Long ago we adapted to iptables changes by introducing support for '-m conntrack': commit 06844ccbaa8544d7d08d568aff37bc4e3648f304 Author: Stefan Berger <stefanb@xxxxxxxxxx> Date: Tue Aug 6 20:30:46 2013 -0400 nwfilter: Use -m conntrack rather than -m state Since iptables version 1.4.16 '-m state --state NEW' is converted to '-m conntrack --ctstate NEW'. Therefore, when encountering this or later versions of iptables use '-m conntrack --ctstate'. Given our supported platform targets, we no longer need to consider a version of iptables before 1.4.16, so can drop support for the old syntax. The test suite updates are triggered because that never probed for the new syntax, and so unconditionally generated the old syntax. Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> --- src/nwfilter/nwfilter_ebiptables_driver.c | 73 +- .../ah-ipv6-linux.args | 36 +- tests/nwfilterxml2firewalldata/ah-linux.args | 36 +- .../all-ipv6-linux.args | 36 +- tests/nwfilterxml2firewalldata/all-linux.args | 36 +- .../comment-linux.args | 60 +- .../conntrack-linux.args | 12 +- .../esp-ipv6-linux.args | 36 +- tests/nwfilterxml2firewalldata/esp-linux.args | 36 +- .../example-1-linux.args | 36 +- .../example-2-linux.args | 28 +- .../hex-data-linux.args | 24 +- .../icmp-direction-linux.args | 12 +- .../icmp-direction2-linux.args | 12 +- .../icmp-direction3-linux.args | 12 +- .../nwfilterxml2firewalldata/icmp-linux.args | 12 +- .../icmpv6-linux.args | 16 +- .../nwfilterxml2firewalldata/igmp-linux.args | 36 +- .../nwfilterxml2firewalldata/ipset-linux.args | 48 +- .../nwfilterxml2firewalldata/iter1-linux.args | 36 +- .../nwfilterxml2firewalldata/iter2-linux.args | 684 +++++++++--------- .../nwfilterxml2firewalldata/iter3-linux.args | 60 +- .../sctp-ipv6-linux.args | 36 +- .../nwfilterxml2firewalldata/sctp-linux.args | 36 +- .../target-linux.args | 24 +- .../target2-linux.args | 12 +- .../tcp-ipv6-linux.args | 36 +- tests/nwfilterxml2firewalldata/tcp-linux.args | 12 +- .../udp-ipv6-linux.args | 36 +- tests/nwfilterxml2firewalldata/udp-linux.args | 36 +- .../udplite-ipv6-linux.args | 36 +- .../udplite-linux.args | 36 +- 32 files changed, 806 insertions(+), 871 deletions(-) diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c index 54065a0f75..9bdefb1564 100644 --- a/src/nwfilter/nwfilter_ebiptables_driver.c +++ b/src/nwfilter/nwfilter_ebiptables_driver.c @@ -88,8 +88,6 @@ static enum ctdirStatus iptables_ctdir_corrected; #define PRINT_IPT_ROOT_CHAIN(buf, prefix, ifname) \ g_snprintf(buf, sizeof(buf), "%c%c-%s", prefix[0], prefix[1], ifname) -static bool newMatchState; - #define MATCH_PHYSDEV_IN_FW "-m", "physdev", "--physdev-in" #define MATCH_PHYSDEV_OUT_FW "-m", "physdev", "--physdev-is-bridged", "--physdev-out" #define MATCH_PHYSDEV_OUT_OLD_FW "-m", "physdev", "--physdev-out" @@ -1489,16 +1487,10 @@ _iptablesCreateRuleInstance(virFirewall *fw, } if (match && !skipMatch) { - if (newMatchState) - virFirewallRuleAddArgList(fw, fwrule, - "-m", "conntrack", - "--ctstate", match, - NULL); - else - virFirewallRuleAddArgList(fw, fwrule, - "-m", "state", - "--state", match, - NULL); + virFirewallRuleAddArgList(fw, fwrule, + "-m", "conntrack", + "--ctstate", match, + NULL); } if (defMatch && match != NULL && !skipMatch && !hasICMPType) @@ -3668,61 +3660,6 @@ ebiptablesDriverProbeCtdir(void) } -static int -ebiptablesDriverProbeStateMatchQuery(virFirewall *fw G_GNUC_UNUSED, - virFirewallLayer layer G_GNUC_UNUSED, - const char *const *lines, - void *opaque) -{ - unsigned long *version = opaque; - char *tmp; - - if (!lines || !lines[0]) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("No output from iptables --version")); - return -1; - } - - /* - * we expect output in the format - * 'iptables v1.4.16' - */ - if (!