From: Stefan Seyfried <seife@b1-systems.de>
Date: Mon, 25 Mar 2013 19:39:40 +0000 (+0100)
Subject: net: use newer iptables syntax
X-Git-Tag: v1.0.4-rc2^0
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e669a65903f3295080476d4ac7c061d21beea953;p=thirdparty%2Flibvirt.git

net: use newer iptables syntax

iptables-1.4.18 removed the long deprecated "state" match.
Use "conntrack" instead in forwarding rules.
Fixes openSUSE bug https://bugzilla.novell.com/811251 #811251.
---

diff --git a/src/util/viriptables.c b/src/util/viriptables.c
index 8cfafc0f17..19d61610c8 100644
--- a/src/util/viriptables.c
+++ b/src/util/viriptables.c
@@ -480,8 +480,8 @@ iptablesForwardAllowRelatedIn(iptablesContext *ctx,
                                     "--destination", networkstr,
                                     "--in-interface", physdev,
                                     "--out-interface", iface,
-                                    "--match", "state",
-                                    "--state", "ESTABLISHED,RELATED",
+                                    "--match", "conntrack",
+                                    "--ctstate", "ESTABLISHED,RELATED",
                                     "--jump", "ACCEPT",
                                     NULL);
     } else {
@@ -490,8 +490,8 @@ iptablesForwardAllowRelatedIn(iptablesContext *ctx,
                                     action,
                                     "--destination", networkstr,
                                     "--out-interface", iface,
-                                    "--match", "state",
-                                    "--state", "ESTABLISHED,RELATED",
+                                    "--match", "conntrack",
+                                    "--ctstate", "ESTABLISHED,RELATED",
                                     "--jump", "ACCEPT",
                                     NULL);
     }