If set to discard(1), all packets not matching an IP filter
will be discarded. If set to accept(2), all packets not
matching an IP filter will be accepted for further
processing (e.g., bridging).
At initial system startup, this object returns accept(2).