1 files changed, 6 insertions, 2 deletions

diff --git a/net/ipv4/netfilter/ipt_SYNPROXY.c b/net/ipv4/netfilter/ipt_SYNPROXY.c
index 90e489eb1c0a..67e17dcda65e 100644
--- a/net/ipv4/netfilter/ipt_SYNPROXY.c
+++ b/net/ipv4/netfilter/ipt_SYNPROXY.c
@@ -285,11 +285,15 @@ synproxy_tg4(struct sk_buff *skb, const struct xt_action_param *par)
                                           XT_SYNPROXY_OPT_ECN);
 
                 synproxy_send_client_synack(skb, th, &opts);
-        } else if (th->ack && !(th->fin || th->rst || th->syn))
+                return NF_DROP;
+
+        } else if (th->ack && !(th->fin || th->rst || th->syn)) {
                 /* ACK from client */
                 synproxy_recv_client_ack(snet, skb, th, &opts, ntohl(th->seq));
+                return NF_DROP;
+        }
 
-        return NF_DROP;
+        return XT_CONTINUE;
 }
 
 static unsigned int ipv4_synproxy_hook(unsigned int hooknum,