doc: clarify reject is supported at prerouting stage

It's supported since kernel commit f53b9b0bdc59 ("netfilter: introduce
support for reject at prerouting stage").

Reported-by: Dan Winship <danwinship@redhat.com>
Signed-off-by: Quan Tian <tianquan23@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/doc/statements.txt b/doc/statements.txt
index 1967280549a80c61479439a8761f2349b339d59e..ae6442b03e463862acf8d9245c66a31150c44c43 100644 (file)
--- a/doc/statements.txt
+++ b/doc/statements.txt
@@ -180,7 +180,7 @@ ____
 A reject statement is used to send back an error packet in response to the
 matched packet otherwise it is equivalent to drop so it is a terminating
 statement, ending rule traversal. This statement is only valid in base chains
-using the *input*,
+using the *prerouting*, *input*,
 *forward* or *output* hooks, and user-defined chains which are only called from
 those chains.