From owner-freebsd-net@FreeBSD.ORG Wed Feb 7 02:24:54 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E733816A402 for ; Wed, 7 Feb 2007 02:24:51 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outH.internet-mail-service.net (outH.internet-mail-service.net [216.240.47.231]) by mx1.freebsd.org (Postfix) with ESMTP id C189413C4B5 for ; Wed, 7 Feb 2007 02:24:51 +0000 (UTC) (envelope-from julian@elischer.org) Received: from shell.idiom.com (HELO idiom.com) (216.240.47.20) by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP; Tue, 06 Feb 2007 18:02:29 -0800 Received: from [192.168.2.5] (home.elischer.org [216.240.48.38]) by idiom.com (Postfix) with ESMTP id AB162125B04; Tue, 6 Feb 2007 18:24:50 -0800 (PST) Message-ID: <45C93872.8050100@elischer.org> Date: Tue, 06 Feb 2007 18:24:50 -0800 From: Julian Elischer User-Agent: Thunderbird 1.5.0.9 (Macintosh/20061207) MIME-Version: 1.0 To: Justin Robertson References: <45C8E2A2.9040204@sk1llz.net> <45C8EC53.8020803@elischer.org> <45C91CDF.7000509@sk1llz.net> In-Reply-To: <45C91CDF.7000509@sk1llz.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: 6.x, 4.x ipfw/dummynet pf/altq - network performance issues X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Feb 2007 02:24:54 -0000 Justin Robertson wrote: > Err, forgot to reply to -net, at anyrate, layer 2 isn't useful as it > doesn't undertand ip addresses, ports, protocols, etc. filtereing at the NIC (sysctl net.link.ether.ipfw=1 or something similar) lets you do layer 3 filtereing at the NIC layer.. > > Julian Elischer wrote: >> Justin Robertson wrote: >>> >> >> >> >>> Splitting the task into a transparent filtering bridge with a >>> separate routing box appears to clear it up entirely. >> >> how does that differ from using mac level ipfw? >> >> i.e. turning on filtering at the NIC (layer 2). >> >> (have you tried doing that?) >> > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"