Ansgar -59cobalt- Wiechers said: >> Also applies to more than icmp. Wrong interface? -- drop. > > REJECT, not DROP. > If I get a packet from the 'net that tries to tell me it's coming from an ip that is connected to me via a different interface than where it came in on[1], then I'm assuming spoofing and dropping it on the floor. I'm not going to REJECT and send an icmp port unreachable back. Anyway, if I can't figure out what interface to send it out on, the packet is not going to get to the destination anyway.
[1] Assuming there is no asynchronous routing going on. /phil -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
