3.55.11. IPSettings
3.55.11. IPSettings
Description
Settings related to the IP protocol.
Properties
LogCheckSumErrors
LogNonIP4
LogReceivedTTL0
Log0000Src
Block0Net
Block127Net
BlockMulticastSrc
TTLMin
TTLOnLow
TTLMinMulticast
TTLOnLowMulticast
DefaultTTL
LayerSizeConsistency
SecuRemoteUDPEncapCompat
IPOptionSizes
IPOPT_SR
Note
This object type does not have an identifier and is identified by the name of the type
only. There can only be one instance of this type.
(Default: No)
Log IP packets with bad checksums. (Default: Yes)
Log occurrences of non-IPv4 packets. (Default: Yes)
Log received packets with TTL=0; this should never happen!
(Default: Yes)
Log invalid 0.0.0.0 source address. (Default: Drop)
Block 0.* source addresses. (Default: DropLog)
Block 127.* source addresses. (Default: DropLog)
Block
multicast
(224.0.0.0--255.255.255.255). (Default: DropLog)
The minimum IP Time-To-Live value accepted on receipt.
(Default: 3)
What action to take on too low unicast TTL values. (Default:
DropLog)
The minimum IP multicast Time-To-Live value accepted on
receipt. (Default: 3)
What action to take on too low multicast TTL values.
(Default: DropLog)
The default IP Time-To-Live of packets originated by the se-
curity gateway (32-255). (Default: 255)
TCP/UDP/ICMP/etc layer data and header sizes matching
lower layer size information. (Default: ValidateLogBad)
Allow IP data to contain eight bytes more than the UDP total
length field specifies -- Checkpoint SecuRemote violates
NAT-T drafts. (Default: No)
Validity of IP header option sizes. (Default: ValidateLogBad)
How to handle IP packets with contained source or return
routes. (Default: DropLog)
193
Chapter 3. Configuration Reference
source
addresses