The proper thing to do is put ipfw on a different machine from the
users. The concept of a firewall is something solid, simple and
flameproof that slows the progress of security breaches -- putting a
firewall on a user machine is a weak compromise.
On a true firewall machine, the ability to log potential security
breaches is fairly important.
-- Raul