From 777454cbe6438bb965c98c1c7481a0a4b4c2f958 Mon Sep 17 00:00:00 2001
From: Mike Baker <mbm@openwrt.org>
Date: Fri, 15 Jul 2005 17:16:01 +0000
Subject: [PATCH] drop all syn packets without mss

SVN-Revision: 1451
---
 openwrt/target/default/target_skeleton/etc/init.d/S45firewall | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/openwrt/target/default/target_skeleton/etc/init.d/S45firewall b/openwrt/target/default/target_skeleton/etc/init.d/S45firewall
index bbb5c2914b..17f9086b56 100755
--- a/openwrt/target/default/target_skeleton/etc/init.d/S45firewall
+++ b/openwrt/target/default/target_skeleton/etc/init.d/S45firewall
@@ -26,7 +26,7 @@ iptables -t nat -N postrouting_rule
   iptables -P INPUT DROP
   iptables -A INPUT -m state --state INVALID -j DROP
   iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-  iptables -A INPUT -p tcp --syn --tcp-option \! 2 -j  DROP
+  iptables -A INPUT -p tcp --tcp-flags SYN SYN --tcp-option \! 2 -j  DROP
 
   #
   # insert accept rule or to jump to new accept-check table here
-- 
2.30.2