DROP_ALL_IPV4OPTS=0

# set the DROP_ALL_IPV4OPTS to 1 to DROP all IPv4 options

/sbin/iptables -N DROP_IPV4OPTS

if [ ! -z $DROP_ALL_IPOPTS ] ; then

    # disallow all IPv4 options

    /sbin/iptables -A DROP_IPV4OPTS -m ipv4options --any-opt -j DROP
else

    # disallow source routed packets only

    /sbin/iptables -A DROP_IPV4OPTS -m ipv4options --ssrr -j DROP
    /sbin/iptables -A DROP_IPV4OPTS -m ipv4options --lsrr -j DROP
    /sbin/iptables -A DROP_IPV4OPTS -m ipv4options --rr   -j DROP
fi