| pf.conf.5 (163787) | pf.conf.5 (169844) |
|---|---|
| 1.\" $FreeBSD: head/contrib/pf/man/pf.conf.5 163787 2006-10-30 15:15:37Z mlaier $ | 1.\" $FreeBSD: head/contrib/pf/man/pf.conf.5 169844 2007-05-21 20:12:35Z dhartmei $ |
| 2.\" $OpenBSD: pf.conf.5,v 1.292 2004/02/24 05:44:48 mcbride Exp $ 3.\" 4.\" Copyright (c) 2002, Daniel Hartmeier 5.\" All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: --- 1478 unchanged lines hidden (view full) --- 1488The protocol and the ICMP type indicator 1489.Po 1490.Ar icmp-type 1491or 1492.Ar icmp6-type 1493.Pc 1494must match. 1495.It Ar allow-opts | 2.\" $OpenBSD: pf.conf.5,v 1.292 2004/02/24 05:44:48 mcbride Exp $ 3.\" 4.\" Copyright (c) 2002, Daniel Hartmeier 5.\" All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: --- 1478 unchanged lines hidden (view full) --- 1488The protocol and the ICMP type indicator 1489.Po 1490.Ar icmp-type 1491or 1492.Ar icmp6-type 1493.Pc 1494must match. 1495.It Ar allow-opts |
| 1496By default, packets which contain IP options are blocked. | 1496By default, IPv4 packets with IP options or IPv6 packets with routing 1497extension headers are blocked. |
| 1497When 1498.Ar allow-opts 1499is specified for a 1500.Ar pass 1501rule, packets that pass the filter based on that rule (last matching) | 1498When 1499.Ar allow-opts 1500is specified for a 1501.Ar pass 1502rule, packets that pass the filter based on that rule (last matching) |
| 1502do so even if they contain IP options. | 1503do so even if they contain IP options or routing extension headers. |
| 1503For packets that match state, the rule that initially created the 1504state is used. 1505The implicit 1506.Ar pass 1507rule that is used when a packet does not match any rules does not 1508allow IP options. 1509.It Ar label <string> 1510Adds a label (name) to the rule, which can be used to identify the rule. --- 1373 unchanged lines hidden --- | 1504For packets that match state, the rule that initially created the 1505state is used. 1506The implicit 1507.Ar pass 1508rule that is used when a packet does not match any rules does not 1509allow IP options. 1510.It Ar label <string> 1511Adds a label (name) to the rule, which can be used to identify the rule. --- 1373 unchanged lines hidden --- |