Index: ip_fw.c
===================================================================
RCS file: /mnt/ncvs/src/sys/netinet/ip_fw.c,v
retrieving revision 1.131.2.13
retrieving revision 1.131.2.14
diff -u -r1.131.2.13 -r1.131.2.14
--- ip_fw.c	2001/02/01 20:25:09	1.131.2.13
+++ ip_fw.c	2001/02/04 05:48:59	1.131.2.14
@@ -1222,7 +1222,9 @@
 
 			if (f->fw_tcpopt != f->fw_tcpnopt && !tcpopts_match(tcp, f))
 				continue;
-			if (f->fw_tcpf != f->fw_tcpnf && !tcpflg_match(tcp, f))
+			if (((f->fw_tcpf != f->fw_tcpnf) ||
+			    (f->fw_ipflg & IP_FW_IF_TCPEST)) &&
+			    !tcpflg_match(tcp, f))
 				continue;
 			goto check_ports;
 		    }