> How about taking all of the source off the system and making the firewall > boot over the inside net? Let's see 'em stop that one. Make the firewall diskless > with all of its mounts off the inside net. Ooh yummy an NFS target to play with 8). If you are using a Sun or sun derived system you need to be very very careful here, because Sun NFS as standard aint too fussy where the replies to its requests come from. (Convenient for multi-homed hosts). I suppose cranking up the Secure RPC NFS configuration is safe ? As to swap - use an OS that doesn't need a swap partition. You aren't exactly going to be running a lot on your firewall one hopes. Alan