Hi. I've set up several firewalls with OpenBSD but I have yet to go to any extremes regarding "hardening". So far I have updated the source (stable), recompiled the system & kernel, removed the source code, turned off inetd, and set up a tight pf.conf. I have been reading up on an interesting strategy of removing tons of executables, storing them on a cd, and setting up symlinks to the cd mount point so they can be accessed when needed.
My firewall will be providing internet access (NAT) to a small office lan (not mine). What strategies are others using in this area? -- Peter Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
