> David Carmean wrote: > W.R.T. the Juniper and Cisco ACL suggestions... > at the very least I will insist on a stateful packet > filter, if not stateful inspection. I agree. Something like a reflexive access-list is a good beginning, but you can't really call something a firewall unless it has stateful inspection and goodies such as syn/ack detection. Michel.