Well, there is a simple knob for this:
If the Knob is turned "ON", then any packet from a source address which is not routed to the interface it came in on is dropped.
This works for static, dynamic, and all other kinds of routing. It will solve the problem and is trivial to implement - if any of the vendors care.
Doesn't work for asymetric networks, like satellites. But I agree, it might be a good knob for the 80% solution. The rest of the problems must still rely on access lists. --Dean ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Plain Aviation, Inc dean@av8.com LAN/WAN/UNIX/NT/TCPIP/DCE http://www.av8.com We Make IT Fly! (617)242-3091 x246 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++