It's supported since kernel commit f53b9b0bdc59 ("netfilter: introduce
support for reject at prerouting stage").
Reported-by: Dan Winship <danwinship@xxxxxxxxxx>
Signed-off-by: Quan Tian <tianquan23@xxxxxxxxx>
---
doc/statements.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/statements.txt b/doc/statements.txt
index 19672805..ae6442b0 100644
--- a/doc/statements.txt
+++ b/doc/statements.txt
@@ -180,7 +180,7 @@ ____
A reject statement is used to send back an error packet in response to the
matched packet otherwise it is equivalent to drop so it is a terminating
statement, ending rule traversal. This statement is only valid in base chains
-using the *input*,
+using the *prerouting*, *input*,
*forward* or *output* hooks, and user-defined chains which are only called from
those chains.
--
2.38.0
