diff options
| author |   mcbride <mcbride@openbsd.org> | 2007-05-08 23:38:12 +0000 |
|---|---|---|
| committer | mcbride <mcbride@openbsd.org> | 2007-05-08 23:38:12 +0000 |
| commit | 8d2ed2458592f98febbc07686f39dfb0c8f7624a (patch) | |
| tree | 046db6f8f5450f798555bdcf2176dc02b401218d | |
| parent | block ALL packets with rthdr0 in pf_test6(). We already do this (diff) | |
| download | wireguard-openbsd-8d2ed2458592f98febbc07686f39dfb0c8f7624a.tar.xz wireguard-openbsd-8d2ed2458592f98febbc07686f39dfb0c8f7624a.zip | |
Document the fact that 'allow-opts' applies to IPv6 now as well.
ok jmc@ dhartmei@ henning@ deraadt@ claudio@
| -rw-r--r-- | share/man/man5/pf.conf.5 | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 1e5d9cc9bf8..22743d44883 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.378 2007/04/14 07:24:18 jmc Exp $ +.\" $OpenBSD: pf.conf.5,v 1.379 2007/05/08 23:38:12 mcbride Exp $ .\" .\" Copyright (c) 2002, Daniel Hartmeier .\" All rights reserved. @@ -1688,13 +1688,14 @@ pass all tos 0x10 pass all tos 16 .Ed .It Ar allow-opts -By default, packets which contain IP options are blocked. +By default, IPv4 packets with IP options or IPv6 packets with routing +extension headers are blocked. When .Ar allow-opts is specified for a .Ar pass rule, packets that pass the filter based on that rule (last matching) -do so even if they contain IP options. +do so even if they contain IP options or routing extension headers. For packets that match state, the rule that initially created the state is used. The implicit |