The nicest way to fix this given the current (3.7) release is to add an
outgoing filter to the ethernet port blocking all source addresses
that are not supposed to be in the portmaster. Supposing your pm is
192.198.0.1 and in has 192.198.1.0/26 routed to it, add the filter
1 permit 192.198.1.0/26 0.0.0.0/0
2 permit 192.198.0.1/32 0.0.0.0/0
as ofilter to ether0. This has the additional benefit that your customers
cannot get packets with improper source addresses onto the net, so you
probably want a filter like this even if you don't need it to prevent
routing loops.
/Anders
-- -- Of course I'm crazy, but that doesn't mean I'm wrong. Anders Hammarquist | This space | iko@netg.se NetGuide Scandinavia | intentionally left blank | Fax: +46 31 50 79 39 http://www.netg.se | | Tel: +46 31 50 79 40