projects / platform / kernel / linux-rpi.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 312ca57) | patch
netfilter: nft_reject: add reject verdict support for netdev
authorJose M. Guisado Gomez <guigom@riseup.net>
Thu, 22 Oct 2020 19:43:53 +0000 (21:43 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Sat, 31 Oct 2020 09:41:00 +0000 (10:41 +0100)
commit6bbb9ad36c93d3a422de862b78bd5330b44b3fa4
tree59faa76de1a76f952377de267fda8acf63eee50atree | snapshot
parent312ca575a50543a886a5dfa2af1e72aa6a5b601ecommit | diff
netfilter: nft_reject: add reject verdict support for netdev

Adds support for reject from ingress hook in netdev family.
Both stacks ipv4 and ipv6.  With reject packets supporting ICMP
and TCP RST.

This ability is required in devices that need to REJECT legitimate
clients which traffic is forwarded from the ingress hook.

Joint work with Laura Garcia.

Signed-off-by: Jose M. Guisado Gomez <guigom@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/Kconfig diff | blob | history
net/netfilter/Makefile diff | blob | history
net/netfilter/nft_reject_netdev.c [new file with mode: 0644] blob
Domain: System / Kernel;