[NETFILTER]: Make REJECT target compliant with RFC 1812.

Add support for iptables --reject-with-admin-prohib option of the REJECT target, making it compliant with RFC 1812.

[NETFILTER]: Make REJECT target compliant with RFC 1812.
Add support for iptables --reject-with-admin-prohib option of the REJECT target, making it compliant with RFC 1812.
3b5d5728 · Maciej Soltysiak · David S. Miller · c828efd5 · 3b5d5728 · 3b5d5728
Commit 3b5d5728 authored Jul 25, 2003 by Maciej Soltysiak Committed by David S. Miller Jul 25, 2003
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 1 deletion

include/linux/netfilter_ipv4/ipt_REJECT.h include/linux/netfilter_ipv4/ipt_REJECT.h +2 -1

net/ipv4/netfilter/ipt_REJECT.c net/ipv4/netfilter/ipt_REJECT.c +4 -0

No files found.
--- a/include/linux/netfilter_ipv4/ipt_REJECT.h
+++ b/include/linux/netfilter_ipv4/ipt_REJECT.h
@@ -9,7 +9,8 @@ enum ipt_reject_with {
 	IPT_ICMP_ECHOREPLY,
 	IPT_ICMP_NET_PROHIBITED,
 	IPT_ICMP_HOST_PROHIBITED,
-	IPT_TCP_RESET
+	IPT_TCP_RESET,
+	IPT_ICMP_ADMIN_PROHIBITED
 };

 struct ipt_reject_info {

--- a/net/ipv4/netfilter/ipt_REJECT.c
+++ b/net/ipv4/netfilter/ipt_REJECT.c
 /*
 * This is a module which is used for rejecting packets.
 * Added support for customized reject packets (Jozsef Kadlecsik).
+ * Added support for ICMP type-3-code-13 (Maciej Soltysiak). [RFC 1812]
 */
 #include <linux/config.h>
 #include <linux/module.h>
@@ -387,6 +388,9 @@ static unsigned int reject(struct sk_buff **pskb,
 	case IPT_ICMP_HOST_PROHIBITED:
    		send_unreach(*pskb, ICMP_HOST_ANO);
    		break;
+    	case IPT_ICMP_ADMIN_PROHIBITED:
+		send_unreach(*pskb, ICMP_PKT_FILTERED);
+		break;
 	case IPT_TCP_RESET:
 		send_reset(*pskb, hooknum == NF_IP_LOCAL_IN);
 	case IPT_ICMP_ECHOREPLY: