Will takes me to task for upsetting poor old Mozilla - it does take a lot of bashing, doesn't it? Firstly, it's a beta kdebase which somewhat excuses the failure to compile.
Seems Will gets on really well with Mozilla and suggests that the blank screen is a freetype problem. That it may be, but it means it takes me an extra 20 seconds everytime as I startup mozilla - get a blank screen - swear - kill mozilla - rm -Rf ~/.mozilla - startup mozilla. Even even then it's just not very fast. It has got better - it used to be unusable on IV, now it's just slow. I'm afraid that Konqueror and Opera just run faster here, even if their CSS support is a little dodgy.
(Also, tabbed browsing is only useful for people who have overlapping windows - no such things there)
Will also point to this page with lots of weird and wonderful gcc options for building Gentoo (or anything else really). Just remember, you're not allowed to use anything that breaks the ABI, even if you build from stage1 because it still links some binary code in.
Sometimes, even iptables can't do what you want and you have to start coding. So last night I coded up ipt_machide (and libipt_machide for userspace) for my firewall.
Basically, an incoming packet (Ethernet only) matches if its source MAC address is in your ARP table. Now, the source MAC address is very spoofable, so you have to have normal rules under that, but it works very well to hide from scans (of which there are many on the IC halls network). As soon as you try to contact another box, a pending entry is put in your ARP table, the ARP reply matches and everything works fine.
At the moment I have to do a linear search of the ARP table because it's indexed by IP address, not MAC. It might be reverse indexed, but there are no comments at all so it's a little difficult to tell. Also, quite a number of IPs have the MAC address of the NAT box here so I need to check that the source IP address (if there is one) matches the ARP entry too.