I'm sure you all already know this, but it's generally better to have the firewall be a separate physical machine from any server or client machines. Among other reasons, if an attacker can exploit an application running on the firewall machine, the efficacy of the firewall is compromised. You should dedicate a hardened, minimally configured machine for firewall use. If you have lots of money, the Cisco PIX firewalls are reasonably good. OpenBSD on a PC is an excellent low-cost option.
-- Chris Palmer Systems Programmer GeneEd -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
