@ewenmcneill @mxshift Never thought about this, so sorry if this is a stupid q, but... since routing uses subnet and dest IP to decide how/where/which iface to send a packet, why can't a machine lie about it's source IP in a packet to get past a incoming conn firewall?