Here's the measures I'm interested in:
- Preventing devices to open ports to another device with a different IP.
- Preventing devices on one internal interface to open ports to another internal interface. A use case here would be isolated VLANs for apartments. You don't want one apartment to be able to open ports to a different apartment's devices. It seems like the RP filter could perhaps be used in combination with the first measure to achieve this, but I'm not sure when the RP filter gets applied.
- Whitelisting the devices allowed to open ports. Allowing just your gaming consoles to open port and not more questionable IoT devices would useful to narrow the attack surface. The first measure again seems to be useful as it would allow you to use firewall rules to filter the devices allowed to open ports.