(tmp = strchr(lines[0], 'v')) || - virStringParseVersion(version, tmp + 1, true) < 0) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("Cannot parse version string '%s'"), - lines[0]); - return -1; - } - - return 0; -} - - -static int -ebiptablesDriverProbeStateMatch(void) -{ - unsigned long version; - g_autoptr(virFirewall) fw = virFirewallNew(); - - virFirewallStartTransaction(fw, 0); - virFirewallAddRuleFull(fw, VIR_FIREWALL_LAYER_IPV4, - false, ebiptablesDriverProbeStateMatchQuery, &version, - "--version", NULL); - - if (virFirewallApply(fw) < 0) - return -1; - - /* - * since version 1.4.16 '-m state --state ...' will be converted to - * '-m conntrack --ctstate ...' - */ - if (version >= 1 * 1000000 + 4 * 1000 + 16) - newMatchState = true; - - return 0; -} - static int ebiptablesDriverInit(bool privileged) { @@ -3730,8 +3667,6 @@ ebiptablesDriverInit(bool privileged) return 0; ebiptablesDriverProbeCtdir(); - if (ebiptablesDriverProbeStateMatch() < 0) - return -1; ebiptables_driver.flags = TECHDRV_FLAG_INITIALIZED; diff --git a/tests/nwfilterxml2firewalldata/ah-ipv6-linux.args b/tests/nwfilterxml2firewalldata/ah-ipv6-linux.args index f0bf85e8a1..d36d63741a 100644 --- a/tests/nwfilterxml2firewalldata/ah-ipv6-linux.args +++ b/tests/nwfilterxml2firewalldata/ah-ipv6-linux.args @@ -8,8 +8,8 @@ ip6tables \ --destination a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -19,8 +19,8 @@ ip6tables \ --source a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -32,8 +32,8 @@ ip6tables \ --destination a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -42,8 +42,8 @@ ip6tables \ --destination a:b:c::/128 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -54,8 +54,8 @@ ip6tables \ --source a:b:c::/128 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -64,8 +64,8 @@ ip6tables \ --destination a:b:c::/128 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -74,8 +74,8 @@ ip6tables \ --destination ::ffff:10.1.2.3/128 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -86,8 +86,8 @@ ip6tables \ --source ::ffff:10.1.2.3/128 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -96,6 +96,6 @@ ip6tables \ --destination ::ffff:10.1.2.3/128 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/ah-linux.args b/tests/nwfilterxml2firewalldata/ah-linux.args index c7e5c1eb17..886ccfb050 100644 --- a/tests/nwfilterxml2firewalldata/ah-linux.args +++ b/tests/nwfilterxml2firewalldata/ah-linux.args @@ -7,8 +7,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -17,8 +17,8 @@ iptables \ --source 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -29,8 +29,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -39,8 +39,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -51,8 +51,8 @@ iptables \ --source 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -61,8 +61,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -71,8 +71,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -83,8 +83,8 @@ iptables \ --source 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -93,6 +93,6 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/all-ipv6-linux.args b/tests/nwfilterxml2firewalldata/all-ipv6-linux.args index 5eb6033c64..732627c546 100644 --- a/tests/nwfilterxml2firewalldata/all-ipv6-linux.args +++ b/tests/nwfilterxml2firewalldata/all-ipv6-linux.args @@ -8,8 +8,8 @@ ip6tables \ --destination a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -19,8 +19,8 @@ ip6tables \ --source a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -32,8 +32,8 @@ ip6tables \ --destination a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -42,8 +42,8 @@ ip6tables \ --destination a:b:c::/128 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -54,8 +54,8 @@ ip6tables \ --source a:b:c::/128 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -64,8 +64,8 @@ ip6tables \ --destination a:b:c::/128 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -74,8 +74,8 @@ ip6tables \ --destination ::ffff:10.1.2.3/128 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -86,8 +86,8 @@ ip6tables \ --source ::ffff:10.1.2.3/128 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -96,6 +96,6 @@ ip6tables \ --destination ::ffff:10.1.2.3/128 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/all-linux.args