24 Nov
1997
24 Nov
'97
7:38 p.m.
At 4:54 AM -0500 11/23/97, Alan Barrett wrote:
Randy Bush said:
for each interface on a router block tcp which is both to and from that interface
I don't think that's sufficient. What about spoofed packets arriving via interface A, with IP source and destination both set to the address of interface B?
In this case the packets must eventually be transmitted via interface B and Interface B transmit rules should take care of that. --Dean ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Plain Aviation, Inc dean@av8.com LAN/WAN/UNIX/NT/TCPIP http://www.av8.com ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++