Extend commit f53b9b0bdc59c0823679f2e3214e0d538f5951b9 "netfilter:
introduce support for reject at prerouting stage", which appeared in
5.9, by making the corresponding changes to x_tables REJECT targets.
Please Reply-To-All.
Thanks.
Marc.
Signed-off-by: Marc Aurèle La France <tsi@xxxxxxxxxx>
Tested-by: Marc Aurèle La France <tsi@xxxxxxxxxx>
--- a/net/ipv4/netfilter/ipt_REJECT.c
+++ b/net/ipv4/netfilter/ipt_REJECT.c
@@ -92,7 +92,7 @@ static struct xt_target reject_tg_reg __read_mostly = {
.targetsize = sizeof(struct ipt_reject_info),
.table = "filter",
.hooks = (1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD) |
- (1 << NF_INET_LOCAL_OUT),
+ (1 << NF_INET_LOCAL_OUT) | (1 << NF_INET_PRE_ROUTING),
.checkentry = reject_tg_check,
.me = THIS_MODULE,
};
--- a/net/ipv6/netfilter/ip6t_REJECT.c
+++ b/net/ipv6/netfilter/ip6t_REJECT.c
@@ -102,7 +102,7 @@ static struct xt_target reject_tg6_reg __read_mostly = {
.targetsize = sizeof(struct ip6t_reject_info),
.table = "filter",
.hooks = (1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD) |
- (1 << NF_INET_LOCAL_OUT),
+ (1 << NF_INET_LOCAL_OUT) | (1 << NF_INET_PRE_ROUTING),
.checkentry = reject_tg6_check,
.me = THIS_MODULE
};
