diff options
| author | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2007-05-08 23:38:13 +0000 |
|---|---|---|
| committer | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2007-05-08 23:38:13 +0000 |
| commit | 7a07fd3c79dc2d0c78ae604507f548980def3dbe (patch) | |
| tree | 08f9bece99f72c38cb5fa1f8be1b021219701c99 /share/man | |
| parent | 0dfd206b91ac9280864bce3f710978b93bafc300 (diff) | |
Document the fact that 'allow-opts' applies to IPv6 now as well.
ok jmc@ dhartmei@ henning@ deraadt@ claudio@
Diffstat (limited to 'share/man')
| -rw-r--r-- | share/man/man5/pf.conf.5 | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 1e5d9cc9bf8..22743d44883 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.378 2007/04/14 07:24:18 jmc Exp $ +.\" $OpenBSD: pf.conf.5,v 1.379 2007/05/08 23:38:12 mcbride Exp $ .\" .\" Copyright (c) 2002, Daniel Hartmeier .\" All rights reserved. @@ -1688,13 +1688,14 @@ pass all tos 0x10 pass all tos 16 .Ed .It Ar allow-opts -By default, packets which contain IP options are blocked. +By default, IPv4 packets with IP options or IPv6 packets with routing +extension headers are blocked. When .Ar allow-opts is specified for a .Ar pass rule, packets that pass the filter based on that rule (last matching) -do so even if they contain IP options. +do so even if they contain IP options or routing extension headers. For packets that match state, the rule that initially created the state is used. The implicit |