3.51.9. IPSettings
Description
Settings related to the IP protocol.
Properties
LogCheckSumErrors
LogNonIP4
LogReceivedTTL0
Block0000Src
Block0Net
Block127Net
BlockMulticastSrc
TTLMin
TTLOnLow
TTLMinMulticast
TTLOnLowMulticast
DefaultTTL
LayerSizeConsistency
SecuRemoteUDPEncapCompat
IPOptionSizes
IPOPT_SR
IPOPT_TS
IPOPT_RTRALT
IPOPT_OTHER
DirectedBroadcasts
Log IP packets with bad checksums. (Default: Yes)
Log occurrences of non-IPv4 packets. (Default: Yes)
Log received packets with TTL=0; this should never happen!
(Default: Yes)
Block 0.0.0.0 as source address. (Default: Drop)
Block 0.* source addresses. (Default: DropLog)
Block 127.* source addresses. (Default: DropLog)
Block
multicast
(224.0.0.0--255.255.255.255). (Default: DropLog)
The minimum IP Time-To-Live value accepted on receipt.
(Default: 3)
What action to take on too low unicast TTL values. (Default:
DropLog)
The minimum IP multicast Time-To-Live value accepted on
receipt. (Default: 3)
What action to take on too low multicast TTL values.
(Default: DropLog)
The default IP Time-To-Live of packets originated by the se-
curity gateway (32-255). (Default: 255)
TCP/UDP/ICMP/etc layer data and header sizes matching
lower layer size information. (Default: ValidateLogBad)
Allow IP data to contain eight bytes more than the UDP total
length field specifies -- Checkpoint SecuRemote violates
NAT-T drafts. (Default: No)
Validity of IP header option sizes. (Default: ValidateLogBad)
How to handle IP packets with contained source or return
routes. (Default: DropLog)
How to handle IP packets with contained Timestamps.
(Default: DropLog)
How to handle IP packets with contained route alert. (Default:
ValidateLogBad)
How to handle IP options not specified above. (Default:
DropLog)
How to handle directed broadcasts being passed from one in-
terface to another. (Default: DropLog)
172
Chapter 3. Configuration Reference
source
addresses