>> I herein attach various information about my current system which perhaps
>> could help to point out any error on my part.
>
>Well besides "options ALTQ" Daniel mentioned, I see at least two or
>three options in your kernel, that are different from mine, which works.
>It doesn't mean you're wrong, only that it works for me this way :-)

what i did for my altq machine was config the kernel and then go to
the compile directory and read the opt_altq*.h files.  that quickly
gave me a list of options.

>> options   INSECURE    # disable kernel security levels
>Not really wise for a firewall..

exactly.

>> #options  COMPAT_15   # NetBSD 1.5,
>I was told this one has to be kept ?

technically, unless you're running a mips machine with -current you
don't need it.  for all practical purposes, though, it's not a bad
idea to leave all the netbsd COMPAT options in.

>> #options  GATEWAY     # packet forwarding
>Tou need to enable this on a firewall

depends on the firewall.  if the firewall will only be *proxying
services* (ie, via a forwarding named, a www/ftp proxy like squid, and
perhaps socks for some other services), then you specifically don't
want it.  if all you will be doing is filtering packets and forwarding
the rest, then you do.

>> #options  PFIL_HOOKS  # pfil(9) packet filter hooks
>This one too ?

not unless you want to write kernel code to do filtering stuff.

>> #options  IPFILTER_DEFAULT_BLOCK  # block all packets by default
>Not mandatory, but good practice

true, true.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
werdna@squooshy.com       * "information is power -- share the wealth."