commit 12ce5d

2026-04-03 16:35:17 Peter: s

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9

`fortinet.md` ..
@@ 8,15 8,16 @@
	### Routing
	#### RPF
	--- Reverse Path Forwarding ---
+	Anti IP Spoofing.

	✅ Strict RPF (uRPF strict)
-	A packet is allowed only if the best (longest‑match / preferred) route back to the source IP would exit the same interface the packet arrived on. [rfc-editor.org],
+	A packet is allowed only if the best (longest‑match / preferred) route back to the source IP would exit the same interface the packet arrived on.

	Think: “Would I send the reply back out the same interface?”
	If no → drop.

	✅ Loose RPF (uRPF loose)
-	A packet is allowed if the firewall/router has any route at all to the source IP (regardless of interface). It’s basically a route existence check. [rfc-editor.org]
+	A packet is allowed if the firewall/router has any route at all to the source IP (regardless of interface). It’s basically a route existence check.

	Think: “Do I have some route to that source?”
	If yes → allow.