[netfilter-cvslog] r6908 - trunk/iptables/extensions

yasuyuki at netfilter.org yasuyuki at netfilter.org
Mon Jul 16 13:25:27 CEST 2007


Author: yasuyuki at netfilter.org
Date: 2007-07-16 13:25:27 +0200 (Mon, 16 Jul 2007)
New Revision: 6908

Modified:
   trunk/iptables/extensions/libip6t_tcp.c
   trunk/iptables/extensions/libip6t_tcp.man
   trunk/iptables/extensions/libipt_tcp.c
Log:
Adds missing explanations about FIN in mask part of '--syn' in libip[6]_tcp.c
and libip6t_tcp.man.


Modified: trunk/iptables/extensions/libip6t_tcp.c
===================================================================
--- trunk/iptables/extensions/libip6t_tcp.c	2007-07-16 10:07:30 UTC (rev 6907)
+++ trunk/iptables/extensions/libip6t_tcp.c	2007-07-16 11:25:27 UTC (rev 6908)
@@ -16,7 +16,7 @@
 " --tcp-flags [!] mask comp	match when TCP flags & mask == comp\n"
 "				(Flags: SYN ACK FIN RST URG PSH ALL NONE)\n"
 "[!] --syn			match when only SYN flag set\n"
-"				(equivalent to --tcp-flags SYN,RST,ACK SYN)\n"
+"				(equivalent to --tcp-flags SYN,RST,ACK,FIN SYN)\n"
 " --source-port [!] port[:port]\n"
 " --sport ...\n"
 "				match source port(s)\n"

Modified: trunk/iptables/extensions/libip6t_tcp.man
===================================================================
--- trunk/iptables/extensions/libip6t_tcp.man	2007-07-16 10:07:30 UTC (rev 6907)
+++ trunk/iptables/extensions/libip6t_tcp.man	2007-07-16 11:25:27 UTC (rev 6908)
@@ -32,7 +32,7 @@
 RST flags unset.
 .TP
 .B "[!] --syn"
-Only match TCP packets with the SYN bit set and the ACK and RST bits
+Only match TCP packets with the SYN bit set and the ACK,RST and FIN bits
 cleared.  Such packets are used to request TCP connection initiation;
 for example, blocking such packets coming in an interface will prevent
 incoming TCP connections, but outgoing TCP connections will be

Modified: trunk/iptables/extensions/libipt_tcp.c
===================================================================
--- trunk/iptables/extensions/libipt_tcp.c	2007-07-16 10:07:30 UTC (rev 6907)
+++ trunk/iptables/extensions/libipt_tcp.c	2007-07-16 11:25:27 UTC (rev 6908)
@@ -16,7 +16,7 @@
 " --tcp-flags [!] mask comp	match when TCP flags & mask == comp\n"
 "				(Flags: SYN ACK FIN RST URG PSH ALL NONE)\n"
 "[!] --syn			match when only SYN flag set\n"
-"				(equivalent to --tcp-flags SYN,RST,ACK SYN)\n"
+"				(equivalent to --tcp-flags SYN,RST,ACK,FIN SYN)\n"
 " --source-port [!] port[:port]\n"
 " --sport ...\n"
 "				match source port(s)\n"




More information about the netfilter-cvslog mailing list