]> git.ipfire.org Git - thirdparty/iptables.git/commitdiff
projects / thirdparty / iptables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 561e90e)
Adds missing FIN to mask part generated by '--syn' of libip6t_tcp
authorYasuyuki KOZAKAI <yasuyuki@netfilter.org>
Mon, 16 Jul 2007 10:07:30 +0000 (10:07 +0000)
committerYasuyuki KOZAKAI <yasuyuki@netfilter.org>
Mon, 16 Jul 2007 10:07:30 +0000 (10:07 +0000)
extensions/libip6t_tcp.c patch | blob | blame | history
extensions/libip6t_tcp.man patch | blob | blame | history

diff --git a/extensions/libip6t_tcp.c b/extensions/libip6t_tcp.c
index 734387c4387807ac4528d627e061a9696079d9af..c2a84e14d0be78f7b409e6580bfe3ea0a40bc9f9 100644 (file)
--- a/extensions/libip6t_tcp.c
+++ b/extensions/libip6t_tcp.c
@@ -181,7 +181,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
                        exit_error(PARAMETER_PROBLEM,
                                   "Only one of `--syn' or `--tcp-flags' "
                                   " allowed");
-               parse_tcp_flags(tcpinfo, "SYN,RST,ACK", "SYN", invert);
+               parse_tcp_flags(tcpinfo, "SYN,RST,ACK,FIN", "SYN", invert);
                *flags |= TCP_FLAGS;
                break;
 
diff --git a/extensions/libip6t_tcp.man b/extensions/libip6t_tcp.man
index e94566cf899b23f18c01982459915e2c770a777f..31cc493d8f58da21c9a7c02bdca67b666ef6536d 100644 (file)
--- a/extensions/libip6t_tcp.man
+++ b/extensions/libip6t_tcp.man
@@ -37,7 +37,7 @@ cleared.  Such packets are used to request TCP connection initiation;
 for example, blocking such packets coming in an interface will prevent
 incoming TCP connections, but outgoing TCP connections will be
 unaffected.
-It is equivalent to \fB--tcp-flags SYN,RST,ACK SYN\fP.
+It is equivalent to \fB--tcp-flags SYN,RST,ACK,FIN SYN\fP.
 If the "!" flag precedes the "--syn", the sense of the
 option is inverted.
 .TP
Mirror of git://git.netfilter.org/iptables