Project

General

Profile

Actions
Copy link

Feature #16215

closed

Allow matching on IP Options with firewall match rules

Added by Marcos M 4 months ago. Updated about 2 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Marcos M
Category:
Rules / NAT
Target version:
2.9.0
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
25.11
Release Notes:
Default

Description

Match rules now support matching traffic with "allow-opts":
https://cgit.freebsd.org/src/commit/?id=7e70d94acd68b3ac6b45f49d4ab7a0f7867c3ea7

Note that this is a "sticky" option meaning that "pass" rules inherit the "allow-opts" option from the "match" rule.

Related issues

Related to Feature #16068: Allow disabling logging of packets blocked due to unmatched IP optionsFeedbackMarcos M

Actions
Actions
Copy link
 #1

Updated by Marcos M 4 months ago

  • Related to Feature #16068: Allow disabling logging of packets blocked due to unmatched IP options added
Actions
Copy link
 #2

Updated by Marcos M 4 months ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions
Copy link
 #3

Updated by Georgiy Tyutyunnik 3 months ago

patch allows "match" rule creation with IP options enabled. resulting floating rule logs igmp traffic
tested on
25.07-DEVELOPMENT (amd64)
built on Thu May 29 19:08:00 UTC 2025
FreeBSD 15.0-CURRENT

Actions
Copy link
 #4

Updated by Georgiy Tyutyunnik 3 months ago

  • Status changed from Feedback to Resolved
Actions
Copy link
 #5

Updated by Jim Pingle 2 months ago

  • Plus Target Version changed from 25.07 to 25.11
Actions
Copy link
 #6

Updated by Marcos M about 2 months ago

  • Description updated (diff)
Actions
Copy link

Also available in: Atom PDF