Hello, Here's a small patchset implementing IPv6 reject as well as TCP RST based reject. It uses the same factorisation technique as the one used for nft_queue. I've tested ICMP reject and still need to fix nftables to be able to test TCP reset. This explains in part the RFC status of the patch. Patchset statistics: include/net/netfilter/nf_reject.h | 297 +++++++++++++++++++++++++++++++++++ net/ipv4/netfilter/Kconfig | 4 - net/ipv4/netfilter/Makefile | 1 - net/ipv4/netfilter/ipt_REJECT.c | 124 +-------------- net/ipv4/netfilter/nft_reject_ipv4.c | 123 --------------- net/ipv6/netfilter/ip6t_REJECT.c | 177 +-------------------- net/netfilter/Kconfig | 4 + net/netfilter/Makefile | 1 + net/netfilter/nft_reject.c | 143 +++++++++++++++++ 9 files changed, 455 insertions(+), 419 deletions(-) BR, -- Eric -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
