]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6b65d7f) | patch
netfilter: nft_reject_bridge: restrict reject to prerouting and input
authorPablo Neira Ayuso <pablo@netfilter.org>
Mon, 27 Oct 2014 13:08:17 +0000 (14:08 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Fri, 31 Oct 2014 11:50:09 +0000 (12:50 +0100)
commitf6e00aa87d56a7c95518e592b8b1152361e4c4ad
tree9a488cb70c3b6e802829b4cf6060aad86850c47btree | snapshot
parent6b65d7f9369b04c9adfce2a74196e42d4b7a877acommit | diff
netfilter: nft_reject_bridge: restrict reject to prerouting and input

Restrict the reject expression to the prerouting and input bridge
hooks. If we allow this to be used from forward or any other later
bridge hook, if the frame is flooded to several ports, we'll end up
sending several reject packets, one per cloned packet.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/bridge/netfilter/nft_reject_bridge.c diff | blob | history
Linux Kernel Source Tree.