On Sun, May 31, 2020 at 10:26:23PM +0200, Laura Garcia Liebana wrote: > REJECT statement can be only used in INPUT, FORWARD and OUTPUT > chains. This patch adds support of REJECT, both icmp and tcp > reset, at PREROUTING stage. > > The need for this patch comes from the requirement of some > forwarding devices to reject traffic before the natting and > routing decisions. > > The main use case is to be able to send a graceful termination > to legitimate clients that, under any circumstances, the NATed > endpoints are not available. This option allows clients to > decide either to perform a reconnection or manage the error in > their side, instead of just dropping the connection and let > them die due to timeout. > > It is supported ipv4, ipv6 and inet families for nft > infrastructure. Applied, thanks Laura.
