include FIN bit in mask of "--syn" bits

diff --git a/extensions/libipt_tcp.c b/extensions/libipt_tcp.c
index 6f9ea06aba54a0319adf48e127aeedbab235aee3..f8ed249aa029271b987427a2301c86a661a68cb2 100644 (file)
--- a/extensions/libipt_tcp.c
+++ b/extensions/libipt_tcp.c
@@ -205,7 +205,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
                        exit_error(PARAMETER_PROBLEM,
                                   "Only one of `--syn' or `--tcp-flags' "
                                   " allowed");
-               parse_tcp_flags(tcpinfo, "SYN,RST,ACK", "SYN", invert);
+               parse_tcp_flags(tcpinfo, "SYN,RST,ACK,FIN", "SYN", invert);
                *flags |= TCP_FLAGS;
                break;
 

diff --git a/extensions/libipt_tcp.man b/extensions/libipt_tcp.man
index 48a068fa4885d8f9a6656d9b9f6d1fb20b99a751..e1f440570956edd42fe4ab63d95e508e2e93f21b 100644 (file)
--- a/extensions/libipt_tcp.man
+++ b/extensions/libipt_tcp.man
@@ -32,12 +32,12 @@ will only match packets with the SYN flag set, and the ACK, FIN and
 RST flags unset.
 .TP
 .B "[!] --syn"
-Only match TCP packets with the SYN bit set and the ACK and RST bits
+Only match TCP packets with the SYN bit set and the ACK,RST and FIN bits
 cleared.  Such packets are used to request TCP connection initiation;
 for example, blocking such packets coming in an interface will prevent
 incoming TCP connections, but outgoing TCP connections will be
 unaffected.
-It is equivalent to \fB--tcp-flags SYN,RST,ACK SYN\fP.
+It is equivalent to \fB--tcp-flags SYN,RST,ACK,FIN SYN\fP.
 If the "!" flag precedes the "--syn", the sense of the
 option is inverted.
 .TP