Hello,
Found in iptables 1.3.2 changelog :
- Include FIN bit in mask of "--syn" bits
With this change a TCP packet must have the FIN flag cleared in order to
match the --syn option, while it was not necessary with previous
iptables versions.
Why ? Isn't the SYN flag supposed to have precedence over the FIN flag,
so shouldn't FIN be ignored when SYN is set ?
Besides, this change has been applied only to libipt_tcp.c, not to
libip6t_tcp.c. Is there a reason to this ?
Thanks for your attention.
Found in iptables 1.3.2 changelog :
- Include FIN bit in mask of "--syn" bits
With this change a TCP packet must have the FIN flag cleared in order to
match the --syn option, while it was not necessary with previous
iptables versions.
Why ? Isn't the SYN flag supposed to have precedence over the FIN flag,
so shouldn't FIN be ignored when SYN is set ?
Besides, this change has been applied only to libipt_tcp.c, not to
libip6t_tcp.c. Is there a reason to this ?
Thanks for your attention.