diff --git a/docs/formatnwfilter.html.in b/docs/formatnwfilter.html.in
index 6cc433b168..31f105e671 100644
--- a/docs/formatnwfilter.html.in
+++ b/docs/formatnwfilter.html.in
@@ -260,9 +260,11 @@
     </p>
     <ul>
      <li>
-        action -- mandatory; must either be <code>drop</code> or <code>accept</code> if
-        the evaluation of the filtering rule is supposed to drop or accept
-        a packet
+        action -- mandatory; must either be <code>drop</code>,
+        <code>reject</code><span class="since">(since 0.8.9)</span>,
+        or <code>accept</code> if
+        the evaluation of the filtering rule is supposed to drop,
+        reject (using ICMP message), or accept a packet
      </li>
      <li>
         direction -- mandatory; must either be <code>in</code>, <code>out</code> or
diff --git a/docs/schemas/nwfilter.rng b/docs/schemas/nwfilter.rng
index 5b865ced17..c2625b0658 100644
--- a/docs/schemas/nwfilter.rng
+++ b/docs/schemas/nwfilter.rng
@@ -839,6 +839,7 @@
     <choice>
       <value>drop</value>
       <value>accept</value>
+      <value>reject</value>
     </choice>
   </define>
 
diff --git a/src/conf/nwfilter_conf.c b/src/conf/nwfilter_conf.c
index c6a4d6f6d7..e5289eb777 100644
--- a/src/conf/nwfilter_conf.c
+++ b/src/conf/nwfilter_conf.c
@@ -53,11 +53,13 @@
 
 VIR_ENUM_IMPL(virNWFilterRuleAction, VIR_NWFILTER_RULE_ACTION_LAST,
               "drop",
-              "accept");
+              "accept",
+              "reject");
 
 VIR_ENUM_IMPL(virNWFilterJumpTarget, VIR_NWFILTER_RULE_ACTION_LAST,
               "DROP",
-              "ACCEPT");
+              "ACCEPT",
+              "REJECT");
 
 VIR_ENUM_IMPL(virNWFilterRuleDirection, VIR_NWFILTER_RULE_DIRECTION_LAST,
               "in",
diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h
index 34ff399b8a..5db465890a 100644
--- a/src/conf/nwfilter_conf.h
+++ b/src/conf/nwfilter_conf.h
@@ -291,6 +291,7 @@ struct _udpliteHdrFilterDef {
 enum virNWFilterRuleActionType {
     VIR_NWFILTER_RULE_ACTION_DROP = 0,
     VIR_NWFILTER_RULE_ACTION_ACCEPT,
+    VIR_NWFILTER_RULE_ACTION_REJECT,
 
     VIR_NWFILTER_RULE_ACTION_LAST,
 };
diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
index 6ec59ea706..2ec5b022a0 100644
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -1516,7 +1516,7 @@ _iptablesCreateRuleInstance(int directionIn,
     if (rule->action == VIR_NWFILTER_RULE_ACTION_ACCEPT)
         target = accept_target;
     else {
-        target = "DROP";
+        target = virNWFilterJumpTargetTypeToString(rule->action);
         skipMatch = defMatch;
     }
 
@@ -1880,6 +1880,7 @@ ebtablesCreateRuleInstance(char chainPrefix,
          number[20];
     char chain[MAX_CHAINNAME_LENGTH];
     virBuffer buf = VIR_BUFFER_INITIALIZER;
+    const char *target;
 
     if (!ebtables_cmd_path) {
         virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, "%s",
@@ -2295,10 +2296,20 @@ ebtablesCreateRuleInstance(char chainPrefix,
         return -1;
     }
 
+    switch (rule->action) {
+    case VIR_NWFILTER_RULE_ACTION_REJECT:
+        /* REJECT not supported */
+        target = virNWFilterJumpTargetTypeToString(
+                                     VIR_NWFILTER_RULE_ACTION_DROP);
+    break;
+    default:
+        target = virNWFilterJumpTargetTypeToString(rule->action);
+    }
+
     virBufferVSprintf(&buf,
                       " -j %s" CMD_DEF_POST CMD_SEPARATOR
                       CMD_EXEC,
-                      virNWFilterJumpTargetTypeToString(rule->action));
+                      target);
 
     if (virBufferError(&buf)) {
         virBufferFreeAndReset(&buf);