On Mon, Aug 13, 2018 at 06:58:57PM +0200, Phil Sutter wrote: > Commit 3e6ab2b335142 added restraints on reject types for bridge and > inet families but aparently those were too strict: If a rule in e.g. > inet family contained a match which introduced a protocol dependency, > icmpx type rejects were disallowed for no obvious reason. > > Allow icmpx type rejects in inet family regardless of protocol > dependency since we either have IPv4 or IPv6 traffic in there and for > both icmpx is fine. > > Merge restraints in bridge family with those for TCP reset since it > already does what is needed, namely checking that ether proto is either > IPv4 or IPv6.
Applied, thanks Phil.
