[ previous ] [ next ] [ threads ]
 
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  P Lecheler <lecheler at technologist dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Rules to block packets with IP options
 Date:  Tue, 24 Feb 2004 19:30:02 +0100
On 24.02.2004 09:24 -0500, P Lecheler wrote:

> I an looking for a way to create a firewall rule to block and/or
> reject packets coming from the WAN with IP options set in the
> packet.  Specifically, I want to discard packets with LSRR (Lose
> Source Route), SSRR (Strict Source Route), RA (Router Alert), and
> RR (Record Route) options set in the packet.  

m0n0wall does that per default:

@2 block in log quick from any to any with short
@3 block in log quick from any to any with ipopt

Greets,

Manuel