1Author: Fabrice MARIE <fabrice@netfilter.org> 2Status: experimental 3 4This option adds CONFIG_IP_NF_MATCH_IPV4OPTIONS, 5which supplies ip options match. 6 7Suppported options are: 8--ssrr 9 To match packets with the flag strict source routing. 10--lsrr 11 To match packets with the flag loose source routing. 12--no-srr 13 To match packets with no flag for source routing. 14[!] --rr 15 To match packets with the RR flag. 16[!] --ts 17 To match packets with the TS flag. 18[!] --ra 19 To match packets with the router-alert option. 20[!] --any-opt 21 To match a packet with at least one IP option, or no IP option 22 at all if ! is chosen. 23 24Example: 25 $ iptables -A input -m ipv4options --rr -j DROP 26 will drop packets with the record-route flag. 27 28 $ iptables -A input -m ipv4options --ts -j DROP 29 will drop packets with the timestamp flag. 30 31Bug ? 32 I tested --ts and --rr, but not source routing issues, nor the router-alert 33 since I don't know enough about them. So please let me know if it works or 34 doesn't work :) 35