Invalid ipfirewall rule?

[Dan Joumaa]

I'm trying to set a rule that will divert all TCP/UDP packets from host 
X to my divert socket. When I try to set the below firewall rule, 
setsockopt fails and sets errno to EINVAL. Any ideas?

    entry->version = IP_FW_CURRENT_API_VERSION;
    entry->fw_src.s_addr = htonl(host);
    entry->fw_uar.fw_pts[1] = 0xffff;
    entry->fw_prot = IPPROTO_TCP|IPPROTO_UDP;
    entry->fw_flg = IP_FW_F_DIVERT;

--ness