>> 2) Add source host to white list on connect to port 3050.
>
> That looks like a huge potential security hole to me. All the hacker
> needs to do is to connect on port 3050 and gets access to all ports on
> server?

Right. I'd say that second line protection is required to allow
connecions only to FB listening ports. But topic starter is limited in
money, so, probably, he don't need to care about hackers clever enough
to find out this hole...

SY, SD.