From a70d29f15c809d02cb271eddba1f217d78853372 Mon Sep 17 00:00:00 2001
From: Yasuyuki KOZAKAI <yasuyuki@netfilter.org>
Date: Mon, 16 Jul 2007 10:07:30 +0000
Subject: Adds missing FIN to mask part generated by '--syn' of libip6t_tcp

---
 extensions/libip6t_tcp.c   | 2 +-
 extensions/libip6t_tcp.man | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/extensions/libip6t_tcp.c b/extensions/libip6t_tcp.c
index 734387c4..c2a84e14 100644
--- a/extensions/libip6t_tcp.c
+++ b/extensions/libip6t_tcp.c
@@ -181,7 +181,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
 			exit_error(PARAMETER_PROBLEM,
 				   "Only one of `--syn' or `--tcp-flags' "
 				   " allowed");
-		parse_tcp_flags(tcpinfo, "SYN,RST,ACK", "SYN", invert);
+		parse_tcp_flags(tcpinfo, "SYN,RST,ACK,FIN", "SYN", invert);
 		*flags |= TCP_FLAGS;
 		break;
 
diff --git a/extensions/libip6t_tcp.man b/extensions/libip6t_tcp.man
index e94566cf..31cc493d 100644
--- a/extensions/libip6t_tcp.man
+++ b/extensions/libip6t_tcp.man
@@ -37,7 +37,7 @@ cleared.  Such packets are used to request TCP connection initiation;
 for example, blocking such packets coming in an interface will prevent
 incoming TCP connections, but outgoing TCP connections will be
 unaffected.
-It is equivalent to \fB--tcp-flags SYN,RST,ACK SYN\fP.
+It is equivalent to \fB--tcp-flags SYN,RST,ACK,FIN SYN\fP.
 If the "!" flag precedes the "--syn", the sense of the
 option is inverted.
 .TP
-- 
cgit v1.2.3