1*0Sstevel@tonic-gate# 2*0Sstevel@tonic-gate# get rid of all short IP fragments (too small for valid comparison) 3*0Sstevel@tonic-gate# 4*0Sstevel@tonic-gateblock in proto tcp all with short 5*0Sstevel@tonic-gate# 6*0Sstevel@tonic-gate# drop and log any IP packets with options set in them. 7*0Sstevel@tonic-gate# 8*0Sstevel@tonic-gateblock in log all with ipopts 9*0Sstevel@tonic-gate# 10*0Sstevel@tonic-gate# log packets with BOTH ssrr and lsrr set 11*0Sstevel@tonic-gate# 12*0Sstevel@tonic-gatelog in all with opt lsrr,ssrr 13*0Sstevel@tonic-gate# 14*0Sstevel@tonic-gate# drop any source routing options 15*0Sstevel@tonic-gate# 16*0Sstevel@tonic-gateblock in quick all with opt lsrr 17*0Sstevel@tonic-gateblock in quick all with opt ssrr 18