netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* {PATCH nf] x_tables: Allow REJECT targets in PREROUTING chains
@ 2021-03-08  1:16 Marc Aurèle La France
  2021-03-08 10:34 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 3+ messages in thread
From: Marc Aurèle La France @ 2021-03-08  1:16 UTC (permalink / raw)
  To: Laura Garcia Liebana, netfilter-devel

[-- Attachment #1: Type: text/plain, Size: 1226 bytes --]

Extend commit f53b9b0bdc59c0823679f2e3214e0d538f5951b9 "netfilter:
introduce support for reject at prerouting stage", which appeared in
5.9, by making the corresponding changes to x_tables REJECT targets.

Please Reply-To-All.

Thanks.

Marc.

Signed-off-by: Marc Aurèle La France <tsi@tuyoix.net>
Tested-by: Marc Aurèle La France <tsi@tuyoix.net>

--- a/net/ipv4/netfilter/ipt_REJECT.c
+++ b/net/ipv4/netfilter/ipt_REJECT.c
@@ -92,7 +92,7 @@ static struct xt_target reject_tg_reg __read_mostly = {
 	.targetsize	= sizeof(struct ipt_reject_info),
 	.table		= "filter",
 	.hooks		= (1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD) |
-			  (1 << NF_INET_LOCAL_OUT),
+			  (1 << NF_INET_LOCAL_OUT) | (1 << NF_INET_PRE_ROUTING),
 	.checkentry	= reject_tg_check,
 	.me		= THIS_MODULE,
 };
--- a/net/ipv6/netfilter/ip6t_REJECT.c
+++ b/net/ipv6/netfilter/ip6t_REJECT.c
@@ -102,7 +102,7 @@ static struct xt_target reject_tg6_reg __read_mostly = {
 	.targetsize	= sizeof(struct ip6t_reject_info),
 	.table		= "filter",
 	.hooks		= (1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD) |
-			  (1 << NF_INET_LOCAL_OUT),
+			  (1 << NF_INET_LOCAL_OUT) | (1 << NF_INET_PRE_ROUTING),
 	.checkentry	= reject_tg6_check,
 	.me		= THIS_MODULE
 };

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: {PATCH nf] x_tables: Allow REJECT targets in PREROUTING chains
  2021-03-08  1:16 {PATCH nf] x_tables: Allow REJECT targets in PREROUTING chains Marc Aurèle La France
@ 2021-03-08 10:34 ` Pablo Neira Ayuso
  2021-03-08 16:06   ` Marc Aurèle La France
  0 siblings, 1 reply; 3+ messages in thread
From: Pablo Neira Ayuso @ 2021-03-08 10:34 UTC (permalink / raw)
  To: Marc Aurèle La France; +Cc: Laura Garcia Liebana, netfilter-devel

On Sun, Mar 07, 2021 at 06:16:10PM -0700, Marc Aurèle La France wrote:
> Extend commit f53b9b0bdc59c0823679f2e3214e0d538f5951b9 "netfilter:
> introduce support for reject at prerouting stage", which appeared in
> 5.9, by making the corresponding changes to x_tables REJECT targets.
> 
> Please Reply-To-All.

This patch LGTM.

> Thanks.
> 
> Marc.
> 
> Signed-off-by: Marc Aurèle La France <tsi@tuyoix.net>
> Tested-by: Marc Aurèle La France <tsi@tuyoix.net>
> 
> --- a/net/ipv4/netfilter/ipt_REJECT.c
> +++ b/net/ipv4/netfilter/ipt_REJECT.c
> @@ -92,7 +92,7 @@ static struct xt_target reject_tg_reg __read_mostly = {
>  	.targetsize	= sizeof(struct ipt_reject_info),
>  	.table		= "filter",
>  	.hooks		= (1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD) |
> -			  (1 << NF_INET_LOCAL_OUT),
> +			  (1 << NF_INET_LOCAL_OUT) | (1 << NF_INET_PRE_ROUTING),
>  	.checkentry	= reject_tg_check,
>  	.me		= THIS_MODULE,
>  };
> --- a/net/ipv6/netfilter/ip6t_REJECT.c
> +++ b/net/ipv6/netfilter/ip6t_REJECT.c
> @@ -102,7 +102,7 @@ static struct xt_target reject_tg6_reg __read_mostly = {
>  	.targetsize	= sizeof(struct ip6t_reject_info),
>  	.table		= "filter",
>  	.hooks		= (1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD) |
> -			  (1 << NF_INET_LOCAL_OUT),
> +			  (1 << NF_INET_LOCAL_OUT) | (1 << NF_INET_PRE_ROUTING),
>  	.checkentry	= reject_tg6_check,
>  	.me		= THIS_MODULE
>  };


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: {PATCH nf] x_tables: Allow REJECT targets in PREROUTING chains
  2021-03-08 10:34 ` Pablo Neira Ayuso
@ 2021-03-08 16:06   ` Marc Aurèle La France
  0 siblings, 0 replies; 3+ messages in thread
From: Marc Aurèle La France @ 2021-03-08 16:06 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: Laura Garcia Liebana, netfilter-devel

[-- Attachment #1: Type: text/plain, Size: 596 bytes --]

On Mon, 8 Mar 2021, Pablo Neira Ayuso wrote:
> On Sun, Mar 07, 2021 at 06:16:10PM -0700, Marc Aurèle La France wrote:
>> Extend commit f53b9b0bdc59c0823679f2e3214e0d538f5951b9 "netfilter:
>> introduce support for reject at prerouting stage", which appeared in
>> 5.9, by making the corresponding changes to x_tables REJECT targets.

>> Please Reply-To-All.

> This patch LGTM.

... except that I have since realised it relies on another change I'm 
carrying that allows REJECT targets in all tables, not just filter, 
something I doubt you are open to.

Withdrawn.

Thanks for youur time.

Marc.

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-03-08 16:15 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-03-08  1:16 {PATCH nf] x_tables: Allow REJECT targets in PREROUTING chains Marc Aurèle La France
2021-03-08 10:34 ` Pablo Neira Ayuso
2021-03-08 16:06   ` Marc Aurèle La France

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).