Date: Tue, 06 Feb 2007 18:24:50 -0800 From: Julian Elischer <julian@elischer.org> To: Justin Robertson <justin@sk1llz.net> Cc: freebsd-net@freebsd.org Subject: Re: 6.x, 4.x ipfw/dummynet pf/altq - network performance issues Message-ID: <45C93872.8050100@elischer.org> In-Reply-To: <45C91CDF.7000509@sk1llz.net> References: <45C8E2A2.9040204@sk1llz.net> <45C8EC53.8020803@elischer.org> <45C91CDF.7000509@sk1llz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Justin Robertson wrote: > Err, forgot to reply to -net, at anyrate, layer 2 isn't useful as it > doesn't undertand ip addresses, ports, protocols, etc. filtereing at the NIC (sysctl net.link.ether.ipfw=1 or something similar) lets you do layer 3 filtereing at the NIC layer.. > > Julian Elischer wrote: >> Justin Robertson wrote: >>> >> >> >> >>> Splitting the task into a transparent filtering bridge with a >>> separate routing box appears to clear it up entirely. >> >> how does that differ from using mac level ipfw? >> >> i.e. turning on filtering at the NIC (layer 2). >> >> (have you tried doing that?) >> > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45C93872.8050100>