From f34381547094a80d182bd523c372fa87f7ad9b2e Mon Sep 17 00:00:00 2001 From: Christoph Anton Mitterer Date: Fri, 24 Oct 2025 03:36:48 +0200 Subject: [PATCH] doc: minor improvements the `reject` statement Signed-off-by: Christoph Anton Mitterer Signed-off-by: Florian Westphal --- doc/statements.txt | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/doc/statements.txt b/doc/statements.txt index b4c63ffc..3475ef4e 100644 --- a/doc/statements.txt +++ b/doc/statements.txt @@ -1,3 +1,4 @@ +[[VERDICT_STATEMENTS]] VERDICT STATEMENTS ~~~~~~~~~~~~~~~~~~ The verdict statements alter control flow in the ruleset and issue policy decisions for packets. @@ -201,11 +202,12 @@ ____ *tcp reset* ____ -A reject statement is used to send back an error packet in response to the -matched packet otherwise it is equivalent to drop so it is a terminating -statement, ending rule traversal. This statement is only valid in base chains -using the *prerouting*, *input*, -*forward* or *output* hooks, and user-defined chains which are only called from +A reject statement tries to send back an error packet in response to the matched +packet and then interally issues a *drop* verdict. +It’s thus a terminating statement with all consequences of the latter (see +<> respectively <>). +This statement is only valid in base chains using the *prerouting*, *input*, +*forward* or *output* hooks, and regular chains which are only called from those chains. .Keywords may be used to reject when specifying the ICMP code -- 2.47.3