Comment by aidenn0

I said "largely isomorphic" Note:

1. How did a packet with a RFC1918 address reach router; it would require an attacker able to generate packets (or get something to e.g. unwrap an IP-in-IP packet) on the same link, since the router isn't going to ARP any of those addresses. Limiting inbound connections to originate on the same link does provide some measure of security.

2. Will the router even do anything with a packet coming in on the inbound port that doesn't target the public IP? This is implementation dependent.