On Mon, Jul 27, 2015 at 11:10 AM, Quartz <[email protected]> wrote: >> These days you have "bypass" features in hardware that allow packets >> to flow from one interface to another even if the firewall is turned >> off. > > Can you elaborate on this?
Search for "intel nic bypass mode" and you'll find lots of details. It's an increasingly common feature in server network adapters. If the host OS is down, the NIC continues forwarding packets between two ports without any processing. Some older implementations used a physical jumper to enable or disable this feature. Now it's all done in software and can even be configured remotely. For example: http://www.lannerinc.com/applications/product-features/lan-bypass
