diff mbox series

[nft] doc: Clarify conditions under which a reject verdict is permissible

Message ID 20191204011340.20426-1-duncan_roe@optusnet.com.au
State Accepted
Headers show
Series [nft] doc: Clarify conditions under which a reject verdict is permissible | expand

Commit Message

Duncan Roe Dec. 4, 2019, 1:13 a.m. UTC 
A phrase like "input chain" is a throwback to xtables documentation.
In nft, chains are containers for rules. They do have a type, but what's
important here is which hook each uses.

There may be other instances of this throwback elsewhere in the manual.

Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
---
 doc/statements.txt | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/doc/statements.txt b/doc/statements.txt
index 3b82436..4ff7d05 100644
--- a/doc/statements.txt
+++ b/doc/statements.txt
@@ -171,8 +171,9 @@  ____
 
 A reject statement is used to send back an error packet in response to the
 matched packet otherwise it is equivalent to drop so it is a terminating
-statement, ending rule traversal. This statement is only valid in the input,
-forward and output chains, and user-defined chains which are only called from
+statement, ending rule traversal. This statement is only valid in base chains
+using the input,
+forward or output hooks, and user-defined chains which are only called from
 those chains.
 
 .different ICMP reject variants are meant for use in different table families