1*7c478bd9Sstevel@tonic-gate# 2*7c478bd9Sstevel@tonic-gate# get rid of all short IP fragments (too small for valid comparison) 3*7c478bd9Sstevel@tonic-gate# 4*7c478bd9Sstevel@tonic-gateblock in proto tcp all with short 5*7c478bd9Sstevel@tonic-gate# 6*7c478bd9Sstevel@tonic-gate# drop and log any IP packets with options set in them. 7*7c478bd9Sstevel@tonic-gate# 8*7c478bd9Sstevel@tonic-gateblock in log all with ipopts 9*7c478bd9Sstevel@tonic-gate# 10*7c478bd9Sstevel@tonic-gate# log packets with BOTH ssrr and lsrr set 11*7c478bd9Sstevel@tonic-gate# 12*7c478bd9Sstevel@tonic-gatelog in all with opt lsrr,ssrr 13*7c478bd9Sstevel@tonic-gate# 14*7c478bd9Sstevel@tonic-gate# drop any source routing options 15*7c478bd9Sstevel@tonic-gate# 16*7c478bd9Sstevel@tonic-gateblock in quick all with opt lsrr 17*7c478bd9Sstevel@tonic-gateblock in quick all with opt ssrr 18