D-Link NetDefend DFL-210 User Manual page 256

LayerSizeConsistency
Default: 255
LayerSizeConsistency
Verifies that the size information contained in each "layer" (Ethernet, IP, TCP, UDP, ICMP) is con-
sistent with that of other layers.
Default: ValidateLogBad
IPOptionSizes
Verifies the size of "IP options". These options are small blocks of information that may be added to
the end of each IP header. This function checks the size of well-known option types and ensures that
no option exceeds the size limit stipulated by the IP header itself.
Default: ValidateLogBad
IPOPT_SR
Indicates whether source routing options are to be permitted. These options allow the sender of the
packet to control how the packet is to be routed through each router and firewall. These constitute an
enormous security risk. NetDefendOS never obeys the source routes specified by these options, re-
gardless of this setting.
Default: DropLog
IPOPT_TS
Time stamp options instruct each router and firewall on the packet's route to indicate at what time
the packet was forwarded along the route. These options do not occur in normal traffic. Time stamps
may also be used to "record" the route a packet has taken from sender to final destination. NetDe-
fendOS never enters information into these options, regardless of this setting.
Default: DropLog
IPOPT_OTHER
All options other than those specified above.
Default: DropLog
DirectedBroadcasts
Indicates whether NetDefendOS will forward packets which are directed to the broadcast address of
its directly connected networks. It is possible to achieve this functionality by adding lines to the
Rules section, but it is also included here for simplicity's sake. This form of validation is faster than
entries in the Rules section since it is more specialized.
Default: DropLog
IPRF
Indicates what NetDefendOS will do if there is data in the "reserved" fields of IP headers. In normal
circumstances, these fields should read 0. Used by OS Fingerprinting.
Default: DropLog
StripDFOnSmall
243
Chapter 13. Advanced Settings