authorPablo Neira Ayuso <>2014-06-20 14:58:54 +0200
committerPablo Neira Ayuso <>2014-06-20 15:00:02 +0200
src: revert broken reject icmp code support
This patch reverts Alvaro's 34040b1 ("reject: add ICMP code parameter for indicating the type of error") and 11b2bb2 ("reject: Use protocol context for indicating the reject type"). These patches are flawed by two things: 1) IPv6 support is broken, only ICMP codes are considered. 2) If you don't specify any transport context, the utility exits without adding the rule, eg. nft add rule ip filter input reject. The kernel is also flawed when it comes to the inet table. Let's revert this until we can provide decent reject reason support. Signed-off-by: Pablo Neira Ayuso <>
diff --git a/include/statement.h b/include/statement.h
index 28f9a354..480b7190 100644
--- a/include/statement.h
+++ b/include/statement.h
@@ -47,7 +47,6 @@ extern struct stmt *limit_stmt_alloc(const struct location *loc);
struct reject_stmt {
enum nft_reject_types type;
- int8_t icmp_code;
extern struct stmt *reject_stmt_alloc(const struct location *loc);