for those of you with OpenBSD firewalls, this tool:
http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8

looks like it does something similar to what I'm told NoCatAuth does.
basically, you ssh to the gateway, log in to an account with this as your
shell (or, I presume you could start this after logging in), and as long as
you stay logged in, it sets up packet-filter rules specific to you.

not as simple for the user as NoCatAuth, but possibly more flexible? (dunno,
I've never researched NoCatAuth). in any case, it's a system builtin, rather
than an add-on package, so that offers some advantages.

going to have to experiment with this when I set up my new firewall.

Carl Soderstrom.
-- 
Network Engineer
Real-Time Enterprises
www.real-time.com