diff options
author | dhartmei <dhartmei@FreeBSD.org> | 2007-05-21 20:12:35 +0000 |
---|---|---|
committer | dhartmei <dhartmei@FreeBSD.org> | 2007-05-21 20:12:35 +0000 |
commit | b84c57b21a139d5d55f9c692860124ef63277087 (patch) | |
tree | 611c4773ab06f9f9c534fd7b47525acfb3ee6b30 /contrib/pf | |
parent | f33636c0a214a610c128fd02673596aa082687ff (diff) | |
download | FreeBSD-src-b84c57b21a139d5d55f9c692860124ef63277087.zip FreeBSD-src-b84c57b21a139d5d55f9c692860124ef63277087.tar.gz |
From OpenBSD, rev. 1.379
Document how 'allow-opts' applies to routing headers in IPv6.
MFC after: 1 week
Discussed with: mlaier
Diffstat (limited to 'contrib/pf')
-rw-r--r-- | contrib/pf/man/pf.conf.5 | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/contrib/pf/man/pf.conf.5 b/contrib/pf/man/pf.conf.5 index cf13898..0a7723c 100644 --- a/contrib/pf/man/pf.conf.5 +++ b/contrib/pf/man/pf.conf.5 @@ -1493,13 +1493,14 @@ or .Pc must match. .It Ar allow-opts -By default, packets which contain IP options are blocked. +By default, IPv4 packets with IP options or IPv6 packets with routing +extension headers are blocked. When .Ar allow-opts is specified for a .Ar pass rule, packets that pass the filter based on that rule (last matching) -do so even if they contain IP options. +do so even if they contain IP options or routing extension headers. For packets that match state, the rule that initially created the state is used. The implicit |