Wait; all traffic is coming in one interface. The CEF thing will have no effect if the spoofed source address is a real network.
However, if it is a completely bogus source address (1.2.3.4 or somesuch), then yes, it does make it a bit easier to filter.
If the spoofer is dialed up to YOUR network, and spoofs the address of someone else out on the net, then YOUR router should find that the source interface is not in the list of routes for that address, and discard it. If the spoofer is attacking YOU, then that means the network the spoofer is attached to is NOT blocking him by this method, but SHOULD. -- Phil Howard | no1way89@dumbads5.net stop2599@anywhere.edu ads0suck@no0place.edu phil | die8spam@no1place.net no4way60@no4place.edu end8it63@nowhere7.org at | stop2015@no9where.edu no25ads9@no49ads6.net end9ads6@dumb4ads.net milepost | end0ads3@s5p0a0m8.org crash061@anyplace.net stop5278@anywhere.net dot | no29ads0@anyplace.net stop3305@dumb7ads.net blow8me2@lame2ads.com com | die2spam@no9where.net stop3it9@anyplace.org stop9ads@no6place.org