doc: Clarify conditions under which a reject verdict is permissible

A phrase like "input chain" is a throwback to xtables documentation. In nft, chains are containers for rules. They do have a type, but what's important here is which hook each uses. Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Florian Westphal <fw@strlen.de>
author: Duncan Roe <duncan_roe@optusnet.com.au> 2019-12-06 13:37:12 +1100
committer: Florian Westphal <fw@strlen.de> 2019-12-06 07:49:15 +0100
commit: a8347553432c1852925ec51cc66b6676b81fbfec (patch)
tree: 184ca9593bf45753cb9a74ec87313c2319217379 /doc
parent: bc75661e787b1ba5ba67610a8bd08b5a6db314e5 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/doc/statements.txt b/doc/statements.txt
index 3b824367..ced311cb 100644
--- a/doc/statements.txt
+++ b/doc/statements.txt
@@ -171,8 +171,9 @@ ____
 
 A reject statement is used to send back an error packet in response to the
 matched packet otherwise it is equivalent to drop so it is a terminating
-statement, ending rule traversal. This statement is only valid in the input,
-forward and output chains, and user-defined chains which are only called from
+statement, ending rule traversal. This statement is only valid in base chains
+using the *input*,
+*forward* or *output* hooks, and user-defined chains which are only called from
 those chains.
 
 .different ICMP reject variants are meant for use in different table families
author	Duncan Roe <duncan_roe@optusnet.com.au>	2019-12-06 13:37:12 +1100
committer	Florian Westphal <fw@strlen.de>	2019-12-06 07:49:15 +0100
commit	a8347553432c1852925ec51cc66b6676b81fbfec (patch)
tree	184ca9593bf45753cb9a74ec87313c2319217379 /doc
parent	bc75661e787b1ba5ba67610a8bd08b5a6db314e5 (diff)