The logic is that if you're going to check a packet against an
access-list anyway, if the packet is dropped on is way in, the router
won't have any routing decision to make for this particuliar packet.
If you filter out of an interface a packet that will be dropped, more
ressources are used on the router for the routing.
Frederic Dery
[EMAIL PROTECTED] wrote:
> Thanks to all who replied, very helpful. I'm going to test tonight.
>
> While we're on the topic, I remember reading that it is less
> taxing on the router to apply the lists to IN on the interface. Is
> this the more common approach? Comments?
>
> John Monahan
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
