Cisco Cisco Packet Data Gateway (PDG)
firewall validate-ip-options
This command enables / disables the Stateful Firewall validation of IP options for errors.
Product
PSF
Privilege
Security Administrator, Administrator
Command Modes
Exec > ACS Configuration > Firewall-and-NAT Policy Configuration
active-charging service service_name > fw-and-nat policy policy_name
Entering the above command sequence results in the following prompt:
[local]
host_name
(config-fw-and-nat-policy)#
Syntax Description
[ default | no ] firewall validate-ip-options
default
Configures the default setting.
Default: Disabled. Same as no firewall validate-ip-options
no
Disables validation of IP options.
Usage Guidelines
Use this command to enable / disable Stateful Firewall validation of IP options. When enabled, Stateful
Firewall will drop packets with IP option errors.
Firewall will drop packets with IP option errors.
For NAT calls, validation of IP Options is disabled.
Examples
The following command enables validation of IP options:
firewall validate-ip-options
firewall validate-ip-options
Command Line Interface Reference, Modes E - F, StarOS Release 19
1716
Firewall-and-NAT Policy Configuration Mode Commands
firewall validate-ip-options