> > since this is going to be a firewall.  And of course don't give out 
> > user accounts on your firewall.  After that you should be set. 
> 
> I wouldn't even enable ssh.  If it's a firewall, the only way to get to it
> should be via the console.  Opening it up to any form of remote access
> gives rise to the possibility of something, somehow gaining access and
> comprimising the security of any networks or hosts involved.
> 
> Just my $0.02

ssh is no problem. only access to firewall machine should be enabled only
for trusted machines