Incorrect. While the logic is is almost certainly implemented in the drivers, there is silicon acceleration of the functionality built into the Nforce4 chipset (unlike the nforce3), and requires almost no CPU time to do its job. Nvidia calls this chipset support ActiveArmor.* "hardware firewall" -- sounds silly. Pretty sure Linux doesn't support
it in any case.
probably just one of those things implemented in the binary drivers in
software, just like the "hardware" IDE raid is most of the time (3ware
being the positive exception there)