Except that a layer two device can't tell if something is multicast or broadcast or unicast or Anything in ipv4 or ipv6.... That's sorta the definition of a layer two device. If it could discriminate amongst layer 3 traffic, it would be a layer 3 device--a router, firewall, etc.
--p
-----Original Message-----
From: firewall-wizards-bounces_at_listserv.icsalabs.com
[mailto:firewall-wizards-bounces_at_listserv.icsalabs.com]On Behalf Of Paul
D. Robertson
Sent: Friday, April 04, 2008 12:29 AM
To: Firewall Wizards Security Mailing List
Subject: Re: [fw-wiz] Layer 2 (stealth) firewalls - PBR?
On Thu, 3 Apr 2008, Darden, Patrick S. wrote:
> Layer 2 PBR would, of necessity, have to change next hop address (which
> is destination address) and the next hop would have to change it back to
> the original. And addresses in layer 2 are MACs (for ethernet that is).
What about using it to shave off broadcast and multicast
traffic and perhaps IPv6 NDP stuff too? For that you might find it
useful if bridging between an external and internal net through a
multi-homed PBR box.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul_at_compuwar.net which may have no basis whatsoever in fact."
http://www.fluiditgroup.com/blog/pdr/
Art: http://PaulDRobertson.imagekind.com/
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Apr 08 2008
Intro
