On Sun, Mar 07, 2021 at 06:16:10PM -0700, Marc Aurèle La France wrote:
> Extend commit f53b9b0bdc59c0823679f2e3214e0d538f5951b9 "netfilter:
> introduce support for reject at prerouting stage", which appeared in
> 5.9, by making the corresponding changes to x_tables REJECT targets.
>
> Please Reply-To-All.
This patch LGTM.
> Thanks.
>
> Marc.
>
> Signed-off-by: Marc Aurèle La France <tsi@xxxxxxxxxx>
> Tested-by: Marc Aurèle La France <tsi@xxxxxxxxxx>
>
> --- a/net/ipv4/netfilter/ipt_REJECT.c
> +++ b/net/ipv4/netfilter/ipt_REJECT.c
> @@ -92,7 +92,7 @@ static struct xt_target reject_tg_reg __read_mostly = {
> .targetsize = sizeof(struct ipt_reject_info),
> .table = "filter",
> .hooks = (1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD) |
> - (1 << NF_INET_LOCAL_OUT),
> + (1 << NF_INET_LOCAL_OUT) | (1 << NF_INET_PRE_ROUTING),
> .checkentry = reject_tg_check,
> .me = THIS_MODULE,
> };
> --- a/net/ipv6/netfilter/ip6t_REJECT.c
> +++ b/net/ipv6/netfilter/ip6t_REJECT.c
> @@ -102,7 +102,7 @@ static struct xt_target reject_tg6_reg __read_mostly = {
> .targetsize = sizeof(struct ip6t_reject_info),
> .table = "filter",
> .hooks = (1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD) |
> - (1 << NF_INET_LOCAL_OUT),
> + (1 << NF_INET_LOCAL_OUT) | (1 << NF_INET_PRE_ROUTING),
> .checkentry = reject_tg6_check,
> .me = THIS_MODULE
> };
