summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/parser.h1
-rw-r--r--src/parser_bison.y3
-rw-r--r--src/scanner.l9
3 files changed, 9 insertions, 4 deletions
diff --git a/include/parser.h b/include/parser.h
index 090fd788..08bdeaca 100644
--- a/include/parser.h
+++ b/include/parser.h
@@ -72,6 +72,7 @@ enum startcond_type {
PARSER_SC_EXPR_UDPLITE,
PARSER_SC_STMT_LOG,
+ PARSER_SC_STMT_REJECT,
PARSER_SC_STMT_SYNPROXY,
};
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 83efb7db..25802203 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -958,6 +958,7 @@ close_scope_numgen : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_NUMGE
close_scope_osf : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_OSF); };
close_scope_quota : { scanner_pop_start_cond(nft->scanner, PARSER_SC_QUOTA); };
close_scope_queue : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_QUEUE); };
+close_scope_reject : { scanner_pop_start_cond(nft->scanner, PARSER_SC_STMT_REJECT); };
close_scope_reset : { scanner_pop_start_cond(nft->scanner, PARSER_SC_CMD_RESET); };
close_scope_rt : { scanner_pop_start_cond(nft->scanner, PARSER_SC_EXPR_RT); };
close_scope_sctp : { scanner_pop_start_cond(nft->scanner, PARSER_SC_SCTP); };
@@ -2838,7 +2839,7 @@ stmt : verdict_stmt
| stateful_stmt
| meta_stmt
| log_stmt close_scope_log
- | reject_stmt
+ | reject_stmt close_scope_reject
| nat_stmt
| tproxy_stmt
| queue_stmt
diff --git a/src/scanner.l b/src/scanner.l
index 97545b70..6ef20512 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -238,6 +238,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
%s SCANSTATE_EXPR_UDPLITE
%s SCANSTATE_STMT_LOG
+%s SCANSTATE_STMT_REJECT
%s SCANSTATE_STMT_SYNPROXY
%%
@@ -428,9 +429,11 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
"hour" { return HOUR; }
"day" { return DAY; }
-"reject" { return _REJECT; }
-"with" { return WITH; }
-"icmpx" { return ICMPX; }
+"reject" { scanner_push_start_cond(yyscanner, SCANSTATE_STMT_REJECT); return _REJECT; }
+<SCANSTATE_STMT_REJECT>{
+ "with" { return WITH; }
+ "icmpx" { return ICMPX; }
+}
"snat" { return SNAT; }
"dnat" { return DNAT; }