]> git.ipfire.org Git - thirdparty/nftables.git/commitdiff
projects / thirdparty / nftables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bd92c25)
nft.8: Document limitation of reject statement in bridge family
authorPhil Sutter <phil@nwl.cc>
Tue, 15 May 2018 15:34:30 +0000 (17:34 +0200)
committerFlorian Westphal <fw@strlen.de>
Thu, 17 May 2018 13:40:59 +0000 (15:40 +0200)
Bridge family allows reject statement in prerouting and input chains
only. Users can't know without looking at kernel code.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
doc/nft.xml patch | blob | blame | history

diff --git a/doc/nft.xml b/doc/nft.xml
index 05193e67ed6dcc429c6ce232346fd5b20b75fc00..cd6c012ff1b6d081f27144490a398e3a7da1632c 100644 (file)
--- a/doc/nft.xml
+++ b/doc/nft.xml
@@ -4873,6 +4873,10 @@ ip6 filter output log flags all
                                The common default reject value is
                                <command>port-unreachable</command>.
                        </para>
+                       <para>
+                               Note that in bridge family, reject statement is only allowed in base chains which
+                               hook into <literal>input</literal> or <literal>prerouting</literal>.
+                       </para>
                </refsect2>
                <refsect2>
                        <title>Counter statement</title>
Mirror of git://git.netfilter.org/nftables