summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/parser_bison.y20
-rw-r--r--src/statement.c6
2 files changed, 23 insertions, 3 deletions
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 79b5aef2..b83ac9a2 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -3319,6 +3319,13 @@ reject_opts : /* empty */
$<stmt>0->reject.expr = $4;
datatype_set($<stmt>0->reject.expr, &icmp_code_type);
}
+ | WITH ICMP reject_with_expr
+ {
+ $<stmt>0->reject.family = NFPROTO_IPV4;
+ $<stmt>0->reject.type = NFT_REJECT_ICMP_UNREACH;
+ $<stmt>0->reject.expr = $3;
+ datatype_set($<stmt>0->reject.expr, &icmp_code_type);
+ }
| WITH ICMP6 TYPE reject_with_expr
{
$<stmt>0->reject.family = NFPROTO_IPV6;
@@ -3326,12 +3333,25 @@ reject_opts : /* empty */
$<stmt>0->reject.expr = $4;
datatype_set($<stmt>0->reject.expr, &icmpv6_code_type);
}
+ | WITH ICMP6 reject_with_expr
+ {
+ $<stmt>0->reject.family = NFPROTO_IPV6;
+ $<stmt>0->reject.type = NFT_REJECT_ICMP_UNREACH;
+ $<stmt>0->reject.expr = $3;
+ datatype_set($<stmt>0->reject.expr, &icmpv6_code_type);
+ }
| WITH ICMPX TYPE reject_with_expr
{
$<stmt>0->reject.type = NFT_REJECT_ICMPX_UNREACH;
$<stmt>0->reject.expr = $4;
datatype_set($<stmt>0->reject.expr, &icmpx_code_type);
}
+ | WITH ICMPX reject_with_expr
+ {
+ $<stmt>0->reject.type = NFT_REJECT_ICMPX_UNREACH;
+ $<stmt>0->reject.expr = $3;
+ datatype_set($<stmt>0->reject.expr, &icmpx_code_type);
+ }
| WITH TCP RESET
{
$<stmt>0->reject.type = NFT_REJECT_TCP_RST;
diff --git a/src/statement.c b/src/statement.c
index 06742c04..97b163e8 100644
--- a/src/statement.c
+++ b/src/statement.c
@@ -585,7 +585,7 @@ static void reject_stmt_print(const struct stmt *stmt, struct output_ctx *octx)
case NFT_REJECT_ICMPX_UNREACH:
if (stmt->reject.icmp_code == NFT_REJECT_ICMPX_PORT_UNREACH)
break;
- nft_print(octx, " with icmpx type ");
+ nft_print(octx, " with icmpx ");
expr_print(stmt->reject.expr, octx);
break;
case NFT_REJECT_ICMP_UNREACH:
@@ -594,14 +594,14 @@ static void reject_stmt_print(const struct stmt *stmt, struct output_ctx *octx)
if (!stmt->reject.verbose_print &&
stmt->reject.icmp_code == ICMP_PORT_UNREACH)
break;
- nft_print(octx, " with icmp type ");
+ nft_print(octx, " with icmp ");
expr_print(stmt->reject.expr, octx);
break;
case NFPROTO_IPV6:
if (!stmt->reject.verbose_print &&
stmt->reject.icmp_code == ICMP6_DST_UNREACH_NOPORT)
break;
- nft_print(octx, " with icmpv6 type ");
+ nft_print(octx, " with icmpv6 ");
expr_print(stmt->reject.expr, octx);
break;
}