hi tony,

thank you for the reply btw

ok, firstable - i would like nor prefer to put this discussion as an inspiration how to build something different, in this case - as i said previously - i like to dig more deeper my unix and solaris knowledge by starting a home project to build a solaris zone-based firewall (using ipfilter of course) - so, i try to do it under some commodity hardware at first.

and, the second - i like to get in-depth with firewalling system which is to work with virtual system and virtual router - and this is where the solaris zones part comes into play. *i think*

i have talked to a Sun Microsystems engineer two days ago, pretty constructive discussion and inspiring one, especially some links that he gave me to achieve my goal.

currently, i have done about 70% of my home project which consist of :
1. to build a stripped down solaris system with zones
2. to put some routing protocols *if applicable*
3. to put some firewall (ipfilter) on those zones *if applicable*
4. put it on real environment

being 70% is a good progress since i really finding hard times to configure some logical interface until i manage to make them work. but now i'm a bit stuck in constructing dynamic routing under those zones because *IMHO* quagga *seems* dont play nice under b115 - but, that is only my current situation - still work it out though. still has plenty to read and to try.

i do like iptables, and other proprietary FW systems as well, but - this solaris zone thing has *something* which i like to get in-depth, very interesting feature

so, do you have any other idea for me to consider? do you want to join my home project? its fun really