Are you saying that iptables decrements the given option code by 1?

Or is it that you find it confusing that the --tcp-option parameter rejects code 0?

Rejecting option code 0 is of course consistent with the code table, since code 0 is an "end of options list" marker, and not an option code in itself.

1. What I wanted to say, I have already said here.
2. There are standards that are accepted as a standard and these standards should be followed, and not "break" user dependencies.
3. I'm not a girl to be embarrassed about.
4. The range of TCP options should be between 0 and 254, not as it is now from 1 to 255.

Or is it that you find it confusing that the --tcp-option parameter rejects code 0?

Rejecting option code 0 is of course consistent with the code table, since code 0 is an "end of options list" marker, and not an option code in itself.

Do you know when and where this change took place? Was it in debian or upstream?

Where is '--tcp-option' from? It is not mentioned in man iptables.

Salute, comrade!

About --tcp-option please see this information from netfilter developers: https://www.netfilter.org/documentation … WTO-7.html or see man page iptables: https://linux.die.net/man/8/iptables

I don't know exactly where the change occurred, but it happened about 2 years ago. About 2 years ago, after the next update in iptables (this can be tracked by the history of updating fixes and updates for iptables in Debian b) in Debian 9, I started to show an error in the logs about the absence of --tcp-option 0. As it turned out in the future, this error was present in both Ubuntu and Devuan. I suspect that the developers of netfilter made this error, because it has become present in all derivatives based on Ubuntu and Debian.

Where is '--tcp-option' from? It is not mentioned in man iptables.

In Devuan 1, Devuan 2, Devuan 3 (and Debian, and Ubuntu) have next standard issue with iptables!

The current range of values for the --tcp-option iptables flag is 1-255 - this is not correct. The correct range of values should be 0-254. Please read the following information: https://www.iana.org/assignments/tcp-pa … rameters-1 This negative change in iptables was made approximately 2 years ago without making this change public. Please report this issue to the iptables developers so that they can set the range of --tcp-option values in accordance with the accepted standards for the TCP Protocol.