> However, I think the question was what to put on the dialin lines, and I
> would see this done on the WAN port to the internet as that is a choke
> point.
>
> You could do both I suppose, but I wouldn't rely on just the dialin filters,
> especially if you offer shell access since they don't work there.
Well, I guess you could write a generic filter for all your dialin to
prevent them from spoofing out except for the fact that they'll be able to
spoof any IP from the dialin pool.
A tiny problem in my opinion. RFE.
---
Bob Forsman thoth@gainesville.fl.us
http://www.gainesville.fl.us/~thoth/