1 --- userspace/extensions/libipt_REJECT.c.original 2002-06-24 13:34:59.000000000 +0800
2 +++ userspace/extensions/libipt_REJECT.c 2002-06-21 18:16:29.000000000 +0800
9 #include <linux/netfilter_ipv4/ip_tables.h>
10 #include <linux/netfilter_ipv4/ipt_REJECT.h>
15 -/* Saves the union ipt_targinfo in parsable form to stdout. */
16 +/* Saves the struct ipt_targinfo in parsable form to stdout. */
18 /* Function which prints out usage message. */
22 "--reject-with type drop input packet and send back\n"
23 " a reply packet according to type:\n");
27 +"--fake-source fake the source address with the destination\n"
28 +" address of the matched packet (useful for\n"
29 +" port unreachable ICMP message).\n");
31 printf("(*) See man page or read the INCOMPATIBILITES file for compatibility issues.\n");
34 static struct option opts[] = {
35 { "reject-with", 1, 0, '1' },
36 + { "fake-source", 0, 0, '2' },
43 reject->with = IPT_ICMP_PORT_UNREACHABLE;
44 + reject->fake_source_address = 0; /* by default we don't fake */
46 /* Can't cache this */
47 *nfcache |= NFC_UNKNOWN;
49 fprintf(stderr, "--reject-with echo-reply no longer"
51 exit_error(PARAMETER_PROBLEM, "unknown reject type `%s'",optarg);
52 + if ((reject->fake_source_address != 0) && (reject->with == IPT_TCP_RESET))
53 + exit_error(PARAMETER_PROBLEM,
54 + "Cannot use fake source address with TCP_RESET for REJECT");
59 + exit_error(PARAMETER_PROBLEM,
60 + "unexpected '!' with --fake-source");
61 + if (reject->with == IPT_TCP_RESET)
62 + exit_error(PARAMETER_PROBLEM,
63 + "Cannot use fake source address with TCP_RESET for REJECT");
64 + reject->fake_source_address = 1;
73 printf("reject-with %s ", reject_table[i].name);
74 + if (reject->fake_source_address != 0)
75 + printf("faked-source ");
78 /* Saves ipt_reject in parsable form to stdout. */
82 printf("--reject-with %s ", reject_table[i].name);
83 + if (reject->fake_source_address != 0)
84 + printf("--fake-source ");