1 files changed, 7 insertions, 2 deletions

diff --git a/src/evaluate.c b/src/evaluate.c
index c15cd55f..216194f1 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -17,6 +17,7 @@
 #include <linux/netfilter.h>
 #include <linux/netfilter_arp.h>
 #include <linux/netfilter/nf_tables.h>
+#include <linux/icmp.h>
 
 #include <expression.h>
 #include <statement.h>
@@ -1139,10 +1140,14 @@ static int stmt_evaluate_reject(struct eval_ctx *ctx, struct stmt *stmt)
 	if (base == NULL)
 		return -1;
 
-	if (strcmp(base->name, "tcp") == 0)
+	if (strcmp(base->name, "tcp") == 0 && stmt->reject.icmp_code == -1) {
 		stmt->reject.type = NFT_REJECT_TCP_RST;
-	else
+		stmt->reject.icmp_code = ICMP_NET_UNREACH;
+	} else {
 		stmt->reject.type = NFT_REJECT_ICMP_UNREACH;
+		if (stmt->reject.icmp_code < 0)
+			stmt->reject.icmp_code = ICMP_NET_UNREACH;
+	}
 
 	stmt->flags |= STMT_F_TERMINAL;
 	return 0;