libxt_recent: do allow --rttl for --update

Tony Ho noticed a too-strict check in xt_recent, so here is a fix.

Reported-by: Tony Ho <iptables@iblink.com.cn>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>

diff --git a/extensions/libipt_recent.c b/extensions/libipt_recent.c
index 94f246a69c25cc989032ecb74068887f7f2e0f1a..7281fe5fee7db651006b16d9e13b50146cfb7446 100644 (file)
--- a/extensions/libipt_recent.c
+++ b/extensions/libipt_recent.c
@@ -165,7 +165,7 @@ static void recent_check(unsigned int flags)
                        "recent: you must specify one of `--set', `--rcheck' "
                        "`--update' or `--remove'");
        if ((flags & IPT_RECENT_TTL) &&
-           (flags & (IPT_RECENT_SET | IPT_RECENT_REMOVE | IPT_RECENT_UPDATE)))
+           (flags & (IPT_RECENT_SET | IPT_RECENT_REMOVE)))
                exit_error(PARAMETER_PROBLEM,
                           "recent: --rttl may only be used with --rcheck or "
                           "--update");

diff --git a/extensions/libipt_recent.man b/extensions/libipt_recent.man
index 02432bac20abf8638fb4ecbc05317b7948dc3c25..d5bdaa0b06fbb8e4ed0f3d43f267ab87163cd8f6 100644 (file)
--- a/extensions/libipt_recent.man
+++ b/extensions/libipt_recent.man
@@ -50,7 +50,7 @@ than or equal to the given value. This option may be used along with
 number of hits within a specific time frame.
 .TP
 \fB--rttl\fR
-This option must be used in conjunction with one of \fB--rcheck\fR or
+This option may only be used in conjunction with one of \fB--rcheck\fR or
 \fB--update\fR. When used, this will narrow the match to only happen
 when the address is in the list and the TTL of the current packet
 matches that of the packet which hit the \fB--set\fR rule. This may be