One reason for ILB machine to configure IP Filter may be to disallow all incoming packets except for those that are for load balancing and ssh. I dont know how common this case may be, but I am wondering if this capabilty can be added in ILB itself, so that the user does not require IP FIlter configuration for this purpose. We can invoke this via an additional lbadm option called "dedicated" or something
This wquld probably mean that at ip_input() we check to see if packet is ssh protocol, if its not, we match the packets dest port and protocol to those that show up in lb rules or else drop the packet. Comments?
