I would really like to see a feature similar to cisco’s ip verify reverse-path.
On a large routed network it is error-prone and time consuming to maintain firewall lists just to handle spoofing. This feature would do a route lookup on source address and match incoming interface and route’s destination interface. (It’s most likely less expensive than a long firewall list and much easier to administer). Look towards FreeBSD IPFW2 verrevpath feature for example code – if needed.
Apologies if this feature missed my lazy eye!
Sten Daniel Sørsdal