>Would you care to take a shot at answering my question, or is
>contributing productively too much to ask?
My employer believes against filtering on source or destination.
Are you at liberty to share that reason for that? If you know that the
source address is bogus (for whatever reason, RFC1918 source address
is my favorite example), why not act on the fact that it is bogus? Is
it economic - are you collecting revenue for that traffic? Do you
believe that the router's performance or stability are adversely
affected by restricting the traffic that you pass in any manner?
One thing that sometimes comes up is that people do number links using
RFC1918 address space which occasionally results in an ICMP 'fragmentation
needed but DF bit set' packet with an RFC1918 source address. Filtering out
this packet could result in TCP breaking.
Of course people shouldn't do that, but solutions of the form "make
everybody else fix it" aren't as useful as solutions of the form "you fix it
this particular way".
IMO, this is the only justification for not filtering RFC1918 and it's
marginal at best. Personally, if a packet doesn't identify where it's
actually from, I don't want it on my network.