Depending on his upstream, the ethernet connection he gets may be off of
one of their backbone routers. In that case, it would not be wise for them
to load it up with filters for each client. Let it do it's job as a
backbone router and have the customer get a 2514 or a *nix box with some
sort of firewall util.