.._I_ would add everything in netfilter/iptables and remove ipchains support, and make use of iptables statefullness features, up high in in my rule lists, seatch netfilter.org mailing lists for samples of " -j ALLOW RELATED,ESTABLISHED " in action.
Well, that's a given. The other part of the reason for a new kernel is to get iptables support in there so I can get Shorewall up on that machine. Just makes me nervous not knowing what options I can drop on a machine I have no physical access to. :/
--
Steve C. Lamb | I'm your priest, I'm your shrink, I'm your
PGP Key: 8B6E99C5 | main connection to the switchboard of souls.
-------------------------------+---------------------------------------------
pgp00000.pgp
Description: PGP signature
