The 'firewall' manual page is a must-read. http://www.freebsd.org/cgi/man.cgi?query=firewall&apropos=0&sektion=0&manpath=FreeBSD+4.7-stable&format=html
I recommend that you first construct your firewall without worrying too much about optimizing it. Let it run a while, then use 'ipfw -v list' to see which rules are being triggered. Then, based on that information, optimize your ruleset. As long as you are careful to maintain the any sensitive rule orderings you should be able to construct an efficient ruleset (for example, anti-spoofing rules have to come before anything else). -Matt To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message