diff --git a/daemon/media_socket.c b/daemon/media_socket.c
index 087d18915..288250bec 100644
--- a/daemon/media_socket.c
+++ b/daemon/media_socket.c
@@ -1023,6 +1023,7 @@ void kernelize(struct packet_stream *stream) {
 	struct call *call = stream->call;
 	struct packet_stream *sink = NULL;
 	const char *nk_warn_msg;
+	int non_forwarding = 0;
 
 	if (PS_ISSET(stream, KERNELIZED))
 		return;
@@ -1033,8 +1034,12 @@ void kernelize(struct packet_stream *stream) {
 	nk_warn_msg = "interface to kernel module not open";
 	if (!kernel.is_open)
 		goto no_kernel_warn;
-	if (!PS_ISSET(stream, RTP))
-		goto no_kernel;
+	if (!PS_ISSET(stream, RTP)) {
+		if (PS_ISSET(stream, RTCP) && PS_ISSET(stream, STRICT_SOURCE))
+			non_forwarding = 1; // use the kernel's source checking capability
+		else
+			goto no_kernel;
+	}
 	if (!stream->selected_sfd)
 		goto no_kernel;
 	if (stream->media->monologue->block_media || call->block_media)
@@ -1078,6 +1083,7 @@ void kernelize(struct packet_stream *stream) {
 	reti.rtcp_mux = MEDIA_ISSET(stream->media, RTCP_MUX);
 	reti.dtls = MEDIA_ISSET(stream->media, DTLS);
 	reti.stun = stream->media->ice_agent ? 1 : 0;
+	reti.non_forwarding = non_forwarding;
 
 	__re_address_translate_ep(&reti.dst_addr, &sink->endpoint);
 	__re_address_translate_ep(&reti.src_addr, &sink->selected_sfd->socket.local);
diff --git a/kernel-module/xt_RTPENGINE.c b/kernel-module/xt_RTPENGINE.c
index a5cdd999d..5496698d9 100644
--- a/kernel-module/xt_RTPENGINE.c
+++ b/kernel-module/xt_RTPENGINE.c
@@ -1513,6 +1513,8 @@ static int proc_list_show(struct seq_file *f, void *v) {
 		seq_printf(f, "    option: stun\n");
 	if (g->target.transcoding)
 		seq_printf(f, "    option: transcoding\n");
+	if (g->target.non_forwarding)
+		seq_printf(f, "    option: non forwarding\n");
 
 	target_put(g);
 
@@ -2036,12 +2038,14 @@ static int table_new_target(struct rtpengine_table *t, struct rtpengine_target_i
 
 	if (!is_valid_address(&i->local))
 		return -EINVAL;
-	if (!is_valid_address(&i->src_addr))
-		return -EINVAL;
-	if (!is_valid_address(&i->dst_addr))
-		return -EINVAL;
-	if (i->src_addr.family != i->dst_addr.family)
-		return -EINVAL;
+	if (!i->non_forwarding) {
+		if (!is_valid_address(&i->src_addr))
+			return -EINVAL;
+		if (!is_valid_address(&i->dst_addr))
+			return -EINVAL;
+		if (i->src_addr.family != i->dst_addr.family)
+			return -EINVAL;
+	}
 	if (i->mirror_addr.family) {
 		if (!is_valid_address(&i->mirror_addr))
 			return -EINVAL;
@@ -3927,6 +3931,8 @@ not_stun:
 	goto skip_error;
 
 src_check_ok:
+	if (g->target.non_forwarding)
+		goto skip1;
 	if (g->target.dtls && is_dtls(skb))
 		goto skip1;
 
diff --git a/kernel-module/xt_RTPENGINE.h b/kernel-module/xt_RTPENGINE.h
index cd7978f98..f553e6740 100644
--- a/kernel-module/xt_RTPENGINE.h
+++ b/kernel-module/xt_RTPENGINE.h
@@ -104,7 +104,8 @@ struct rtpengine_target_info {
 					rtp:1,
 					rtp_only:1,
 					do_intercept:1,
-					transcoding:1; // SSRC subst and RTP PT filtering
+					transcoding:1, // SSRC subst and RTP PT filtering
+					non_forwarding:1; // empty src/dst addr
 };
 
 struct rtpengine_call_info {