mouss wrote: > depends on your situation. if you don't have performance issues and no > special configuration needs, then a low end commercial firewall would > be enough. otherwise, you need to take the time to learn iptables, or > find someone to help you build your firewall. > > there are guis available. google is your friend. one that comes to > mind now is fwbuilder. Personally, if I was using the box as a firewall, lightweight network utility, VPN, router, NAT, or whatever else a typical gateway might handle, I'd run it on BSD and PF in a heartbeat over iptables. Linux's general adhesion to the ridiculously obtuse and difficult ipchains/iptables legacy is extremely unfortunate at best, and IMO, far less functional. Your entire PF configuration file (amazingly) named /etc/pf.conf can be easily less than 15 lines and cover quite a lot of ground. Kinda reminiscent of the old IPFW, only evolved about 200 years, which would make it 10,200 years more evolved than ipchains/iptables. :P (*climbing back into Nomex in nuke bunker*) Peter -- Peter Serwe <peter at infostreet dot com> http://www.infostreet.com "The only true sports are bullfighting, mountain climbing and auto racing." -Earnest Hemingway "Because everything else requires only one ball." -Unknown "Do you wanna go fast or suck?" -Mike Kojima "There are two things no man will admit he cannot do well: drive and make love." -Sir Stirling Moss