From OpenBSD, rev. 1.379

Document how 'allow-opts' applies to routing headers in IPv6. MFC after: 1 week Discussed with: mlaier
author: dhartmei <dhartmei@FreeBSD.org> 2007-05-21 20:12:35 +0000
committer: dhartmei <dhartmei@FreeBSD.org> 2007-05-21 20:12:35 +0000
commit: b84c57b21a139d5d55f9c692860124ef63277087 (patch)
tree: 611c4773ab06f9f9c534fd7b47525acfb3ee6b30 /contrib/pf
parent: f33636c0a214a610c128fd02673596aa082687ff (diff)
download: FreeBSD-src-b84c57b21a139d5d55f9c692860124ef63277087.zip
FreeBSD-src-b84c57b21a139d5d55f9c692860124ef63277087.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/contrib/pf/man/pf.conf.5 b/contrib/pf/man/pf.conf.5
index cf13898..0a7723c 100644
--- a/contrib/pf/man/pf.conf.5
+++ b/contrib/pf/man/pf.conf.5
@@ -1493,13 +1493,14 @@ or
 .Pc
 must match.
 .It Ar allow-opts
-By default, packets which contain IP options are blocked.
+By default, IPv4 packets with IP options or IPv6 packets with routing
+extension headers are blocked.
 When
 .Ar allow-opts
 is specified for a
 .Ar pass
 rule, packets that pass the filter based on that rule (last matching)
-do so even if they contain IP options.
+do so even if they contain IP options or routing extension headers.
 For packets that match state, the rule that initially created the
 state is used.
 The implicit
author	dhartmei <dhartmei@FreeBSD.org>	2007-05-21 20:12:35 +0000
committer	dhartmei <dhartmei@FreeBSD.org>	2007-05-21 20:12:35 +0000
commit	b84c57b21a139d5d55f9c692860124ef63277087 (patch)
tree	611c4773ab06f9f9c534fd7b47525acfb3ee6b30 /contrib/pf
parent	f33636c0a214a610c128fd02673596aa082687ff (diff)
download	FreeBSD-src-b84c57b21a139d5d55f9c692860124ef63277087.zip FreeBSD-src-b84c57b21a139d5d55f9c692860124ef63277087.tar.gz