b/tests/nwfilterxml2firewalldata/all-linux.args index 187d9ed9ca..a2bc6996d7 100644 --- a/tests/nwfilterxml2firewalldata/all-linux.args +++ b/tests/nwfilterxml2firewalldata/all-linux.args @@ -7,8 +7,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -17,8 +17,8 @@ iptables \ --source 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -29,8 +29,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -39,8 +39,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -51,8 +51,8 @@ iptables \ --source 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -61,8 +61,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -71,8 +71,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -83,8 +83,8 @@ iptables \ --source 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -93,6 +93,6 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/comment-linux.args b/tests/nwfilterxml2firewalldata/comment-linux.args index 2b940ccd84..052b607cb2 100644 --- a/tests/nwfilterxml2firewalldata/comment-linux.args +++ b/tests/nwfilterxml2firewalldata/comment-linux.args @@ -55,8 +55,8 @@ iptables \ --dscp 34 \ --sport 291:400 \ --dport 564:1092 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -m comment \ --comment 'udp rule' \ -j RETURN @@ -69,8 +69,8 @@ iptables \ --dscp 34 \ --dport 291:400 \ --sport 564:1092 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m comment \ --comment 'udp rule' \ -j ACCEPT @@ -85,8 +85,8 @@ iptables \ --dscp 34 \ --sport 291:400 \ --dport 564:1092 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -m comment \ --comment 'udp rule' \ -j RETURN @@ -99,8 +99,8 @@ ip6tables \ --dscp 57 \ --dport 32:33 \ --sport 256:4369 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m comment \ --comment 'tcp/ipv6 rule' \ -j RETURN @@ -115,8 +115,8 @@ ip6tables \ --dscp 57 \ --sport 32:33 \ --dport 256:4369 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -m comment \ --comment 'tcp/ipv6 rule' \ -j ACCEPT @@ -129,8 +129,8 @@ ip6tables \ --dscp 57 \ --dport 32:33 \ --sport 256:4369 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m comment \ --comment 'tcp/ipv6 rule' \ -j RETURN @@ -138,8 +138,8 @@ ip6tables \ -w \ -A FJ-vnet0 \ -p udp \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m comment \ --comment '`ls`;${COLUMNS};$(ls);"test";&'\''3 spaces'\''' \ -j RETURN @@ -147,8 +147,8 @@ ip6tables \ -w \ -A FP-vnet0 \ -p udp \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -m comment \ --comment '`ls`;${COLUMNS};$(ls);"test";&'\''3 spaces'\''' \ -j ACCEPT @@ -156,8 +156,8 @@ ip6tables \ -w \ -A HJ-vnet0 \ -p udp \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m comment \ --comment '`ls`;${COLUMNS};$(ls);"test";&'\''3 spaces'\''' \ -j RETURN @@ -165,8 +165,8 @@ ip6tables \ -w \ -A FJ-vnet0 \ -p sctp \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m comment \ --comment 'comment with lone '\'', `, ", `, \, $x, and two spaces' \ -j RETURN @@ -174,8 +174,8 @@ ip6tables \ -w \ -A FP-vnet0 \ -p sctp \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -m comment \ --comment 'comment with lone '\'', `, ", `, \, $x, and two spaces' \ -j ACCEPT @@ -183,8 +183,8 @@ ip6tables \ -w \ -A HJ-vnet0 \ -p sctp \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m comment \ --comment 'comment with lone '\'', `, ", `, \, $x, and two spaces' \ -j RETURN @@ -192,8 +192,8 @@ ip6tables \ -w \ -A FJ-vnet0 \ -p ah \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m comment \ --comment 'tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp}' \ -j RETURN @@ -201,8 +201,8 @@ ip6tables \ -w \ -A FP-vnet0 \ -p ah \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -m comment \ --comment 'tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp}' \ -j ACCEPT @@ -210,8 +210,8 @@ ip6tables \ -w \ -A HJ-vnet0 \ -p ah \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m comment \ --comment 'tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp}' \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/conntrack-linux.args b/tests/nwfilterxml2firewalldata/conntrack-linux.args