On 11/14/16 4:49 PM, Pablo Neira Ayuso wrote: > On Tue, Nov 15, 2016 at 12:48:17AM +0100, Pablo Neira Ayuso wrote: >> Hi David, >> >> On Mon, Nov 14, 2016 at 04:04:26PM -0700, David Ahern wrote: >>> On 11/14/16 3:59 PM, Pablo Neira Ayuso wrote: >>>> Does ip6_route_me_harder need an update too? >>> >>> I have not hit a use case yet. Rather than blindly going through and >>> adding l3mdev hooks I would like to tie the changes to known uses >>> cases. >> >> Hm, your follow up patch updates nf_send_reset6() but not >> nf_send_reset(). Sorry but it strikes me as inconsistent that some >> spots are updated and some others are not. > > What usecases you have in mind, btw? I can help testing other > scenarios and fix other spots too if it makes sense to do it in one > go. > As mentioned in the commit message, both this one and the IPV6 one get the REJECT target working for tcp-reset: iptables -I OUTPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset ip6tables -A OUTPUT -p tcp --dport 12345 -j REJECT --reject-with tcp-reset -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
