1# 2# get rid of all short IP fragments (too small for valid comparison) 3# 4block in proto tcp all with short 5# 6# drop and log any IP packets with options set in them. 7# 8block in log all with ipopts 9# 10# log packets with BOTH ssrr and lsrr set 11# 12log in all with opt lsrr,ssrr 13# 14# drop any source routing options 15# 16block in quick all with opt lsrr 17block in quick all with opt ssrr 18