Re: [m0n0wall-dev] Blocking incoming packets with IP Options

From:	Dinesh Nair <dinesh at alphaque dot com>
To:	Bjoern Euler <lists at edain dot de>
Cc:	MonoWall-Developers List <m0n0wall dash dev at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall-dev] Blocking incoming packets with IP Options
Date:	Tue, 24 Oct 2006 17:30:41 +0800

On 10/18/06 01:23 Bjoern Euler said the following:
> This rule is also used in the freebsd handbook (1) together with some 
> other "different nasty things"

thanx for the pointer, bjorn.

> One reason for using this rule may be that in most cases applications 
> don't use it, especially the source routing features.

however, multicasting applications use it, and when m0n0wall is used as a 
router, this rule effective denies multicasting apps traffic.

one suggestion would be to include an option to turn off this default rule 
being added in the webGUI. is this acceptable ?

-- 
Regards,                           /\_/\   "All dogs go to heaven."
dinesh at alphaque dot com                (0 0)   http://www.openmalaysiablog.com/
+==========================----oOO--(_)--OOo----==========================+
| for a in past present future; do                                        |
|   for b in clients employers associates relatives neighbours pets; do   |
|   echo "The opinions here in no way reflect the opinions of my $a $b."  |
| done; done                                                              |
+=========================================================================+