[PATCH iptables] extensions: libipt_REJECT: Drop ancient kernel compat hack

[Tommi Rantala <tt.rantala@gmail.com>]

From: Tommi Rantala <tommi.rantala@cujo.com>

The IPT_ICMP_ADMIN_PROHIBITED fallback define and associated
compatibility notes were relevant for 2.4 kernels. The INCOMPATIBILITIES
file referencing these was already dropped in commit 92ce78d04677
("Drop INCOMPATIBILITIES file"), so clean up the remaining leftovers in
the REJECT extension source and man page.

Signed-off-by: Tommi Rantala <tommi.rantala@cujo.com>
---
 extensions/libipt_REJECT.c   | 14 +-------------
 extensions/libipt_REJECT.man |  4 +---
 2 files changed, 2 insertions(+), 16 deletions(-)

diff --git a/extensions/libipt_REJECT.c b/extensions/libipt_REJECT.c
index 743dfffc..8bfe0fd7 100644
--- a/extensions/libipt_REJECT.c
+++ b/extensions/libipt_REJECT.c
@@ -6,16 +6,6 @@
 #include <string.h>
 #include <xtables.h>
 #include <linux/netfilter_ipv4/ipt_REJECT.h>
-#include <linux/version.h>
-
-/* If we are compiling against a kernel that does not support
- * IPT_ICMP_ADMIN_PROHIBITED, we are emulating it.
- * The result will be a plain DROP of the packet instead of
- * reject. -- Maciej Soltysiak <solt@dns.toxicfilms.tv>
- */
-#ifndef IPT_ICMP_ADMIN_PROHIBITED
-#define IPT_ICMP_ADMIN_PROHIBITED	IPT_TCP_RESET + 1
-#endif
 
 struct reject_names {
 	const char *name;
@@ -73,7 +63,7 @@ static const struct reject_names reject_table[] = {
 	},
 	[IPT_ICMP_ADMIN_PROHIBITED] = {
 		"icmp-admin-prohibited", "admin-prohib",
-		"ICMP administratively prohibited (*)",
+		"ICMP administratively prohibited",
 		"admin-prohibited",
 	},
 };
@@ -102,8 +92,6 @@ static void REJECT_help(void)
 "                                a reply packet according to type:\n");
 
 	print_reject_types();
-
-	printf("(*) See man page or read the INCOMPATIBILITES file for compatibility issues.\n");
 }
 
 static const struct xt_option_entry REJECT_opts[] = {
diff --git a/extensions/libipt_REJECT.man b/extensions/libipt_REJECT.man
index a7196cdc..ea4d92e6 100644
--- a/extensions/libipt_REJECT.man
+++ b/extensions/libipt_REJECT.man
@@ -19,7 +19,7 @@ The type given can be
 \fBicmp\-proto\-unreachable\fP,
 \fBicmp\-net\-prohibited\fP,
 \fBicmp\-host\-prohibited\fP, or
-\fBicmp\-admin\-prohibited\fP (*),
+\fBicmp\-admin\-prohibited\fP,
 which return the appropriate ICMP error message (\fBicmp\-port\-unreachable\fP is
 the default).  The option
 \fBtcp\-reset\fP
@@ -28,8 +28,6 @@ TCP RST packet to be sent back.  This is mainly useful for blocking
 .I ident
 (113/tcp) probes which frequently occur when sending mail to broken mail
 hosts (which won't accept your mail otherwise).
-.IP
-(*) Using icmp\-admin\-prohibited with kernels that do not support it will result in a plain DROP instead of REJECT
 .PP
 \fIWarning:\fP You should not indiscriminately apply the REJECT target to
 packets whose connection state is classified as INVALID; instead, you should
-- 
2.53.0