Arghhhhhhhhhhhhh..... We've basically taken this discussion from "How to stop a snooper" to "What sorts of ways can I snoop a net if I'm root?" How about taking all of the source off the system and making the firewall boot over the inside net? Let's see 'em stop that one. Make the firewall diskless with all of its mounts off the inside net. With no routing and read-only mounts, you should be fine (except you'll need rw mounts for /dev/swap -:) -john