diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-07-26 17:22:32 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-07-26 17:50:19 +0200 |
commit | 08d2f049367153d2c3b03c95b2ca7256cdf3521d (patch) | |
tree | 35b291e94c051a50d1473d21932f6a27ff8498b5 /tests/py/ip/reject.t | |
parent | 1ab1fcbc19a82e03d229586b8fd5b16396a9fab7 (diff) |
src: promote 'reject with icmp CODE' syntax
The kernel already assumes that that ICMP type to reject a packet is
destination-unreachable, hence the user specifies the *ICMP code*.
Simplify the syntax to:
... reject with icmp port-unreachable
this removes the 'type' keyword before the ICMP code to reject the
packet with.
IIRC, the original intention is to leave room for future extensions that
allow to specify both the ICMP type and the ICMP code, this is however
not possible with the current inconsistent syntax.
Update manpages which also refer to ICMP type.
Adjust tests/py to the new syntax.
Fixes: 5fdd0b6a0600 ("nft: complete reject support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py/ip/reject.t')
-rw-r--r-- | tests/py/ip/reject.t | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/tests/py/ip/reject.t b/tests/py/ip/reject.t index 74a5a041..ad009944 100644 --- a/tests/py/ip/reject.t +++ b/tests/py/ip/reject.t @@ -3,15 +3,15 @@ *ip;test-ip4;output reject;ok -reject with icmp type host-unreachable;ok -reject with icmp type net-unreachable;ok -reject with icmp type prot-unreachable;ok -reject with icmp type port-unreachable;ok;reject -reject with icmp type net-prohibited;ok -reject with icmp type host-prohibited;ok -reject with icmp type admin-prohibited;ok -reject with icmp type 3;ok;reject +reject with icmp host-unreachable;ok +reject with icmp net-unreachable;ok +reject with icmp prot-unreachable;ok +reject with icmp port-unreachable;ok;reject +reject with icmp net-prohibited;ok +reject with icmp host-prohibited;ok +reject with icmp admin-prohibited;ok +reject with icmp 3;ok;reject mark 0x80000000 reject with tcp reset;ok;meta mark 0x80000000 reject with tcp reset -reject with icmp type no-route;fail -reject with icmpv6 type no-route;fail +reject with icmp no-route;fail +reject with icmpv6 no-route;fail |