> You'll be pleased to hear that some of the models Cisco has out for
> routing/filtering T1 lines only have 33Mhz CPUs in them, so give it a
> shot with the 66Mhz machine just filtering traffic and put the services
> on the 100Mhz machine box.  If at all possible you want the firewall to
> only be firewalling things, as this means there's going to be fewer
> avenues for failure or entry into the bastion host.

Thanks! I reply in "Gateway Box Iptables Overhead (was Re: Iptables
initialization)", since I add a little more of my reasons there.

