[fw-wiz] Layer 2 (stealth) firewalls - PBR?
- From: Darren Reed <Darren.Reed@xxxxxxx>
- Date: Mon, 31 Mar 2008 20:49:13 -0700
If I can interrupt the usual questions for some product requirements
Over in the networking community on OpenSolaris.org, a couple of
us are pondering the question of what it means to do policy based
routing (PBR) at the ethernet (MAC) layer.
For IP, the use case is well understood and people everywhere do
it with firewall software, if only to make up for the inadequacies of
their routing tables however when it comes to ethernet, we're kind
of scratching our heads....so, some questions....
Does running a stealth (bridging) firewall remove the need for PBR?
Do people still do strange, quirky, things to packets even when they
don't want them to go through IP?
If you're using bridging to support your firewall (that still filters
packets using IP header information), can you shed some light on
why/when you want to send packets out a specific NIC regardless
of what the forwarding table for the bridge says?
firewall-wizards mailing list
- Next by Date: Re: [fw-wiz] Protocol inspection
- Next by thread: Re: [fw-wiz] Layer 2 (stealth) firewalls - PBR?