* Matthieu Herrb <[email protected]> [2016-11-05 14:56]: > 14:20:12.255774 rule 1/(ip-option) pass in on bge0: aaa.bbb.ccc.ddd > > 224.0.0.1: igmp query [tos 0xc0] [ttl 1] ^^^^^^^^^ blocked and logged.
allow-opts
By default, IPv4 packets with IP options or IPv6 packets with
routing extension headers are blocked. When allow-opts is
specified for a pass rule, packets that pass the filter based on
that rule (last matching) do so even if they contain IP options
or routing extension headers. For packets that match state, the
rule that initially created the state is used. The implicit pass
rule that is used when a packet does not match any rules does not
allow IP options.
--
Henning Brauer, [email protected], [email protected]
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/
signature.asc
Description: PGP signature
