diff -urN linux-2.4.34-wt1/net/ipv4/netfilter/ip_conntrack_proto_tcp.c linux-2.4.34-wt1-tcp/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
--- linux-2.4.34-wt1/net/ipv4/netfilter/ip_conntrack_proto_tcp.c	2006-11-13 08:15:59 +0100
+++ linux-2.4.34-wt1-tcp/net/ipv4/netfilter/ip_conntrack_proto_tcp.c	2007-03-19 12:41:26 +0100
@@ -756,24 +756,18 @@
 #define	TH_ECE	0x40
 #define	TH_CWR	0x80
 
-/* table of valid flag combinations - ECE and CWR are always valid */
-static u8 tcp_valid_flags[(TH_FIN|TH_SYN|TH_RST|TH_PUSH|TH_ACK|TH_URG) + 1] =
+/* table of valid flag combinations - PUSH, ECE and CWR are always valid */
+static u8 tcp_valid_flags[(TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG) + 1] =
 {
 	[TH_SYN]			= 1,
+	[TH_SYN|TH_URG]			= 1,
 	[TH_SYN|TH_ACK]			= 1,
-	[TH_SYN|TH_PUSH] 		= 1,
-	[TH_SYN|TH_ACK|TH_PUSH] 	= 1,
 	[TH_RST]			= 1,
 	[TH_RST|TH_ACK]			= 1,
-	[TH_RST|TH_ACK|TH_PUSH]		= 1,
 	[TH_FIN|TH_ACK]			= 1,
+	[TH_FIN|TH_ACK|TH_URG]		= 1,
 	[TH_ACK]			= 1,
-	[TH_ACK|TH_PUSH]		= 1,
 	[TH_ACK|TH_URG]			= 1,
-	[TH_ACK|TH_URG|TH_PUSH]		= 1,
-	[TH_FIN|TH_ACK|TH_PUSH]		= 1,
-	[TH_FIN|TH_ACK|TH_URG]		= 1,
-	[TH_FIN|TH_ACK|TH_URG|TH_PUSH]	= 1,
 };
 
 /* Protect conntrack agaist broken packets. Code taken from ipt_unclean.c.  */
@@ -814,7 +808,7 @@
 	}
 
 	/* Check TCP flags. */
-	tcpflags = (((u_int8_t *)tcph)[13] & ~(TH_ECE|TH_CWR));
+	tcpflags = (((u_int8_t *)tcph)[13] & ~(TH_ECE|TH_CWR|TH_PUSH));
 	if (!tcp_valid_flags[tcpflags]) {
 		if (NET_RATELIMIT(ip_ct_tcp_log_invalid))
 			nf_log(PF_INET, (char *)iph, len, 
diff -urN linux-2.4.34-wt1/net/ipv4/netfilter/ipt_unclean.c linux-2.4.34-wt1-tcp/net/ipv4/netfilter/ipt_unclean.c
--- linux-2.4.34-wt1/net/ipv4/netfilter/ipt_unclean.c	2005-11-18 21:08:36 +0100
+++ linux-2.4.34-wt1-tcp/net/ipv4/netfilter/ipt_unclean.c	2007-03-19 12:39:43 +0100
@@ -259,23 +259,18 @@
 #define	TH_ECE	0x40
 #define	TH_CWR	0x80
 
-/* table of valid flag combinations - ECE and CWR are always valid */
-static u8 tcp_valid_flags[(TH_FIN|TH_SYN|TH_RST|TH_PUSH|TH_ACK|TH_URG) + 1] =
+/* table of valid flag combinations - PUSH, ECE and CWR are always valid */
+static u8 tcp_valid_flags[(TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG) + 1] =
 {
 	[TH_SYN]			= 1,
+	[TH_SYN|TH_URG]			= 1,
 	[TH_SYN|TH_ACK]			= 1,
-	[TH_SYN|TH_ACK|TH_PUSH]		= 1,
 	[TH_RST]			= 1,
 	[TH_RST|TH_ACK]			= 1,
-	[TH_RST|TH_ACK|TH_PUSH]		= 1,
 	[TH_FIN|TH_ACK]			= 1,
+	[TH_FIN|TH_ACK|TH_URG]		= 1,
 	[TH_ACK]			= 1,
-	[TH_ACK|TH_PUSH]		= 1,
 	[TH_ACK|TH_URG]			= 1,
-	[TH_ACK|TH_URG|TH_PUSH]		= 1,
-	[TH_FIN|TH_ACK|TH_PUSH]		= 1,
-	[TH_FIN|TH_ACK|TH_URG]		= 1,
-	[TH_FIN|TH_ACK|TH_URG|TH_PUSH]	= 1
 };
 
 /* TCP-specific checks. */
@@ -348,7 +343,7 @@
 	}
 
 	/* CHECK: TCP flags. */
-	tcpflags = (((u_int8_t *)tcph)[13] & ~(TH_ECE|TH_CWR));
+	tcpflags = (((u_int8_t *)tcph)[13] & ~(TH_ECE|TH_CWR|TH_PUSH));
 	if (!tcp_valid_flags[tcpflags]) {
 		limpk("TCP flags bad: %u\n", tcpflags);
 		return 0;