OpenSolaris

Mroe and mroe people have more than one internet connection; with the
advent of DosS and DDoS attacks, tISPs have started to do source
address filtering on a grand scale.

For outgoing connections with a stable route, Solaris will route just fine
but when an incoming connection comes in over the "wrong interface" (i.e.,
the route back goes out over anotehr interface) the returning packets
will likely be blackholed.

This RFE requests the ability to add routes based on the source of
the packet.  Such a route would have precendence over ordinary routes
but outgoing connections from unboudn sockets would pick a route using
current algorithms.

The ideal would be to have multiple default routes each with their own
specific source address.

It is possible to get some of this functionality using ipfilter redirecting;
however, ipfilter fails when the preferred interface goes down and Solaris
will not route packets through the downed interface anymore.  Ipfilter will not
get at those packets and cannot properly forward them.

N/A