### goes to bad-source-address, which logs a message and drops the packet.
### The default interface is special. If no explicit matches are found, it
### dispatches to in-default which forbids a few obviously evil things and
### goes to bad-source-address, which logs a message and drops the packet.
### The default interface is special. If no explicit matches are found, it
### dispatches to in-default which forbids a few obviously evil things and
###
### The out-classify is simpler because it doesn't care about the interface.
### It simply checks each network range in turn, dispatching to mark-to-CLASS
###
### The out-classify is simpler because it doesn't care about the interface.
### It simply checks each network range in turn, dispatching to mark-to-CLASS
## over the loopback interface, I shouldn't see a packet from me over any
## other interface. Except that I will if I sent a broadcast or multicast.
## Allow the broadcasts, and remember not to trust them. There are no
## over the loopback interface, I shouldn't see a packet from me over any
## other interface. Except that I will if I sent a broadcast or multicast.
## Allow the broadcasts, and remember not to trust them. There are no
-## known networks, so don't fill those in again. See RFC5735 or its
-## successors.
+## known networks, so don't fill those in again. See RFC5735 and RFC4291,
+## and their successors.