[fw-wiz] Layer 2 (stealth) firewalls - PBR?



If I can interrupt the usual questions for some product requirements
discovery....

Over in the networking community on OpenSolaris.org, a couple of
us are pondering the question of what it means to do policy based
routing (PBR) at the ethernet (MAC) layer.

For IP, the use case is well understood and people everywhere do
it with firewall software, if only to make up for the inadequacies of
their routing tables however when it comes to ethernet, we're kind
of scratching our heads....so, some questions....

Does running a stealth (bridging) firewall remove the need for PBR?

Do people still do strange, quirky, things to packets even when they
don't want them to go through IP?

If you're using bridging to support your firewall (that still filters
packets using IP header information), can you shed some light on
why/when you want to send packets out a specific NIC regardless
of what the forwarding table for the bridge says?

Thanks,
Darren

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: iptables and dhcp
    ... > the same physical network segment as the firewall and the remote DHCP ... You used INPUT and not FORWARD chain ... # This target allows packets to be marked in the mangle table ...
    (comp.os.linux.networking)
  • Re: Trouble accessing Outlook Web Access from behind firewall
    ... When starting the firewall I also set ... > rejected and dropped packets are logged, however I see nothing in my log ... > # Higher ports needed to accept incoming/outgoing calls ...
    (comp.security.firewalls)
  • Re: Visnetic and 8signs firewall LOOPHOLE Read....
    ... I said I am just reporting bug in your Firewall, ... From the Port Scan/Properties control screen: ... The firewall filtered 100% of the packets that were received. ... operating system (I'm talking Windows, ...
    (comp.security.firewalls)
  • Re: port 80 is open
    ... The firewall drops all packets initiated ... > internet the ISP router does not send the unreachable message. ... and then close the connection as your IP is seen as not connected. ...
    (comp.security.firewalls)
  • Re: strange network traffic
    ... Maybe not so wise to not have a firewall and trust a third party lurker to ... Subject: strange network traffic ... > -> connection established, following packets have neither SYN nor ...
    (Security-Basics)