Make tcpflags the default.

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/Perl/Shorewall/Zones.pm

@@ -349,7 +349,7 @@ sub initialize( $$ ) {
 				  rpfilter    => SIMPLE_IF_OPTION,
 				  sfilter     => IPLIST_IF_OPTION,
 				  sourceroute => BINARY_IF_OPTION,
-				  tcpflags    => SIMPLE_IF_OPTION + IF_OPTION_HOST,
+				  tcpflags    => BINARY_IF_OPTION + IF_OPTION_HOST,
 				  upnp        => SIMPLE_IF_OPTION,
 				  upnpclient  => SIMPLE_IF_OPTION,
 				  mss         => NUMERIC_IF_OPTION + IF_OPTION_WILDOK,
@@ -387,13 +387,14 @@ sub initialize( $$ ) {
 				    nets        => IPLIST_IF_OPTION + IF_OPTION_ZONEONLY + IF_OPTION_VSERVER,
 				    nosmurfs    => SIMPLE_IF_OPTION + IF_OPTION_HOST,
 				    optional    => SIMPLE_IF_OPTION,
+				    optional    => SIMPLE_IF_OPTION,
 				    proxyndp    => BINARY_IF_OPTION,
 				    required    => SIMPLE_IF_OPTION,
 				    routeback   => BINARY_IF_OPTION + IF_OPTION_ZONEONLY + IF_OPTION_HOST + IF_OPTION_VSERVER,
 				    rpfilter    => SIMPLE_IF_OPTION,
 				    sfilter     => IPLIST_IF_OPTION,
 				    sourceroute => BINARY_IF_OPTION,
-				    tcpflags    => SIMPLE_IF_OPTION + IF_OPTION_HOST,
+				    tcpflags    => BINARY_IF_OPTION + IF_OPTION_HOST,
 				    mss         => NUMERIC_IF_OPTION + IF_OPTION_WILDOK,
 				    forward     => BINARY_IF_OPTION,
 				    physical    => STRING_IF_OPTION + IF_OPTION_HOST,
@@ -1353,6 +1354,8 @@ sub process_interface( $$ ) {
 	while ( my ( $option, $value ) = each( %options ) ) {
 	    fatal_error "The $option option may not be specified with 'unmanaged'" if $prohibitunmanaged{$option};
 	}
+    } else {
+	$options{tcpflags} = $hostoptionsref->{tcpflags} = 1 unless exists $options{tcpflags};
     }
 
     $physical{$physical} = $interfaces{$interface} = { name       => $interface ,

Shorewall/manpages/shorewall-interfaces.xml

@@ -731,7 +731,7 @@ loc     eth2            -</programlisting>
             </varlistentry>
 
             <varlistentry>
-              <term><emphasis role="bold">tcpflags</emphasis></term>
+              <term><emphasis role="bold">tcpflags[={0|1}]</emphasis></term>
 
               <listitem>
                 <para>Packets arriving on this interface are checked for
@@ -739,6 +739,9 @@ loc     eth2            -</programlisting>
                 have such a combination of flags are handled according to the
                 setting of TCP_FLAGS_DISPOSITION after having been logged
                 according to the setting of TCP_FLAGS_LOG_LEVEL.</para>
+
+                <para>Beginning with Shorewall 4.6.0, tcpflags=1 is the
+                default. To disable this option, specify tcpflags=0.</para>
               </listitem>
             </varlistentry>
 

Shorewall6/manpages/shorewall6-interfaces.xml

@@ -491,7 +491,7 @@ loc     eth2            -</programlisting>
             </varlistentry>
 
             <varlistentry>
-              <term><emphasis role="bold">tcpflags</emphasis></term>
+              <term><emphasis role="bold">tcpflags[={0|1}]</emphasis></term>
 
               <listitem>
                 <para>Packets arriving on this interface are checked for
@@ -499,6 +499,9 @@ loc     eth2            -</programlisting>
                 have such a combination of flags are handled according to the
                 setting of TCP_FLAGS_DISPOSITION after having been logged
                 according to the setting of TCP_FLAGS_LOG_LEVEL.</para>
+
+                <para>Beginning with Shorewall 4.6.0, tcpflags=1 is the
+                default. To disable this option, specify tcpflags=0. </para>
               </listitem>
             </varlistentry>