On a machine with eth0 and eth1, if a service is bound to the IP of
eth1, it can still be reached via eth0 even if ip_forward is 0.

WARNING!  This patch appears to kill pppoe!


--- linux/net/ipv4/old-fib_frontend.c	Fri Dec 21 18:42:05 2001
+++ linux/net/ipv4/fib_frontend.c	Fri May  3 01:15:31 2002
@@ -209,7 +209,7 @@
 	struct in_device *in_dev;
 	struct rt_key key;
 	struct fib_result res;
-	int no_addr, rpf;
+	int no_addr, rpf, fwd;
 	int ret;
 
 	key.dst = src;
@@ -219,12 +219,13 @@
 	key.iif = oif;
 	key.scope = RT_SCOPE_UNIVERSE;
 
-	no_addr = rpf = 0;
+	no_addr = rpf = fwd = 0;
 	read_lock(&inetdev_lock);
 	in_dev = __in_dev_get(dev);
 	if (in_dev) {
 		no_addr = in_dev->ifa_list == NULL;
 		rpf = IN_DEV_RPFILTER(in_dev);
+		fwd = IN_DEV_FORWARD(in_dev);
 	}
 	read_unlock(&inetdev_lock);
 
@@ -235,6 +236,16 @@
 		goto last_resort;
 	if (res.type != RTN_UNICAST)
 		goto e_inval_res;
+	if (!fwd) {
+	  int mine=0;
+	  for_ifa(in_dev) {
+	    if (inet_ifa_match(dst,ifa))
+	      mine=1;
+	  }
+	  endfor_ifa(in_dev)
+	  if (!mine)
+	    goto e_inval;
+	}
 	*spec_dst = FIB_RES_PREFSRC(res);
 	fib_combine_itag(itag, &res);
 #ifdef CONFIG_IP_ROUTE_MULTIPATH