2 files changed, 15 insertions, 5 deletions

diff --git a/extensions/ebt_ip.c b/extensions/ebt_ip.c
index 8e45171..4fac896 100644
--- a/extensions/ebt_ip.c
+++ b/extensions/ebt_ip.c
@@ -208,18 +208,21 @@ static void final_check(const struct ebt_u_entry *entry,
    const struct ebt_entry_match *match, const char *name,
    unsigned int hookmask, unsigned int time)
 {
- 	struct ebt_ip_info *ipinfo = (struct ebt_ip_info *)match->data;
+	struct ebt_ip_info *ipinfo = (struct ebt_ip_info *)match->data;
 
 	if (entry->ethproto != ETH_P_IP || entry->invflags & EBT_IPROTO) {
 		ebt_print_error("For IP filtering the protocol must be "
 		            "specified as IPv4");
 	} else if (ipinfo->bitmask & (EBT_IP_SPORT|EBT_IP_DPORT) &&
-		(!(ipinfo->bitmask & EBT_IP_PROTO) || 
+		(!(ipinfo->bitmask & EBT_IP_PROTO) ||
 		ipinfo->invflags & EBT_IP_PROTO ||
-		(ipinfo->protocol!=IPPROTO_TCP && 
-			ipinfo->protocol!=IPPROTO_UDP)))
+		(ipinfo->protocol!=IPPROTO_TCP &&
+		 ipinfo->protocol!=IPPROTO_UDP &&
+		 ipinfo->protocol!=IPPROTO_SCTP &&
+		 ipinfo->protocol!=IPPROTO_DCCP)))
 		ebt_print_error("For port filtering the IP protocol must be "
-				"either 6 (tcp) or 17 (udp)");
+				"either 6 (tcp), 17 (udp), 33 (dccp) or "
+				"132 (sctp)");
 }
 
 static void print(const struct ebt_u_entry *entry,
diff --git a/include/ebtables_u.h b/include/ebtables_u.h
index d24cf9c..25f3fbb 100644
--- a/include/ebtables_u.h
+++ b/include/ebtables_u.h
@@ -26,6 +26,13 @@
 #include <netinet/in.h>
 #include <linux/netfilter_bridge/ebtables.h>
 
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP		132
+#endif
+#ifndef IPPROTO_DCCP
+#define IPPROTO_DCCP		33
+#endif
+
 #define EXEC_STYLE_PRG		0
 #define EXEC_STYLE_DAEMON	1