[netfilter-cvslog] r6908 - trunk/iptables/extensions
yasuyuki at netfilter.org
yasuyuki at netfilter.org
Mon Jul 16 13:25:27 CEST 2007
Author: yasuyuki at netfilter.org
Date: 2007-07-16 13:25:27 +0200 (Mon, 16 Jul 2007)
New Revision: 6908
Modified:
trunk/iptables/extensions/libip6t_tcp.c
trunk/iptables/extensions/libip6t_tcp.man
trunk/iptables/extensions/libipt_tcp.c
Log:
Adds missing explanations about FIN in mask part of '--syn' in libip[6]_tcp.c
and libip6t_tcp.man.
Modified: trunk/iptables/extensions/libip6t_tcp.c
===================================================================
--- trunk/iptables/extensions/libip6t_tcp.c 2007-07-16 10:07:30 UTC (rev 6907)
+++ trunk/iptables/extensions/libip6t_tcp.c 2007-07-16 11:25:27 UTC (rev 6908)
@@ -16,7 +16,7 @@
" --tcp-flags [!] mask comp match when TCP flags & mask == comp\n"
" (Flags: SYN ACK FIN RST URG PSH ALL NONE)\n"
"[!] --syn match when only SYN flag set\n"
-" (equivalent to --tcp-flags SYN,RST,ACK SYN)\n"
+" (equivalent to --tcp-flags SYN,RST,ACK,FIN SYN)\n"
" --source-port [!] port[:port]\n"
" --sport ...\n"
" match source port(s)\n"
Modified: trunk/iptables/extensions/libip6t_tcp.man
===================================================================
--- trunk/iptables/extensions/libip6t_tcp.man 2007-07-16 10:07:30 UTC (rev 6907)
+++ trunk/iptables/extensions/libip6t_tcp.man 2007-07-16 11:25:27 UTC (rev 6908)
@@ -32,7 +32,7 @@
RST flags unset.
.TP
.B "[!] --syn"
-Only match TCP packets with the SYN bit set and the ACK and RST bits
+Only match TCP packets with the SYN bit set and the ACK,RST and FIN bits
cleared. Such packets are used to request TCP connection initiation;
for example, blocking such packets coming in an interface will prevent
incoming TCP connections, but outgoing TCP connections will be
Modified: trunk/iptables/extensions/libipt_tcp.c
===================================================================
--- trunk/iptables/extensions/libipt_tcp.c 2007-07-16 10:07:30 UTC (rev 6907)
+++ trunk/iptables/extensions/libipt_tcp.c 2007-07-16 11:25:27 UTC (rev 6908)
@@ -16,7 +16,7 @@
" --tcp-flags [!] mask comp match when TCP flags & mask == comp\n"
" (Flags: SYN ACK FIN RST URG PSH ALL NONE)\n"
"[!] --syn match when only SYN flag set\n"
-" (equivalent to --tcp-flags SYN,RST,ACK SYN)\n"
+" (equivalent to --tcp-flags SYN,RST,ACK,FIN SYN)\n"
" --source-port [!] port[:port]\n"
" --sport ...\n"
" match source port(s)\n"
More information about the netfilter-cvslog
mailing list