index 78495598a1..4e7652e293 100644 --- a/tests/nwfilterxml2firewalldata/conntrack-linux.args +++ b/tests/nwfilterxml2firewalldata/conntrack-linux.args @@ -30,20 +30,20 @@ iptables \ -w \ -A FJ-vnet0 \ -p all \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ -A FP-vnet0 \ -p all \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ -A HJ-vnet0 \ -p all \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/esp-ipv6-linux.args b/tests/nwfilterxml2firewalldata/esp-ipv6-linux.args index 426bdd3083..be58a3f04b 100644 --- a/tests/nwfilterxml2firewalldata/esp-ipv6-linux.args +++ b/tests/nwfilterxml2firewalldata/esp-ipv6-linux.args @@ -8,8 +8,8 @@ ip6tables \ --destination a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -19,8 +19,8 @@ ip6tables \ --source a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -32,8 +32,8 @@ ip6tables \ --destination a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -42,8 +42,8 @@ ip6tables \ --destination a:b:c::/128 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -54,8 +54,8 @@ ip6tables \ --source a:b:c::/128 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -64,8 +64,8 @@ ip6tables \ --destination a:b:c::/128 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -74,8 +74,8 @@ ip6tables \ --destination ::ffff:10.1.2.3/128 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -86,8 +86,8 @@ ip6tables \ --source ::ffff:10.1.2.3/128 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -96,6 +96,6 @@ ip6tables \ --destination ::ffff:10.1.2.3/128 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/esp-linux.args b/tests/nwfilterxml2firewalldata/esp-linux.args index 7cd70afaa1..f8626282e4 100644 --- a/tests/nwfilterxml2firewalldata/esp-linux.args +++ b/tests/nwfilterxml2firewalldata/esp-linux.args @@ -7,8 +7,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -17,8 +17,8 @@ iptables \ --source 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -29,8 +29,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -39,8 +39,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -51,8 +51,8 @@ iptables \ --source 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -61,8 +61,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -71,8 +71,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -83,8 +83,8 @@ iptables \ --source 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -93,6 +93,6 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/example-1-linux.args b/tests/nwfilterxml2firewalldata/example-1-linux.args index 1cc3746d40..32ffb8edfa 100644 --- a/tests/nwfilterxml2firewalldata/example-1-linux.args +++ b/tests/nwfilterxml2firewalldata/example-1-linux.args @@ -3,66 +3,66 @@ iptables \ -A FJ-vnet0 \ -p tcp \ --sport 22 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ -A FP-vnet0 \ -p tcp \ --dport 22 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ -A HJ-vnet0 \ -p tcp \ --sport 22 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ -A FJ-vnet0 \ -p icmp \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ -A FP-vnet0 \ -p icmp \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ -A HJ-vnet0 \ -p icmp \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ -A FJ-vnet0 \ -p all \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ -A FP-vnet0 \ -p all \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ -A HJ-vnet0 \ -p all \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ diff --git a/tests/nwfilterxml2firewalldata/example-2-linux.args b/tests/nwfilterxml2firewalldata/example-2-linux.args index 87462ad954..e7247aeb23 100644 --- a/tests/nwfilterxml2firewalldata/example-2-linux.args +++ b/tests/nwfilterxml2firewalldata/example-2-linux.args @@ -2,8 +2,8 @@ iptables \ -w \ -A FJ-vnet0 \ -p all \ --m state \ ---state ESTABLISHED,RELATED \ +-m conntrack \ +--ctstate ESTABLISHED,RELATED \ -m comment \ --comment 'out: existing and related (ftp) connections' \ -j RETURN @@ -11,8 +11,8 @@ iptables \ -w \ -A HJ-vnet0 \ -p all \ --m state \ ---state