On 31 January 2018 at 08:46, Manuel Bouyer <bouyer%antioche.eu.org@localhost> wrote:
On Wed, Jan 31, 2018 at 08:17:36AM +0100, Maxime Villard wrote:
[...]
My patch is useful only if you restrict addresses in the first place. In that
case there is only a limited number of craftable src addresses. Typically:
wm0 [public side]: allow 10 IPv6 addresses
wm1 [local side]: allow everything
This seems to be a very specific and rare use case ...
Would a combination of global and a per interface limit handle most of
the cases without increased DoS risk?