projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 523b929) | patch
netfilter: nft_reject_bridge: restrict reject to prerouting and input
authorPablo Neira Ayuso <pablo@netfilter.org>
Mon, 27 Oct 2014 13:08:17 +0000 (14:08 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Fri, 31 Oct 2014 11:50:09 +0000 (12:50 +0100)
commit127917c29a432c3b798e014a1714e9c1af0f87fe
tree9a488cb70c3b6e802829b4cf6060aad86850c47btree | snapshot (tar.gz zip)
parent523b929d5446c023e1219aa81455a8c766cac883commit | diff
netfilter: nft_reject_bridge: restrict reject to prerouting and input

Restrict the reject expression to the prerouting and input bridge
hooks. If we allow this to be used from forward or any other later
bridge hook, if the frame is flooded to several ports, we'll end up
sending several reject packets, one per cloned packet.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/bridge/netfilter/nft_reject_bridge.c diff | blob | blame | history