From e669a65903f3295080476d4ac7c061d21beea953 Mon Sep 17 00:00:00 2001
From: Stefan Seyfried <seife@b1-systems.de>
Date: Mon, 25 Mar 2013 20:39:40 +0100
Subject: [PATCH] net: use newer iptables syntax

iptables-1.4.18 removed the long deprecated "state" match.
Use "conntrack" instead in forwarding rules.
Fixes openSUSE bug https://bugzilla.novell.com/811251 #811251.
---
 src/util/viriptables.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/util/viriptables.c b/src/util/viriptables.c
index 8cfafc0f17..19d61610c8 100644
--- a/src/util/viriptables.c
+++ b/src/util/viriptables.c
@@ -480,8 +480,8 @@ iptablesForwardAllowRelatedIn(iptablesContext *ctx,
                                     "--destination", networkstr,
                                     "--in-interface", physdev,
                                     "--out-interface", iface,
-                                    "--match", "state",
-                                    "--state", "ESTABLISHED,RELATED",
+                                    "--match", "conntrack",
+                                    "--ctstate", "ESTABLISHED,RELATED",
                                     "--jump", "ACCEPT",
                                     NULL);
     } else {
@@ -490,8 +490,8 @@ iptablesForwardAllowRelatedIn(iptablesContext *ctx,
                                     action,
                                     "--destination", networkstr,
                                     "--out-interface", iface,
-                                    "--match", "state",
-                                    "--state", "ESTABLISHED,RELATED",
+                                    "--match", "conntrack",
+                                    "--ctstate", "ESTABLISHED,RELATED",
                                     "--jump", "ACCEPT",
                                     NULL);
     }
-- 
GitLab