From 045263c704c7010f1cc9ef36e9131204a995b03d Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Wed, 18 Jun 2003 19:24:16 +0000
Subject: [PATCH] Refine 'newnotsyn' option handling

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@599 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall/firewall | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Shorewall/firewall b/Shorewall/firewall
index 08ad24239..d12c20994 100755
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@@ -3374,6 +3374,11 @@ build_common_chain() {
     if [ -n "$NEWNOTSYN" ]; then
 	run_iptables -A common -p tcp --tcp-flags ACK ACK -j ACCEPT
 	run_iptables -A common -p tcp --tcp-flags RST RST -j ACCEPT
+    else
+	for interface in `find_interfaces_by_option newnotsyn`; do
+	    run_iptables -A common -i $interface -p tcp --tcp-flags ACK ACK -j ACCEPT
+	    run_iptables -A common -i $interface -p tcp --tcp-flags RST RST -j ACCEPT
+	done
     fi
     #
     # BROADCASTS