include FIN bit in mask of "--syn" bits

2 files changed, 3 insertions, 3 deletions

diff --git a/extensions/libipt_tcp.c b/extensions/libipt_tcp.c
index 6f9ea06..f8ed249 100644
--- a/extensions/libipt_tcp.c
+++ b/extensions/libipt_tcp.c
@@ -205,7 +205,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
 			exit_error(PARAMETER_PROBLEM,
 				   "Only one of `--syn' or `--tcp-flags' "
 				   " allowed");
-		parse_tcp_flags(tcpinfo, "SYN,RST,ACK", "SYN", invert);
+		parse_tcp_flags(tcpinfo, "SYN,RST,ACK,FIN", "SYN", invert);
 		*flags |= TCP_FLAGS;
 		break;
 
diff --git a/extensions/libipt_tcp.man b/extensions/libipt_tcp.man
index 48a068f..e1f4405 100644
--- a/extensions/libipt_tcp.man
+++ b/extensions/libipt_tcp.man
@@ -32,12 +32,12 @@ will only match packets with the SYN flag set, and the ACK, FIN and
 RST flags unset.
 .TP
 .B "[!] --syn"
-Only match TCP packets with the SYN bit set and the ACK and RST bits
+Only match TCP packets with the SYN bit set and the ACK,RST and FIN bits
 cleared.  Such packets are used to request TCP connection initiation;
 for example, blocking such packets coming in an interface will prevent
 incoming TCP connections, but outgoing TCP connections will be
 unaffected.
-It is equivalent to \fB--tcp-flags SYN,RST,ACK SYN\fP.
+It is equivalent to \fB--tcp-flags SYN,RST,ACK,FIN SYN\fP.
 If the "!" flag precedes the "--syn", the sense of the
 option is inverted.
 .TP