netfilter: nft_reject: support for IPv6 and TCP reset

This patch moves nft_reject_ipv4 to nft_reject and adds support for IPv6 protocol. This patch uses functions included in nf_reject.h to implement reject by TCP reset. The code has to be build as a module if NF_TABLES_IPV6 is also a module to avoid compilation error due to usage of IPv6 functions. This has been done in Kconfig by using the construct: depends on NF_TABLES_IPV6 || !NF_TABLES_IPV6 This seems a bit weird in terms of syntax but works perfectly. Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Eric Leblond <eric@regit.org> 2013-12-29 12:28:14 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2013-12-30 18:15:38 +0100
commit: bee11dc78fc8a41299be5ce04b1c76b0057af450 (patch)
tree: 0717e96f0f1cbfca4373dc0fa867b3b888267f16 /net/netfilter/Kconfig
parent: cc70d069e2b9cece683206c0f6a1d1484414e577 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 01f9f64c4cec..a1dec61a727e 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -465,6 +465,12 @@ config NFT_QUEUE
 	  This is required if you intend to use the userspace queueing
 	  infrastructure (also known as NFQUEUE) from nftables.
 
+config NFT_REJECT
+	depends on NF_TABLES
+	depends on NF_TABLES_IPV6 || !NF_TABLES_IPV6
+	default m if NETFILTER_ADVANCED=n
+	tristate "Netfilter nf_tables reject support"
+
 config NFT_COMPAT
 	depends on NF_TABLES
 	depends on NETFILTER_XTABLES
author	Eric Leblond <eric@regit.org>	2013-12-29 12:28:14 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2013-12-30 18:15:38 +0100
commit	bee11dc78fc8a41299be5ce04b1c76b0057af450 (patch)
tree	0717e96f0f1cbfca4373dc0fa867b3b888267f16 /net/netfilter/Kconfig
parent	cc70d069e2b9cece683206c0f6a1d1484414e577 (diff)