pfSense

Users frequently get tripped up by IGMP not receiving traffic because by default, firewall rules do not allow packets with IP options set.

This behavior is already noted in the documentation: https://docs.netgate.com/pfsense/en/latest/services/igmp-proxy.html#igmp-proxy

It might be more user-friendly to have an option with IGMP Proxy to automatically add pass rules on downstream interfaces which pass packets that have IP options set.

This should be off by default (opt-in), but the behavior could be handled a couple different ways:

1. A dedicated "hidden" automatic rule at the top of each downstream interface which passes these packets (risky)
2. Automatically allow IP Options on any pass rule on a downstream interface (safer)
3. Some other behavior that might be more desirable (make rule entries the user can edit? Automatic rules that match other pass rules? Something else entirely?)