> <Disclaimer><Speculation> In a task-specific bridging firewall
> a vendor could have a per-port CAM table which included the
> local MAC addresses. That way each port could filter the local
> traffic (based on dst MAC address) before forwarding it to the
> firewall core, which would greatly reduce the amount of
> processing power required by the firewall. Granted, it would
> also result in a really bad worst-case scenario, but it would not
> surprise me if a vendor were to use this design. </Speculation>
Bad worst-case scenario?
A learning bridge works exactly like that... overloading the
bridges MAC table can be countered.
Greetings,
Diederik
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
