Re: [fw-wiz] Layer 2 (stealth) firewalls - PBR?

On Mon, 31 Mar 2008, Darren Reed wrote:
Over in the networking community on, a couple of
us are pondering the question of what it means to do policy based
routing (PBR) at the ethernet (MAC) layer.

For IP, the use case is well understood and people everywhere do
it with firewall software, if only to make up for the inadequacies of
their routing tables however when it comes to ethernet, we're kind
of scratching our, some questions....

Hmm... so I've got this university residence full of exuberent file
sharing sorts, and more sane and reasonable folk, all happily coexisting
on the same l2 network... and getting random IP addresses via DHCP. I
could see PBR at the ethernet layer being an adjunct to NAC as well.

... maybe I want to provide differing degrees of service or access, or
maybe I want to push some of the traffic through some sort of service
enhancing tool... (I'll grant that you can do this in other ways... but
as a thought).

"A cat spends her life conflicted between a deep, passionate and profound
desire for fish and an equally deep, passionate and profound desire to
avoid getting wet. This is the defining metaphor of my life right now."
firewall-wizards mailing list