From owner-freebsd-net@FreeBSD.ORG  Wed Feb  7 00:27:23 2007
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 3847716A412
	for <freebsd-net@freebsd.org>; Wed,  7 Feb 2007 00:27:23 +0000 (UTC)
	(envelope-from justin@sk1llz.net)
Received: from sed.awknet.com (sed.awknet.com [66.152.175.11])
	by mx1.freebsd.org (Postfix) with ESMTP id 14A7B13C4E5
	for <freebsd-net@freebsd.org>; Wed,  7 Feb 2007 00:27:22 +0000 (UTC)
	(envelope-from justin@sk1llz.net)
Received: by sed.awknet.com (Postfix, from userid 58)
	id D324210BBE4F; Tue,  6 Feb 2007 16:27:22 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on sed.awknet.com
X-Spam-Level: 
X-Spam-Status: No, score=0.5 required=5.0 tests=AWL,BAYES_50 
	autolearn=disabled version=3.1.3
Received: from [192.168.1.101] (cpe-76-167-105-254.socal.res.rr.com
	[76.167.105.254])
	by sed.awknet.com (Postfix) with ESMTP id 7777710BBCF9
	for <freebsd-net@freebsd.org>; Tue,  6 Feb 2007 16:27:20 -0800 (PST)
Message-ID: <45C91CDF.7000509@sk1llz.net>
Date: Tue, 06 Feb 2007 16:27:11 -0800
From: Justin Robertson <justin@sk1llz.net>
User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)
MIME-Version: 1.0
To: freebsd-net@freebsd.org
References: <45C8E2A2.9040204@sk1llz.net> <45C8EC53.8020803@elischer.org>
In-Reply-To: <45C8EC53.8020803@elischer.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: 6.x, 4.x ipfw/dummynet pf/altq - network performance issues
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Feb 2007 00:27:23 -0000

Err, forgot to reply to -net, at anyrate, layer 2 isn't useful as it 
doesn't undertand ip addresses, ports, protocols, etc.

Julian Elischer wrote:
> Justin Robertson wrote:
>>
>
>
>
>> Splitting the task into a transparent filtering bridge with a 
>> separate routing box appears to clear it up entirely.
>
> how does that differ from using mac level ipfw?
>
> i.e. turning on filtering at the NIC (layer 2).
>
> (have you tried doing that?)
>