From b84c57b21a139d5d55f9c692860124ef63277087 Mon Sep 17 00:00:00 2001
From: dhartmei <dhartmei@FreeBSD.org>
Date: Mon, 21 May 2007 20:12:35 +0000
Subject: From OpenBSD, rev. 1.379 Document how 'allow-opts' applies to routing
 headers in IPv6.

MFC after:	1 week
Discussed with:	mlaier
---
 contrib/pf/man/pf.conf.5 | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'contrib/pf')

diff --git a/contrib/pf/man/pf.conf.5 b/contrib/pf/man/pf.conf.5
index cf13898..0a7723c 100644
--- a/contrib/pf/man/pf.conf.5
+++ b/contrib/pf/man/pf.conf.5
@@ -1493,13 +1493,14 @@ or
 .Pc
 must match.
 .It Ar allow-opts
-By default, packets which contain IP options are blocked.
+By default, IPv4 packets with IP options or IPv6 packets with routing
+extension headers are blocked.
 When
 .Ar allow-opts
 is specified for a
 .Ar pass
 rule, packets that pass the filter based on that rule (last matching)
-do so even if they contain IP options.
+do so even if they contain IP options or routing extension headers.
 For packets that match state, the rule that initially created the
 state is used.
 The implicit
-- 
cgit v1.1