[oarsinsync]

Which is arguably a security issue if things do work as you've described.

Scenario A:

I've forwarded anything sent to UDP/80 to 192.168.1.20.

You're on 192.168.1.30 and you send a packet to 10.20.30.40:50 using UDP, source port 80.

An incoming packet from 10.20.30.40:50 now goes where? 192.168.1.20:80 or 192.168.1.30:80?

What stops me at 192.168.1.30:80 sending out packets to every IP, flooding the connection state table and effectively DoSing 192.168.1.20:80 without ever touching it?

...or should the connection actually go to 192.168.1.20:80 always, because that's what I've statically defined for all traffic on UDP/80 to do?

I guess the question is: which should take precendence, the dynamic session table, or the static configuration?