[NETFILTER]: Make REJECT target compliant with RFC 1812.

Add support for iptables --reject-with-admin-prohib option of the REJECT target, making it compliant with RFC 1812.
author: Maciej Soltysiak <solt@dns.toxicfilms.tv> 2003-07-25 01:21:56 -0700
committer: David S. Miller <davem@nuts.ninka.net> 2003-07-25 01:21:56 -0700
commit: 3b5d57287d03af3c151bd381afde5aef070d2da3 (patch)
tree: 3e7350cbb9d99222259e02574a6c6cd497493931 /net
parent: c828efd50934852b6c75a3713101b0207f7f7ef4 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c
index 72aacefc01d4..c1147531acd2 100644
--- a/net/ipv4/netfilter/ipt_REJECT.c
+++ b/net/ipv4/netfilter/ipt_REJECT.c
@@ -1,6 +1,7 @@
 /*
  * This is a module which is used for rejecting packets.
  * Added support for customized reject packets (Jozsef Kadlecsik).
+ * Added support for ICMP type-3-code-13 (Maciej Soltysiak). [RFC 1812]
  */
 #include <linux/config.h>
 #include <linux/module.h>
@@ -387,6 +388,9 @@ static unsigned int reject(struct sk_buff **pskb,
 	case IPT_ICMP_HOST_PROHIBITED:
     		send_unreach(*pskb, ICMP_HOST_ANO);
     		break;
+    	case IPT_ICMP_ADMIN_PROHIBITED:
+		send_unreach(*pskb, ICMP_PKT_FILTERED);
+		break;
 	case IPT_TCP_RESET:
 		send_reset(*pskb, hooknum == NF_IP_LOCAL_IN);
 	case IPT_ICMP_ECHOREPLY:
author	Maciej Soltysiak <solt@dns.toxicfilms.tv>	2003-07-25 01:21:56 -0700
committer	David S. Miller <davem@nuts.ninka.net>	2003-07-25 01:21:56 -0700
commit	3b5d57287d03af3c151bd381afde5aef070d2da3 (patch)
tree	3e7350cbb9d99222259e02574a6c6cd497493931 /net
parent	c828efd50934852b6c75a3713101b0207f7f7ef4 (diff)