>
>could very simply be `enhanced' with code which checks ip addresses and
>such. I haven't really thought about how to modify the filtering table though
>(something like the route/netstat duo, probably).
>
>Any thoughts?
>
>	-Steven
>
>P.S. The motivation for all of this is, of course, that a netbsd box
>could replace a $$$$ cisco or whatever ip router.


you would have to do the filtering at the incoming device level.
so you can block access to your own ports as well as blocking access
to ports on you internal net.

as for how you will implement outbound only TCP you guess is as good as
mine.

Another thought is that you are better off with a $1800 router then
a unix system cause of performance and reliability (routers do not have
to fsck there disks at boot or deal with hardrive failure.

if you really want a PC solution for your routing woes look in the
PD/shareware packages Kbridge and PCroute.


		    -Pete

------------------------------------------------------------------------------