On 30 May 1997, Wolfgang Rupprecht wrote:

> My box is a dual-homed machine where both interfaces go to different
> ISP's.  Each ISP imposes security filtering based on the source IP
> address.  This means that I have to route a packet based on the
> *source* address.  A novel twist, I know.  From the descrition of the
> security filter, it appears that it can do that, but perhaps I'm not
> using it the right way.  This is what I tried (just before the machine
> panic-ed). 
> 
>    block out log on de0 to de1:140.174.88.2 from 140.174.88.0/24 to any

No, that will simply block packets with that address going out that
port. The system won't send them out the other port if that port
drops them.

cjs

Curt Sampson    cjs@portal.ca	   Info at http://www.portal.ca/
Internet Portal Services, Inc.	   Through infinite myst, software reverberates
Vancouver, BC  (604) 257-9400	   In code possess'd of invisible folly.