You can disable IP forwarding with a kernel build option.

One way to turn off source routing would be with a tool like my ipfirewall
packet filtering facility (it can be told to block packets with certain IP
options set).  It is available for ftp from

    ftp://ftp.nebulus.net/pub/bsdi/security/ipfirewall_v2.0.gz

Of course, you could also change the code.  Have a look in ip_input.c and
ip_output.c for the use of the #define constants IPOPT_LSRR and IPOPT_SSRR.
These are the #define's for the two kinds of source routing.  Just insert
a goto to the "bad" label immediately after the switch statement selectors
that have these options on them and any packet with these options will be
silently dropped on the floor.  Obviously, a printf statement could be added
to make the dropping somewhat louder!

If you are worried about things like source routing then you should (and
probably are) worried about other things.  Something like ipfirewall lets
you define rules for what sort of packets are delivered to the machine
running the facility.  For example, the filter

    ipfirewall addblocking reject all ip_misc_option from 0/0 to 0/0

would reject any packet arriving on the machine which contains a source route
options (the "from 0/0 to 0/0" part says that the filter should match packets
from anywhere and to anywhere).

Another example might be to block all in-bound TCP/IP connection requests
arriving via a particular network interface:

    ipfirewall addblocking ppp1 reject tcp connection from 0/0 to 0/0

(a more selective set of filters would probably be used in 'real life' to
only allow in certain kinds of sessions).  Note that this approach of focusing
on TCP/IP connection request is far more secure than just checking port
numbers.

-Danny