At 10:34 PM 10/8/02 +0100, Stephen J. Wilcox wrote: >Not all IP packets require a return, indeed only TCP requires it. It is quite >possible to send data over the internet on UDP or ICMP with RFC1918 source >addresses and for their to be no issue. Examples of this might be icmp >fragments >or UDP syslog which altho shouldnt according to RFC1918 be on these source >addresses might be and if you block these on major backbone routes you may >break >something.
No. Filtering RFC1918 doesn't break anything. It merely shows you what was already broken and you didn't know it. If you have a box that is putting an RFC1918 source address in its packets destined for external nets, and it doesn't get NAT'd, your net config is broken. ...Barb
