if you are forwarding those ports to your machine you will be fine as long as there isn't anything else listening on those ports (besides your bittorrent client when you are using it)... in other words, if there is nothing to connect to on those ports (when you're not using bt) then there is nothing to exploit...
you can see what's listening on your box by doing a:
Code:
netstat -an | grep LISTEN
for example, web servers listen on tcp port 80... but i have no web server installed on my box, so even if i forward tcp port 80 to my box it won't be accepting any connections... this is what my box currently looks like:
Code:
bash-3.00$ netstat -an | grep LISTEN
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN
unix 2 [ ACC ] STREAM LISTENING 565 /tmp/.ICE-unix/254
unix 2 [ ACC ] STREAM LISTENING 529 /tmp/ssh-mLGGCfV250/agent.250
unix 2 [ ACC ] STREAM LISTENING 511 /tmp/.X11-unix/X0
as you can see i have nothing listening on tcp port 80, so getting port 80 forwarded to my box wouldn't hurt me - unless of course i'd ever start a daemon that would listen on port 80... now, all the ports below 1024 require root permission for something to listen on them, but ports above 1024 don't, so in theory any non-root user on your box could start something that listens on the ports you've openned ABOVE 1024 and they will succeed in receiveing new connections... the point being that if you can find a way so that the ports are only open when you are using your bittorrent that would be great...
personally, i use iptables on my PC and i open the bittorrent ports only when i'm using bittorrent... i don't have any automatic system for this - i just add or remove the 6881:6999/tcp rule accordingly and i'm fine... i don't do it for security reasons, i just do it cuz i like keeping my firewall in stealth mode whenever i can...
just my two cents...