On Tuesday 2010-11-09 12:11, Fabien Danos wrote: >Hello, >I have a question about netfilter. >What is the policy of netfilter on Ip options? >It's blocked by default or it's accepted? > >For example, on packet filter on BSD, it's blocked by default. >If we want allowed it, we must use the option allow-opts. > >What is the policy of Netfilter? Netfilter modules don't care about options; and as far as Xtables is concerned, it will just execute your ruleset, so you have to put any accept and/or drop in there. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
