DropLog)
IP6ValidateSyntax
Validate ipv6 syntax violation. (Default: ValidateLo-
gBad)
IP6OPT_PADN
Validate when ipv6 padn option data fields are non-
zero. (Default: StripLog)
IP6OPT_JUMBO
Validate jumbogram packets. (Default: ValidateLog)
IP6OPT_RA
Validate Router Alert packets. (Default: Ignore)
IP6OPT_HA
Validate Home Address option packets. (Default: Ig-
nore)
IP6OPT_OTH
Validate unknown option types. (Default:
RFC2460NoSupportLog)
IP6_RH0
Validate routing header type 0 option. (Default:
RFC5095NoSupportLog)
IP6_RH2
Validate routing header type 2 option. (Default:
RFC2460NoSupportLog)
IP6_RHOther
Validate routing header other than type 0 or 2 op-
tion. (Default: RFC2460NoSupportLog)
LogCheckSumErrors
Log IP packets with bad checksums. (Default: Yes)
LogNonIPv4IPv6
Log occurrences of non-IPv4/IPv6 packets. (Default:
Yes)
LogReceivedTTL0
Log received packets with TTL=0; this should never
happen! (Default: Yes)
Log0000Src
Log invalid 0.0.0.0 source address. (Default: Drop)
Block0Net
Block 0.* source addresses. (Default: DropLog)
Block127Net
Block 127.* source addresses. (Default: DropLog)
BlockMulticastSrc
Block multicast source addresses
(224.0.0.0--255.255.255.255). (Default: DropLog)
TTLMin
The minimum IP Time-To-Live value accepted on
receipt. (Default: 3)
TTLOnLow
What action to take on too low unicast TTL values.
(Default: DropLog)
TTLMinMulticast
The minimum IP multicast Time-To-Live value ac-
cepted on receipt. (Default: 3)
TTLOnLowMulticast
What action to take on too low multicast TTL val-
ues. (Default: DropLog)
DefaultTTL
The default IP Time-To-Live of packets originated
by the security gateway (32-255). (Default: 255)
LayerSizeConsistency
TCP/UDP/ICMP/etc layer data and header sizes
matching lower layer size information. (Default:
ValidateLogBad)
SecuRemoteUDPEncapCompat
Allow IP data to contain eight bytes more than the
3.52.10. IPSettings Chapter 3. Configuration Reference
179
To Next Page
Loading...
