Amos Jeffries <squid3 <at> treenet.co.nz> writes: > Like you surmised earlier the implications for the client hosts is the > same as if your forwarding host was not there at all. That is a salient point, Amos. In my case, it can be argued that that's exactly what is desired. But I agree that there are some rules that can be added to tighten things up without unduly hampering someone who wants to add a VM or container in the future. Spoofing can be curtailed, for example. Thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
