net: use newer iptables syntax

iptables-1.4.18 removed the long deprecated "state" match. Use "conntrack" instead in forwarding rules. Fixes openSUSE bug https://bugzilla.novell.com/811251 #811251.

net: use newer iptables syntax
iptables-1.4.18 removed the long deprecated "state" match. Use "conntrack" instead in forwarding rules. Fixes openSUSE bug https://bugzilla.novell.com/811251 #811251.
e669a659 · Stefan Seyfried · Eric Blake · d0cc811e · e669a659
隐藏空白更改
内联并排

Showing with 4 addition and 4 deletion

src/util/viriptables.c src/util/viriptables.c +4 -4

未找到文件。
--- a/src/util/viriptables.c
+++ b/src/util/viriptables.c
@@ -480,8 +480,8 @@ iptablesForwardAllowRelatedIn(iptablesContext *ctx,
                                    "--destination", networkstr,
                                    "--in-interface", physdev,
                                    "--out-interface", iface,
-                                    "--match", "state",
+                                    "--match", "conntrack",
-                                    "--state", "ESTABLISHED,RELATED",
+                                    "--ctstate", "ESTABLISHED,RELATED",
                                    "--jump", "ACCEPT",
                                    NULL);
    } else {
@@ -490,8 +490,8 @@ iptablesForwardAllowRelatedIn(iptablesContext *ctx,
                                    action,
                                    "--destination", networkstr,
                                    "--out-interface", iface,
-                                    "--match", "state",
+                                    "--match", "conntrack",
-                                    "--state", "ESTABLISHED,RELATED",
+                                    "--ctstate", "ESTABLISHED,RELATED",
                                    "--jump", "ACCEPT",
                                    NULL);
    }