diff options
author | Harald Welte <laforge@gnumonks.org> | 2005-05-04 07:34:37 +0000 |
---|---|---|
committer | Harald Welte <laforge@gnumonks.org> | 2005-05-04 07:34:37 +0000 |
commit | 38ed421276ff0312965c96754b4bc01d0e4f0679 (patch) | |
tree | 39713d398104f934f89df935cd2c1cf0c684111b /extensions | |
parent | e556800cf137e49a47cf1ac889c613f5d33cfe3b (diff) |
include FIN bit in mask of "--syn" bits
Diffstat (limited to 'extensions')
-rw-r--r-- | extensions/libipt_tcp.c | 2 | ||||
-rw-r--r-- | extensions/libipt_tcp.man | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/extensions/libipt_tcp.c b/extensions/libipt_tcp.c index 6f9ea06a..f8ed249a 100644 --- a/extensions/libipt_tcp.c +++ b/extensions/libipt_tcp.c @@ -205,7 +205,7 @@ parse(int c, char **argv, int invert, unsigned int *flags, exit_error(PARAMETER_PROBLEM, "Only one of `--syn' or `--tcp-flags' " " allowed"); - parse_tcp_flags(tcpinfo, "SYN,RST,ACK", "SYN", invert); + parse_tcp_flags(tcpinfo, "SYN,RST,ACK,FIN", "SYN", invert); *flags |= TCP_FLAGS; break; diff --git a/extensions/libipt_tcp.man b/extensions/libipt_tcp.man index 48a068fa..e1f44057 100644 --- a/extensions/libipt_tcp.man +++ b/extensions/libipt_tcp.man @@ -32,12 +32,12 @@ will only match packets with the SYN flag set, and the ACK, FIN and RST flags unset. .TP .B "[!] --syn" -Only match TCP packets with the SYN bit set and the ACK and RST bits +Only match TCP packets with the SYN bit set and the ACK,RST and FIN bits cleared. Such packets are used to request TCP connection initiation; for example, blocking such packets coming in an interface will prevent incoming TCP connections, but outgoing TCP connections will be unaffected. -It is equivalent to \fB--tcp-flags SYN,RST,ACK SYN\fP. +It is equivalent to \fB--tcp-flags SYN,RST,ACK,FIN SYN\fP. If the "!" flag precedes the "--syn", the sense of the option is inverted. .TP |