diff options
| author | Darren Reed <darrenr@FreeBSD.org> | 1997-02-09 22:50:16 +0000 |
|---|---|---|
| committer | Darren Reed <darrenr@FreeBSD.org> | 1997-02-09 22:50:16 +0000 |
| commit | b4ebec5bf8828aa1cc3f5a1a50faf812b5b6ba48 (patch) | |
| tree | 93c7db298b1fd70f9e27663b3fd527da063d0008 /contrib/ipfilter/rules/example.12 | |
| download | src-test2-b4ebec5bf8828aa1cc3f5a1a50faf812b5b6ba48.tar.gz src-test2-b4ebec5bf8828aa1cc3f5a1a50faf812b5b6ba48.zip | |
Import IP Filter v3.1.7 into FreeBSD treevendor/ipfilter/3.1.7
Notes
Notes:
svn path=/vendor/ipfilter/dist/; revision=22514
svn path=/vendor/ipfilter/3.1.7/; revision=22516; tag=vendor/ipfilter/3.1.7
Diffstat (limited to 'contrib/ipfilter/rules/example.12')
| -rw-r--r-- | contrib/ipfilter/rules/example.12 | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/contrib/ipfilter/rules/example.12 b/contrib/ipfilter/rules/example.12 new file mode 100644 index 000000000000..c0ba1d3cdda1 --- /dev/null +++ b/contrib/ipfilter/rules/example.12 @@ -0,0 +1,17 @@ +# +# get rid of all short IP fragments (too small for valid comparison) +# +block in proto tcp all with short +# +# drop and log any IP packets with options set in them. +# +block in log all with ipopts +# +# log packets with BOTH ssrr and lsrr set +# +log in all with opt lsrr,ssrr +# +# drop any source routing options +# +block in quick all with opt lsrr +block in quick all with opt ssrr |