| Filter | meaning |
| Tn[-ip4][-ip6] | Set routing table for payload traffic. This can be used for private routing, and for walled garden / credit control. The optional IP addresses specify the payload-source-ip. |
| Rn | Restrict - specifies that this connection is a member of a closed user group n (1-32767) and is restricted to sending traffic only to/from connections in the same CUG. |
| An | Allow - specifies that this connection is a member of a closed user group n (1-32767), but it also has normal IP access as well. Traffic can go to/from connections that have no CUG or whose CUG is the same. But it won't be able to send traffic to restricted connections in a different CUG. |
| H | Sets the connection to send HDLC framing headers on all PPP packets. This adds 2 extra byte to the packet. This is the default setting. |
| h | Sets the connection not to send HDLC framing headers on all PPP packets. This is in accordance with the L2TP/PPP RFCs. This does not work on BT 21CN BRASs. |
| F | Sets TCP MTU fix flag which causes the MTU option in TCP SYN to be adjusted if necessary to fit MTU. |
| f | Sets no TCP MTU fix |
| M | Sets the connection to ignore the MRU. Actually, the MRU is used to generate ICMP errors for IPv6 and IPv4 with DF set, but otherwise full size packets are sent on the connection even if a lower MRU was advised. This is in accordance with the PPP RFC but breaks some routers that do not accept 1500 byte packets (e.g. PPPoE) |
| m | Sets the connection to fragment IPv4 packets with DF not set that are too big for the advised MRU. This is the default |
| L | This is not a filter and not confirmed back on accounting start and not valid on Change of Authorisation. It forces a restart of LCP negotiation. This is useful when BRASs lie about negotiated LCP (such as BTs 21CN BRASs) |
| l | This is not a filter and not confirmed back on accounting start and not valid on Change of Authorisation. It stops an LCP negotiation restart that may be planned, e.g. due to an MRU mismatch. |
| X | Pad packets to 74 bytes if length fields appears to be less - needed to work around bug in BT 20CN BRAS for IPv6 in IP over LCP mode |
| C | Send all IPv4 and IPv6 using the LCP type code (only works if FireBrick doing PPP at far end) |
| I | Mark session isolated from other L2TP sessions (no direct packets from other L2TP sessions allowed) |
| J | Mark session for latency adjust on bonding (adds half round trip latency to bonding calculations) |
| O | Mark session as low-priority (see shaper and damping) |
| P | Mark session as premium (see shaper and damping) |
| D | Mark session as blackhole (Normal IPv4/IPv6 routes are announced as black hole routes, and any BGP is not restricted to local-as, etc. Does not apply to 6over4 routes) |
| d | Mark session as not blackhole |
| b | Disable anti-spoofing source filtering |
| Sn | Set LCP echo rate to n seconds (default 1) |
| sn | Set LCP timeout rate to n seconds (default 10) |
| q[+]n | Specify [or add to] quota for tx bytes. Use either q or Q. Action depends on Terminate-Action. |
| Q[+]n | Specify [or add to] quota for total (tx+rx) bytes. |
