On Fri, Oct 30, 2009 at 04:31:50PM +0100, Eric Dumazet wrote:

Same thing if you have two interfaces, eth0 & eth1 : IP conntrack tuples dont
include interface name/index

Indeed, but imagine what happens when eth0 is the LAN and eth1 is
the wild wild Internet.  Do you really want their packets to mix?

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} [off-list ref]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt