diff options
author | Eric Leblond <eric@regit.org> | 2013-12-29 12:28:14 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-12-30 18:15:38 +0100 |
commit | bee11dc78fc8a41299be5ce04b1c76b0057af450 (patch) | |
tree | 0717e96f0f1cbfca4373dc0fa867b3b888267f16 /net/netfilter/Kconfig | |
parent | cc70d069e2b9cece683206c0f6a1d1484414e577 (diff) | |
download | op-kernel-dev-bee11dc78fc8a41299be5ce04b1c76b0057af450.zip op-kernel-dev-bee11dc78fc8a41299be5ce04b1c76b0057af450.tar.gz |
netfilter: nft_reject: support for IPv6 and TCP reset
This patch moves nft_reject_ipv4 to nft_reject and adds support
for IPv6 protocol. This patch uses functions included in nf_reject.h
to implement reject by TCP reset.
The code has to be build as a module if NF_TABLES_IPV6 is also a
module to avoid compilation error due to usage of IPv6 functions.
This has been done in Kconfig by using the construct:
depends on NF_TABLES_IPV6 || !NF_TABLES_IPV6
This seems a bit weird in terms of syntax but works perfectly.
Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/Kconfig')
-rw-r--r-- | net/netfilter/Kconfig | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index 01f9f64..a1dec61 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig @@ -465,6 +465,12 @@ config NFT_QUEUE This is required if you intend to use the userspace queueing infrastructure (also known as NFQUEUE) from nftables. +config NFT_REJECT + depends on NF_TABLES + depends on NF_TABLES_IPV6 || !NF_TABLES_IPV6 + default m if NETFILTER_ADVANCED=n + tristate "Netfilter nf_tables reject support" + config NFT_COMPAT depends on NF_TABLES depends on NETFILTER_XTABLES |