>From chrisp @
>We're thinking of using one as a 'Choke' router in the 'Belt and Suspenders'
>configuration described in Cheswick et al's book on Firewalls.
>Has anyone else done this? What type of success have you had? Are there any
>'Gotchas' you encountered that you could tip me off about?
The worst thing about the NetBlazer in an Internet firewall is that
it does not block IP-source-route packets,
which are a potential address spoofing threat.
I found it difficult to configure a packet filter I like
in spite of a rich set of filter operators.
It is unclear what the precedence is for partially conflicting filters.
The router supports only one filter set, in which interfaces are specified.
However, if this is just the belt, you just need really good suspenders. :-)