]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 55ab34b) | patch
netfilter: nft_reject_bridge: restrict reject to prerouting and input
authorPablo Neira Ayuso <pablo@netfilter.org>
Mon, 27 Oct 2014 13:08:17 +0000 (14:08 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Fri, 31 Oct 2014 11:50:09 +0000 (12:50 +0100)
commitb9d631cfa1e726f938db2053e4b78c1dcd613dae
tree9a488cb70c3b6e802829b4cf6060aad86850c47btree | snapshot
parent55ab34bdb470feb59d97bd7fce6145a64a880620commit | diff
netfilter: nft_reject_bridge: restrict reject to prerouting and input

Restrict the reject expression to the prerouting and input bridge
hooks. If we allow this to be used from forward or any other later
bridge hook, if the frame is flooded to several ports, we'll end up
sending several reject packets, one per cloned packet.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/bridge/netfilter/nft_reject_bridge.c diff | blob | history
Linux Kernel Source Tree.