All, I wonder whether there are plans to complete implementation of the "strong ES" model as described in RFC 1122 for multihoming hosts on FreeBSD. Essentially this would assure that a multihomed host would send and receive IP packets through the "correct" interface (that is, the physical interface that is configured with the IP address used in the packets).
Currently the incoming part is already present through the net.inet.ip.check_interface sysctl. If enabled, this would drop packets which arrive on an interface with a different IP address than the one of the interface. But what about the sending side? This appears to be missing. We would need to forward packets not according to the routing table, but according to the source address of the packet (if already defined, otherwise it would be defined through the routing table first). Is anybody aware of this issue? I personally consider this as beneficial for firewall-type setups. Are there plans to implement it? Regards, Helge To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
