In some email I received from Emmanuel Dreyfus, sie wrote:
[Charset iso-8859-1 unsupported, filtering to ASCII...]
> Hi!
> 
> One question about IPF: If I have a tcp keep state rule, I understood that
> any valid ICMP traffic about the TCP connexion would be allowed without
> rule checking. 
> 
> Does that means that someone able to snoop the TCP connexion would be able
> to forge an ICMP redirect packet, and that there is now way to stop this?
[...]

Correct.  This is nearly never useful because the "next hop" that is the
redirected gateway must be on the local LAN.

Darren