On Thu, Oct 23, 2014 at 07:36:56PM +0200, Alvaro Neira Ayuso wrote: > In rules like: > > nft add rule inet filter input reject > or > nft add rule bridge filter input reject > > we use icmpx to reject it. But if we have network context, we also use type of > reject. With this patch, we check the network context. If we don't have context, > we still use icmpx. However, if we have rules with network context like: > > nft add rule inet meta nfproto ipv4 reject > or > nft add rule bridge ether type ipv6 reject > > We are going to use icmp or icmpv6 to reject it taking into account the network > context. Applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
