[fw-wiz] Poll: Interested in feedback for layer 2 filtering requirement for Solaris

Dear Wizards,

For many years IPFilter has been playing its part in filtering layer 3 (IP) packets...

Now we're moving down the stack - to layer 2 packets - to provide protection for Xen instances, etc. While I personally have various needs and expectations about what happens with IP packets, I'm unsure about what requirements or expectations are with ethernet packets.

What sort of functionality would you like to see layer 2 filtering on Solaris deliver?
Will/do you need ethernet level "NAT"?
Do you expect to see ethernet rules in ipf.conf?
Do you have non-ethernet networks you want to filter at layer 2?
Do you expect to always use the same ethernet device name with filters for layer 2 packets as for layer 3 packets?
Or other more devious desires?

Feedback welcome.

firewall-wizards mailing list