netfilter: bridge: add reject support

So you can reject IPv4 and IPv6 packets from bridge tables. If the ether proto is now known, default on dropping the packet instead. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2014-06-27 11:36:11 (GMT)
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2014-07-22 10:00:22 (GMT)
commit: 85f5b3086a04c459f9147859fcbf7bdc7578c378 (patch)
tree: f14b01a895eed8fcb1200e40c867a0b69ab2d3f7 /net/bridge/netfilter/Kconfig
parent: 8fd90bb889635fa1e7f80a3950948cc2e74c1446 (diff)
download: linux-85f5b3086a04c459f9147859fcbf7bdc7578c378.tar.xz
1 files changed, 6 insertions, 0 deletions
diff --git a/net/bridge/netfilter/Kconfig b/net/bridge/netfilter/Kconfig
index 4ce0b31..9cebf47 100644
--- a/net/bridge/netfilter/Kconfig
+++ b/net/bridge/netfilter/Kconfig
@@ -14,6 +14,12 @@ config NFT_BRIDGE_META
 	help
 	  Add support for bridge dedicated meta key.
 
+config NFT_BRIDGE_REJECT
+	tristate "Netfilter nf_tables bridge reject support"
+	depends on NFT_REJECT && NFT_REJECT_IPV4 && NFT_REJECT_IPV6
+	help
+	  Add support to reject packets.
+
 config NF_LOG_BRIDGE
 	tristate "Bridge packet logging"
author	Pablo Neira Ayuso <pablo@netfilter.org>	2014-06-27 11:36:11 (GMT)
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2014-07-22 10:00:22 (GMT)
commit	85f5b3086a04c459f9147859fcbf7bdc7578c378 (patch)
tree	f14b01a895eed8fcb1200e40c867a0b69ab2d3f7 /net/bridge/netfilter/Kconfig
parent	8fd90bb889635fa1e7f80a3950948cc2e74c1446 (diff)
download	linux-85f5b3086a04c459f9147859fcbf7bdc7578c378.tar.xz