I have created a script to run ipchains which denies everything except for a few things I want on a standalone system. I run into a problem however when I try to run apt-get. it hits all the sites fine, but when I try to download, it is coming from a port above 1023 and it gets stuck in my firewall. the only way to fix it is to turn off ipchains while I'm getting updates or new progs, and then turn it back on. Any ideas how to fix this so I can leave it on?

Thanks

hmm... well this works for iptables, ipchains should be similar:
iptables -A INPUT -p tcp -s 0/0 --sport 1024; --dport 1024: -j HIGHPORT
and a 2nd line but udp instead of tcp

the only problem with that though would be that it is letting anything that comes from a high port and connecting to a high port on my machine will be allowed in. That pretty much defeats the point of a firewall doesn't it???