[fw-wiz] Poll: Interested in feedback for layer 2 filtering requirement for Solaris

Dear Wizards,

For many years IPFilter has been playing its part in filtering layer 3 (IP) packets...

Now we're moving down the stack - to layer 2 packets - to provide protection for Xen instances, etc. While I personally have various needs and expectations about what happens with IP packets, I'm unsure about what requirements or expectations are with ethernet packets.

What sort of functionality would you like to see layer 2 filtering on Solaris deliver?
Will/do you need ethernet level "NAT"?
Do you expect to see ethernet rules in ipf.conf?
Do you have non-ethernet networks you want to filter at layer 2?
Do you expect to always use the same ethernet device name with filters for layer 2 packets as for layer 3 packets?
Or other more devious desires?

Feedback welcome.

firewall-wizards mailing list

Relevant Pages

  • Re: How to block specific IPs?
    ... >packets to reach IP layer instead reject them by NIC or any program ... >after processing Ethernet layer? ... >with only specific HW address of NICs? ...
  • Re: [fw-wiz] SCADA
    ... going around in about 2000AD with what he called "The Security Stack." ... Practices (meat layer) ... IP Stack Termination is IP filtering in the stack; ...
  • Layer 7 Firewall
    ... I need to use some QOS filtering to filter p2p, ... applications..so I want to use a layer 7 firewall..Ive seen some patches ... Network Operations & Consultancy Center does not accept legal responsibility ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
  • RE: Firewall: a basic question
    ... A firewall is just a term that is commonly applied to layer 3 (and ... use of non-router VLAN implementations and MAC address filtering. ...
  • Re: filtering on the interface driver
    ... on the ethernet interface drivers. ... clean way to do the filtering. ... the CPU usages from the UDP/ICMPs packet attcking. ... the traditional packet filtering rule set like layer 3 and 7 consuming ...