-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At some point hitherto, ron.peterson@yellowbank.com hath spake thusly:
> We were originally considering running a masquerading/netfilter box, but
> we're now leaning in the direction of configuring iptables on a bridge.
> Reason being we can use spanning tree to provide failover if the
> filtering box breaks down.

I'm not sure what your network is like, but there can be disadvantages
to bridging...  You can accomplish failover of your non-bridging
firewall in a variety of ways.

The Linux HA project:

  http://linux-ha.org/

Mission Critical Linux's GPL Kimberlite Clustering software:

  http://oss.missioncriticallinux.com/projects/kimberlite/

Red Hat now also has a clustering technology that's based on
Kimberlite, but I'm too lazy to look it up.  :)

- -- 
Derek Martin               ddm@pizzashack.org    
- ---------------------------------------------
I prefer mail encrypted with PGP/GPG!
GnuPG Key ID: 0x81CFE75D
Retrieve my public key at http://pgp.mit.edu
Learn more about it at http://www.gnupg.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9k03OdjdlQoHP510RArtCAKC7rorxom+VCS3Uy1HpkrtHgYRKbQCgl5IR
Z/5bHCeHcRH7rlqkuM4a0wc=
=Wdtp
-----END PGP SIGNATURE-----