IP6OPT_JUMBO Validate jumbogram packets. (Default:
ValidateLog)
IP6OPT_RA Validate Router Alert packets. (Default: Ignore)
IP6OPT_HA Validate Home Address option packets. (Default:
Ignore)
IP6OPT_OTH Validate unknown option types. (Default:
RFC2460Log)
IP6_RH0 Validate routing header type 0 option. (Default:
RFC5095NoSupportLog)
IP6_RH2 Validate routing header type 2 option. (Default:
RFC2460NoSupportLog)
IP6_RHOther Validate routing header other than type 0 or 2
option. (Default: RFC2460NoSupportLog)
IP6OnLocalUnrecognizedHdr How to handle packets destined to the SGW with
unrecognized IPV6 headers. (Default: DropLog)
LogCheckSumErrors Log IP packets with bad checksums. (Default: Yes)
LogNonIPv4IPv6 Log occurrences of non-IPv4/IPv6 packets. (Default:
Yes)
LogReceivedTTL0 Log received packets with TTL=0; this should never
happen! (Default: Yes)
LogOnForwardTTL0 Log any attempts of forwarding IPv4 packets with
TTL=0 destined for outside the firewall; this should
never happen! (Default: DropLog)
Log0000Src Log invalid 0.0.0.0 source address. (Default: Drop)
Block0Net Block 0.* source addresses. (Default: DropLog)
Block127Net Block 127.* source addresses. (Default: DropLog)
BlockMulticastSrc Block multicast source addresses
(224.0.0.0--239.255.255.255). (Default: DropLog)
TTLMin The minimum IP Time-To-Live value accepted on
receipt. (Default: 3)
TTLOnLow What action to take on too low unicast TTL values.
(Default: DropLog)
TTLMinMulticast The minimum IP multicast Time-To-Live value
accepted on receipt. (Default: 3)
TTLOnLowMulticast What action to take on too low multicast TTL
values. (Default: DropLog)
DefaultTTL The default IP Time-To-Live of packets originated
by the firewall (32-255). (Default: 255)
LayerSizeConsistency TCP/UDP/ICMP/etc layer data and header sizes
matching lower layer size information. (Default:
ValidateLogBad)
Chapter 3: Configuration Reference
225
To Next Page
Loading...
