So basically I want to drop anything but port 80, while still allowing the redirected ports to work. Is this possible? I was thinking about using connection tracking?