#!/bin/bash

Me='ipopts'
MyVersion='0.1'


Action="$1"
case "$Action" in
start)
	echo "Starting $Me"
	iptables -N $Me

	#If you only want to block source routed packets, do just these:
	iptables -A $Me -m ipv4options --ssrr			-j DROP
	iptables -A $Me -m ipv4options --lsrr			-j DROP
	iptables -A $Me -m ipv4options --rr			-j DROP

	#Otherwise, to block _all_ ip options:
	iptables -A $Me -m ipv4options --any-opt		-j DROP

	iptables -A INPUT -i \! lo				-j $Me
	iptables -A FORWARD					-j $Me
	iptables -A OUTPUT					-j $Me
	;;
stop)
	echo "Stopping $Me"
	iptables -D INPUT -i \! lo				-j $Me
	iptables -D FORWARD					-j $Me
	iptables -D OUTPUT					-j $Me

	#If you only want to block source routed packets, do just these:
	iptables -D $Me -m ipv4options --ssrr			-j DROP
	iptables -D $Me -m ipv4options --lsrr			-j DROP
	iptables -D $Me -m ipv4options --rr			-j DROP

	#Otherwise, to block _all_ ip options:
	iptables -D $Me -m ipv4options --any-opt		-j DROP

	iptables -F $Me

	iptables -X $Me
	;;
esac