Even after configuring your gateway in a secure a manner as possible, there is still a chance of compromise of the machine. Without proper audit trail creation and regular examination of the audit trail, you may never know if the host has been compromised or misconfigured over time.

The services arpwatch, syslog, and swatch should all be installed and configured in the same fashion as described for the FreeBSD client machines in Chapter 4.

Don’t forget to periodically log in to the gateway and check the logs and root user mail for evidence of a security breach. Or even better, forward this information to an email account you check often.

Now that your gateway is fully configured, be sure to test access from the wired and wireless segments. You may need to fine-tune firewall rules to give you the access you need. OpenBSD is a secure and robust operating system. An OpenBSD gateway is can be an excellent first line of defense if configured and maintained properly.