A router MUST implement support for source route options in forwarded packets. A router MAY implement a configuration option that, when enabled, causes all source-routed packets to be discarded. However, such an option MUST NOT be enabled by default.
The ability to source route datagrams through the Internet is important to various network diagnostic tools. However, source routing may be used to bypass administrative and security controls within a network. Specifically, those cases where manipulation of routing tables is used to provide administrative separation in lieu of other methods such as packet filtering may be vulnerable through source routed packets.
Packet filtering can be defeated by source routing as well, if it is applied in any router except one on the final leg of the source routed path. Neither route nor packet filters constitute a complete solution for security.