Randy Bush said:
> for each interface on a router
> block tcp which is both to and from that interfaceI don't think that's sufficient. What about spoofed packets arriving via
interface A, with IP source and destination both set to the address of
interface B?--apb (Alan Barrett)
If you do it with an access-list in then it doesn't matter. Even a spoofed packet
will be blocked prior to arriving where it can do harm.
Owen