From 3b5d57287d03af3c151bd381afde5aef070d2da3 Mon Sep 17 00:00:00 2001 From: Maciej Soltysiak Date: Fri, 25 Jul 2003 01:21:56 -0700 Subject: [PATCH] [NETFILTER]: Make REJECT target compliant with RFC 1812. Add support for iptables --reject-with-admin-prohib option of the REJECT target, making it compliant with RFC 1812. --- include/linux/netfilter_ipv4/ipt_REJECT.h | 3 ++- net/ipv4/netfilter/ipt_REJECT.c | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/include/linux/netfilter_ipv4/ipt_REJECT.h b/include/linux/netfilter_ipv4/ipt_REJECT.h index ad195e435ba9..4293a1ad1b01 100644 --- a/include/linux/netfilter_ipv4/ipt_REJECT.h +++ b/include/linux/netfilter_ipv4/ipt_REJECT.h @@ -9,7 +9,8 @@ enum ipt_reject_with { IPT_ICMP_ECHOREPLY, IPT_ICMP_NET_PROHIBITED, IPT_ICMP_HOST_PROHIBITED, - IPT_TCP_RESET + IPT_TCP_RESET, + IPT_ICMP_ADMIN_PROHIBITED }; struct ipt_reject_info { diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c index 72aacefc01d4..c1147531acd2 100644 --- a/net/ipv4/netfilter/ipt_REJECT.c +++ b/net/ipv4/netfilter/ipt_REJECT.c @@ -1,6 +1,7 @@ /* * This is a module which is used for rejecting packets. * Added support for customized reject packets (Jozsef Kadlecsik). + * Added support for ICMP type-3-code-13 (Maciej Soltysiak). [RFC 1812] */ #include #include @@ -387,6 +388,9 @@ static unsigned int reject(struct sk_buff **pskb, case IPT_ICMP_HOST_PROHIBITED: send_unreach(*pskb, ICMP_HOST_ANO); break; + case IPT_ICMP_ADMIN_PROHIBITED: + send_unreach(*pskb, ICMP_PKT_FILTERED); + break; case IPT_TCP_RESET: send_reset(*pskb, hooknum == NF_IP_LOCAL_IN); case IPT_ICMP_ECHOREPLY: -- 2.39.5