Darren J Moffat wrote: > Why is layer2 filtering disabled by default ? This is to keep system behavior consistent with before by default. > > What happens if filtering rules that depend on layer2 processing are > added (such as the ones in the example) but intercept_layer2 hasn't > been set ? In this case, the addition of these rules will fail. Such as in the example, the addition of rule (1), (2), (4) will fail if intercept_layer2 is not set. Layer 2 rules and ipfilter rules that depend on layer2 processing will only be able to be added after the intercept_layer2 is set, and these rules will be flushed when the flag is unset.
Thanks, Zhijun > > -- > Darren J Moffat -- #mdb -K [0]> eri.prc.sun.com::walk staff s|::print staff_t s_email| ::grep .== Zhijun.Fu at Sun.COM|::eval <s=K|::print staff_t Zhijun.Fu at Sun.COM, x84349 Network Virtualization & Performance Team, Solaris Core Operating Systems Since Jul 10,2006 [0]> :c
