For easy remote access to my files, and IMHO FTP is more secure than SMB so a better choice to leave open to the baddies. Not currently firewalled beyond the NAT but I'm keeping an eye on the auth logs and I'll block any unknown IP that crops up trying to authenticate. I'm thinking of adding config server firewall which has the ever handy Login Failure Daemon to firewall IPs that repeatedly fail authentication.