On 01/26/09 11:44, Erik Nordmark wrote: > Sangeeta Misra wrote: >> >> One reason for ILB machine to configure IP Filter may be to disallow >> all incoming packets except for those that are for load balancing and >> ssh. I dont know how common this case may be, but I am wondering if >> this capabilty can be added in ILB itself, so that the user does not >> require IP FIlter configuration for this purpose. We can invoke >> this via an additional lbadm option called "dedicated" or something > > When and if we do a GUI/WUI for a load balancer it probably makes > sense to expose filtering there. But I don't think it makes sense to > put things in one CLI that already exist in other CLI. OK > >> This wquld probably mean that at ip_input() we check to see if packet >> is ssh protocol, if its not, we match the packets dest port and >> protocol to those that show up in lb rules or else drop the packet. > > Why not just configure IP Filter with a ruleset to handle this? > > Erik Possibly perf reason?
Sangeeta
