From: Christoph Anton Mitterer Date: Fri, 24 Oct 2025 01:36:48 +0000 (+0200) Subject: doc: minor improvements the `reject` statement X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f34381547094a80d182bd523c372fa87f7ad9b2e;p=thirdparty%2Fnftables.git doc: minor improvements the `reject` statement Signed-off-by: Christoph Anton Mitterer Signed-off-by: Florian Westphal --- diff --git a/doc/statements.txt b/doc/statements.txt index b4c63ffc..3475ef4e 100644 --- a/doc/statements.txt +++ b/doc/statements.txt @@ -1,3 +1,4 @@ +[[VERDICT_STATEMENTS]] VERDICT STATEMENTS ~~~~~~~~~~~~~~~~~~ The verdict statements alter control flow in the ruleset and issue policy decisions for packets. @@ -201,11 +202,12 @@ ____ *tcp reset* ____ -A reject statement is used to send back an error packet in response to the -matched packet otherwise it is equivalent to drop so it is a terminating -statement, ending rule traversal. This statement is only valid in base chains -using the *prerouting*, *input*, -*forward* or *output* hooks, and user-defined chains which are only called from +A reject statement tries to send back an error packet in response to the matched +packet and then interally issues a *drop* verdict. +It’s thus a terminating statement with all consequences of the latter (see +<> respectively <>). +This statement is only valid in base chains using the *prerouting*, *input*, +*forward* or *output* hooks, and regular chains which are only called from those chains. .Keywords may be used to reject when specifying the ICMP code