From 6cde8a4235c73fc881532c41b94e45c983467961 Mon Sep 17 00:00:00 2001
From: Daniel Hartmeier <dhartmei@FreeBSD.org>
Date: Mon, 21 May 2007 20:12:35 +0000
Subject: [PATCH] From OpenBSD, rev. 1.379 Document how 'allow-opts' applies to
 routing headers in IPv6.

MFC after:	1 week
Discussed with:	mlaier
---
 contrib/pf/man/pf.conf.5 | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/contrib/pf/man/pf.conf.5 b/contrib/pf/man/pf.conf.5
index cf13898c64e2..0a7723c707ed 100644
--- a/contrib/pf/man/pf.conf.5
+++ b/contrib/pf/man/pf.conf.5
@@ -1493,13 +1493,14 @@ or
 .Pc
 must match.
 .It Ar allow-opts
-By default, packets which contain IP options are blocked.
+By default, IPv4 packets with IP options or IPv6 packets with routing
+extension headers are blocked.
 When
 .Ar allow-opts
 is specified for a
 .Ar pass
 rule, packets that pass the filter based on that rule (last matching)
-do so even if they contain IP options.
+do so even if they contain IP options or routing extension headers.
 For packets that match state, the rule that initially created the
 state is used.
 The implicit