--- linux-2.4.17/net/ipv4/netfilter/ipt_unclean.c	Fri Dec 21 11:12:48 2001
+++ gateway-2.4.17/net/ipv4/netfilter/ipt_unclean.c	Fri Dec 21 11:17:16 2001
@@ -272,7 +272,6 @@
 	u_int8_t *opt = (u_int8_t *)tcph;
 	u_int8_t *endhdr = (u_int8_t *)tcph + tcph->doff * 4;
 	u_int8_t tcpflags;
-	int end_of_options = 0;
 	size_t i;
 
 	/* CHECK: Can't have offset=1: used to override TCP syn-checks. */
@@ -351,21 +350,12 @@
 	for (i = sizeof(struct tcphdr); i < tcph->doff * 4; ) {
 		switch (opt[i]) {
 		case 0:
-			end_of_options = 1;
-			i++;
-			break;
 		case 1:
 			i++;
 			break;
 		default:
-			/* CHECK: options after EOO. */
-			if (end_of_options) {
-				limpk("TCP option %u after end\n",
-				      opt[i]);
-				return 0;
-			}
 			/* CHECK: options at tail. */
-			else if (i+1 >= tcph->doff * 4) {
+			if (i+1 >= tcph->doff * 4) {
 				limpk("TCP option %u at tail\n",
 				      opt[i]);
 				return 0;