I definitely prefer a seperate box for the firewall. At home, I'm
using the Dubbele NetBSD Firewall setup (http://www.dubbele.com) It runs on
NetBSD1.5, and is stripped of uneccesary files.
	I would recommend doing something like that. You can easily block
everything, since IP Filter and IPNat are enbale on it...

---   David A Woyciesjes
---   C & IS Support Specialist
---   Yale University Press
---   mailto:david.woyciesjes@yale.edu
---   (203) 432-0953
---   ICQ # - 905818


-> -----Original Message-----
-> From: Ben Bogart - FMPM/F1999 [mailto:bbogart@acs.ryerson.ca]
-> Sent: Tuesday, May 08, 2001 5:32 PM
-> To: port-i386@netbsd.org
-> Subject: firewall software
-> 
-> 
-> Hello all,
-> 
-> I've been a touch peroccupied with security since one of my 
-> boxes was 
-> using a hole in the 1.4.2 nameserver to relay spam. At home 
-> I have only 
-> one machine, is the machine that is running the firewall software as 
-> secure as those machines behind it? ie is a firewall package 
-> only helpful 
-> if it resides on a seperate machine than the one you are 
-> trying to protect?
-> 
-> I've installed the "portsentry" package and can't find where 
-> the package 
-> system installed the docs? any ideas?
-> 
-> Thanks
-> Ben
-> 
-> 
-> 
-> B. Bogart
-> Convergent Media Designer
-> --------------------------
-> Through scientific absolution we move further and further 
-> away from ourselves.
->