diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-10-27 14:08:17 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-10-31 12:50:09 +0100 |
commit | 127917c29a432c3b798e014a1714e9c1af0f87fe (patch) | |
tree | 9a488cb70c3b6e802829b4cf6060aad86850c47b /include | |
parent | 523b929d5446c023e1219aa81455a8c766cac883 (diff) |
netfilter: nft_reject_bridge: restrict reject to prerouting and input
Restrict the reject expression to the prerouting and input bridge
hooks. If we allow this to be used from forward or any other later
bridge hook, if the frame is flooded to several ports, we'll end up
sending several reject packets, one per cloned packet.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
0 files changed, 0 insertions, 0 deletions