Hello, Found in iptables 1.3.2 changelog : - Include FIN bit in mask of "--syn" bitsWith this change a TCP packet must have the FIN flag cleared in order to match the --syn option, while it was not necessary with previous iptables versions. Why ? Isn't the SYN flag supposed to have precedence over the FIN flag, so shouldn't FIN be ignored when SYN is set ? Besides, this change has been applied only to libipt_tcp.c, not to libip6t_tcp.c. Is there a reason to this ?
Thanks for your attention.
