[netfilter-cvslog] r6907 - trunk/iptables/extensions
yasuyuki at netfilter.org
yasuyuki at netfilter.org
Mon Jul 16 12:07:30 CEST 2007
Author: yasuyuki at netfilter.org
Date: 2007-07-16 12:07:30 +0200 (Mon, 16 Jul 2007)
New Revision: 6907
Modified:
trunk/iptables/extensions/libip6t_tcp.c
trunk/iptables/extensions/libip6t_tcp.man
Log:
Adds missing FIN to mask part generated by '--syn' of libip6t_tcp
Modified: trunk/iptables/extensions/libip6t_tcp.c
===================================================================
--- trunk/iptables/extensions/libip6t_tcp.c 2007-07-15 17:13:24 UTC (rev 6906)
+++ trunk/iptables/extensions/libip6t_tcp.c 2007-07-16 10:07:30 UTC (rev 6907)
@@ -181,7 +181,7 @@
exit_error(PARAMETER_PROBLEM,
"Only one of `--syn' or `--tcp-flags' "
" allowed");
- parse_tcp_flags(tcpinfo, "SYN,RST,ACK", "SYN", invert);
+ parse_tcp_flags(tcpinfo, "SYN,RST,ACK,FIN", "SYN", invert);
*flags |= TCP_FLAGS;
break;
Modified: trunk/iptables/extensions/libip6t_tcp.man
===================================================================
--- trunk/iptables/extensions/libip6t_tcp.man 2007-07-15 17:13:24 UTC (rev 6906)
+++ trunk/iptables/extensions/libip6t_tcp.man 2007-07-16 10:07:30 UTC (rev 6907)
@@ -37,7 +37,7 @@
for example, blocking such packets coming in an interface will prevent
incoming TCP connections, but outgoing TCP connections will be
unaffected.
-It is equivalent to \fB--tcp-flags SYN,RST,ACK SYN\fP.
+It is equivalent to \fB--tcp-flags SYN,RST,ACK,FIN SYN\fP.
If the "!" flag precedes the "--syn", the sense of the
option is inverted.
.TP
More information about the netfilter-cvslog
mailing list