tech-net: Re: Ye olde PR #991 - packets destined for interface IP# are accepted regardless of which interface they arrive on.

Subject: Re: Ye olde PR #991 - packets destined for interface IP# are accepted regardless of which interface they arrive on.
To: Erik Fair <fair@clock.org>
From: Perry E. Metzger <perry@piermont.com>
List: tech-net
Date: 05/06/2000 15:35:54

Erik Fair <fair@clock.org> writes:
> This option should be tied to IPFORWARDING, in the following way:
> 
> If you're a router (IPFORWARDING=1), then you should accept a packet 
> with your IP address on it, regardless of what interface it came in, 
> i.e. strict checking should be OFF.

What if you are a firewalling router, and would like things actually
secure?

I'm not even sure that it makes sense to do this even if you aren't a
firewalling router.

-- 
Perry Metzger		perry@piermont.com
--
"Ask not what your country can force other people to do for you..."