6.x, 4.x ipfw/dummynet pf/altq - network performance issues

Julian Elischer julian at elischer.org
Wed Feb 7 02:24:54 UTC 2007


Justin Robertson wrote:
> Err, forgot to reply to -net, at anyrate, layer 2 isn't useful as it 
> doesn't undertand ip addresses, ports, protocols, etc.

filtereing at the NIC (sysctl net.link.ether.ipfw=1 or something 
similar) lets you do layer 3 filtereing at the NIC layer..

> 
> Julian Elischer wrote:
>> Justin Robertson wrote:
>>>
>>
>>
>>
>>> Splitting the task into a transparent filtering bridge with a 
>>> separate routing box appears to clear it up entirely.
>>
>> how does that differ from using mac level ipfw?
>>
>> i.e. turning on filtering at the NIC (layer 2).
>>
>> (have you tried doing that?)
>>
> 
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"



More information about the freebsd-net mailing list