openwrt_archive/net/nodogsplash/patches/002-deprecated_iptables_syntax.patch

--- a/src/fw_iptables.c
+++ b/src/fw_iptables.c
@@ -449,7 +449,7 @@ iptables_fw_init(void) {
   /* CHAIN_TO_ROUTER, related and established packets  ACCEPT */
   rc |= iptables_do_command("-t filter -A " CHAIN_TO_ROUTER " -m state --state RELATED,ESTABLISHED -j ACCEPT");
   /* CHAIN_TO_ROUTER, bogus SYN packets  DROP */
-  rc |= iptables_do_command("-t filter -A " CHAIN_TO_ROUTER " -p tcp --tcp-flags SYN SYN --tcp-option \\! 2 -j  DROP");
+  rc |= iptables_do_command("-t filter -A " CHAIN_TO_ROUTER " -p tcp --tcp-flags SYN SYN \\! --tcp-option 2 -j  DROP");
 
   /* CHAIN_TO_ROUTER, packets to HTTP listening on gw_port on router ACCEPT */
   rc |= iptables_do_command("-t filter -A " CHAIN_TO_ROUTER " -p tcp --dport %d -j ACCEPT", gw_port);