Re: Packetfilter NICs

[Bennett Todd <bet () mordor net>]

1998-08-26-15:52:44 Bill Stout:
> Anyone have experience running AGs with packet filter NICs, or is Neocore
> the first? Apparently Neo-Core is coming out with a PF NIC that is
> configurable by 'the host'. (http://www.neocore.com)

Well, hrm. I don't know of anyone else doing downloadable PF code for a
hardware NIC for a general-purpose computer.

However, I see the resulting firewall you'd get as not interestingly different
from the same bastion host, with fast, cheap, general-purpose NICs, and fast
PF code. And that we've had for some time, it's the platform for hybrid
firewalls, my favourite sort these days, where you have a bastion running
proxies, and use PF code on the interfaces to help reinforce the policy
implementation.

-Bennett