ESTABLISHED,RELATED \ +-m conntrack \ +--ctstate ESTABLISHED,RELATED \ -m comment \ --comment 'out: existing and related (ftp) connections' \ -j RETURN @@ -20,8 +20,8 @@ iptables \ -w \ -A FP-vnet0 \ -p all \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m comment \ --comment 'in: existing connections' \ -j ACCEPT @@ -30,8 +30,8 @@ iptables \ -A FP-vnet0 \ -p tcp \ --dport 21:22 \ --m state \ ---state NEW \ +-m conntrack \ +--ctstate NEW \ -m comment \ --comment 'in: ftp and ssh' \ -j ACCEPT @@ -39,8 +39,8 @@ iptables \ -w \ -A FP-vnet0 \ -p icmp \ --m state \ ---state NEW \ +-m conntrack \ +--ctstate NEW \ -m comment \ --comment 'in: icmp' \ -j ACCEPT @@ -49,8 +49,8 @@ iptables \ -A FJ-vnet0 \ -p udp \ --dport 53 \ --m state \ ---state NEW \ +-m conntrack \ +--ctstate NEW \ -m comment \ --comment 'out: DNS lookups' \ -j RETURN @@ -59,8 +59,8 @@ iptables \ -A HJ-vnet0 \ -p udp \ --dport 53 \ --m state \ ---state NEW \ +-m conntrack \ +--ctstate NEW \ -m comment \ --comment 'out: DNS lookups' \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/hex-data-linux.args b/tests/nwfilterxml2firewalldata/hex-data-linux.args index ff8f528c48..8b09922a65 100644 --- a/tests/nwfilterxml2firewalldata/hex-data-linux.args +++ b/tests/nwfilterxml2firewalldata/hex-data-linux.args @@ -55,8 +55,8 @@ iptables \ --dscp 34 \ --sport 291:400 \ --dport 564:1092 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -67,8 +67,8 @@ iptables \ --dscp 34 \ --dport 291:400 \ --sport 564:1092 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -81,8 +81,8 @@ iptables \ --dscp 34 \ --sport 291:400 \ --dport 564:1092 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -93,8 +93,8 @@ ip6tables \ --dscp 57 \ --dport 32:33 \ --sport 256:4369 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -107,8 +107,8 @@ ip6tables \ --dscp 57 \ --sport 32:33 \ --dport 256:4369 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -119,6 +119,6 @@ ip6tables \ --dscp 57 \ --dport 32:33 \ --sport 256:4369 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/icmp-direction-linux.args b/tests/nwfilterxml2firewalldata/icmp-direction-linux.args index 7548aaeba5..a7ad6ac9d8 100644 --- a/tests/nwfilterxml2firewalldata/icmp-direction-linux.args +++ b/tests/nwfilterxml2firewalldata/icmp-direction-linux.args @@ -3,24 +3,24 @@ iptables \ -A FP-vnet0 \ -p icmp \ --icmp-type 0 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ -A FJ-vnet0 \ -p icmp \ --icmp-type 8 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ -A HJ-vnet0 \ -p icmp \ --icmp-type 8 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ diff --git a/tests/nwfilterxml2firewalldata/icmp-direction2-linux.args b/tests/nwfilterxml2firewalldata/icmp-direction2-linux.args index 026702caee..a1873e7448 100644 --- a/tests/nwfilterxml2firewalldata/icmp-direction2-linux.args +++ b/tests/nwfilterxml2firewalldata/icmp-direction2-linux.args @@ -3,24 +3,24 @@ iptables \ -A FP-vnet0 \ -p icmp \ --icmp-type 8 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ -A FJ-vnet0 \ -p icmp \ --icmp-type 0 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ -A HJ-vnet0 \ -p icmp \ --icmp-type 0 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ diff --git a/tests/nwfilterxml2firewalldata/icmp-direction3-linux.args b/tests/nwfilterxml2firewalldata/icmp-direction3-linux.args index 6ee6a4f84a..1fc7993908 100644 --- a/tests/nwfilterxml2firewalldata/icmp-direction3-linux.args +++ b/tests/nwfilterxml2firewalldata/icmp-direction3-linux.args @@ -2,22 +2,22 @@ iptables \ -w \ -A FJ-vnet0 \ -p icmp \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ -A FP-vnet0 \ -p icmp \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ -A HJ-vnet0 \ -p icmp \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ diff --git a/tests/nwfilterxml2firewalldata/icmp-linux.args b/tests/nwfilterxml2firewalldata/icmp-linux.args index d688e29213..02f9bf0c06 100644 --- a/tests/nwfilterxml2firewalldata/icmp-linux.args +++ b/tests/nwfilterxml2firewalldata/icmp-linux.args @@ -8,8 +8,8 @@ iptables \ -m dscp \ --dscp 2 \ --icmp-type 12/11 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -21,8 +21,8 @@ iptables \ -m dscp \ --dscp 2 \ --icmp-type 12/11 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -34,6 +34,6 @@ iptables \ -m dscp \ --dscp 33 \ --icmp-type 255/255 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT diff --git a/tests/nwfilterxml2firewalldata/icmpv6-linux.args b/tests/nwfilterxml2firewalldata/icmpv6-linux.args index 5a8546e5c8..b7f184f9b3 100644 --- a/tests/nwfilterxml2firewalldata/icmpv6-linux.args +++ b/tests/nwfilterxml2firewalldata/icmpv6-linux.args @@ -9,8 +9,8 @@ ip6tables \ -m dscp \ --dscp 2 \ --icmpv6-type 12/11 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -23,8 +23,8 @@ ip6tables \ -m dscp \ --dscp 2 \ --icmpv6-type 12/11 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -36,8 +36,8 @@ ip6tables \ -m dscp \ --dscp 33 \ --icmpv6-type 255/255 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -49,6 +49,6 @@ ip6tables \ -m dscp \ --dscp 33 \ --icmpv6-type 255/255 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT diff --git a/tests/nwfilterxml2firewalldata/igmp-linux.args b/tests/nwfilterxml2firewalldata/igmp-linux.args index b954b0ae99..c0add2539b 100644 --- a/tests/nwfilterxml2firewalldata/igmp-linux.args +++ b/tests/nwfilterxml2firewalldata/igmp-linux.args @@ -7,8 +7,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -17,8 +17,8 @@ iptables \ --source 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -29,8 +29,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -39,8 +39,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -51,8 +51,8 @@ iptables \ --source 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -61,8 +61,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -71,8 +71,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -83,8 +83,8 @@ iptables \ --source 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -93,6 +93,6 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/ipset-linux.args b/tests/nwfilterxml2firewalldata/ipset-linux.args index 5cdb151354..6848f64541 100644 --- a/tests/nwfilterxml2firewalldata/ipset-linux.args +++ b/tests/nwfilterxml2firewalldata/ipset-linux.args @@ -2,8 +2,8 @@ iptables \ -w \ -A FJ-vnet0 \ -p all \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -m set \ --match-set tck_test src,dst \ -j RETURN @@ -11,8 +11,8 @@ iptables \ -w \ -A FP-vnet0 \ -p all \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m set \ --match-set tck_test dst,src \ -j ACCEPT @@ -20,8 +20,8 @@ iptables \ -w \ -A HJ-vnet0 \ -p all \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -m set \ --match-set tck_test src,dst \ -j RETURN @@ -56,8 +56,8 @@ iptables \ -w \ -A FJ-vnet0 \ -p all \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m set \ --match-set tck_test dst,src,dst \ -j RETURN @@ -65,8 +65,8 @@ iptables \ -w \ -A FP-vnet0 \ -p all \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -m set \ --match-set tck_test src,dst,src \ -j ACCEPT @@ -74,8 +74,8 @@ iptables \ -w \ -A HJ-vnet0 \ -p all \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m set \ --match-set tck_test dst,src,dst \ -j RETURN @@ -83,8 +83,8 @@ iptables \ -w \ -A FJ-vnet0 \ -p all \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m set \ --match-set tck_test dst,src,dst \ -j RETURN @@ -92,8 +92,8 @@ iptables \ -w \ -A FP-vnet0 \ -p all \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -m set \ --match-set tck_test src,dst,src \ -j ACCEPT @@ -101,8 +101,8 @@ iptables \ -w \ -A HJ-vnet0 \ -p all \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m set \ --match-set tck_test dst,src,dst \ -j RETURN @@ -110,8 +110,8 @@ iptables \ -w \ -A FJ-vnet0 \ -p all \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m set \ --match-set tck_test dst,src \ -j RETURN @@ -119,8 +119,8 @@ iptables \ -w \ -A FP-vnet0 \ -p all \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -m set \ --match-set tck_test src,dst \ -j ACCEPT @@ -128,8 +128,8 @@ iptables \ -w \ -A HJ-vnet0 \ -p all \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m set \ --match-set tck_test dst,src \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/iter1-linux.args b/tests/nwfilterxml2firewalldata/iter1-linux.args index 9bdad18748..e50c768f67 100644 --- a/tests/nwfilterxml2firewalldata/iter1-linux.args +++ b/tests/nwfilterxml2firewalldata/iter1-linux.args @@ -6,8 +6,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -17,8 +17,8 @@ iptables \ -m dscp \ --dscp 2 \ --dport 80 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -28,8 +28,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -39,8 +39,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 90 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -50,8 +50,8 @@ iptables \ -m dscp \ --dscp 2 \ --dport 90 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -61,8 +61,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 90 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -72,8 +72,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -83,8 +83,8 @@ iptables \ -m dscp \ --dscp 2 \ --dport 80 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -94,6 +94,6 @@ iptables \ -m dscp \ --dscp 2 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/iter2-linux.args b/tests/nwfilterxml2firewalldata/iter2-linux.args index b088350ee5..7f2b0e4565 100644 --- a/tests/nwfilterxml2firewalldata/iter2-linux.args +++ b/tests/nwfilterxml2firewalldata/iter2-linux.args @@ -6,8 +6,8 @@ iptables \ -m dscp \ --dscp 1 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -17,8 +17,8 @@ iptables \ -m dscp \ --dscp 1 \ --dport 80 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -28,8 +28,8 @@ iptables \ -m dscp \ --dscp 1 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -39,8 +39,8 @@ iptables \ -m dscp \ --dscp 1 \ --sport 90 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -50,8 +50,8 @@ iptables \ -m dscp \ --dscp 1 \ --dport 90 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -61,8 +61,8 @@ iptables \ -m dscp \ --dscp 1 \ --sport 90 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -72,8 +72,8 @@ iptables \ -m dscp \ --dscp 1 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -83,8 +83,8 @@ iptables \ -m dscp \ --dscp 1 \ --dport 80 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -94,8 +94,8 @@ iptables \ -m dscp \ --dscp 1 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -105,8 +105,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -116,8 +116,8 @@ iptables \ -m dscp \ --dscp 2 \ --dport 80 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -127,8 +127,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -138,8 +138,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -149,8 +149,8 @@ iptables \ -m dscp \ --dscp 2 \ --dport 80 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -160,8 +160,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -171,8 +171,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -182,8 +182,8 @@ iptables \ -m dscp \ --dscp 2 \ --dport 80 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -193,8 +193,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -204,8 +204,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 90 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -215,8 +215,8 @@ iptables \ -m dscp \ --dscp 2 \ --dport 90 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -226,8 +226,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 90 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -237,8 +237,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 90 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -248,8 +248,8 @@ iptables \ -m dscp \ --dscp 2 \ --dport 90 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -259,8 +259,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 90 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -270,8 +270,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 90 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -281,8 +281,8 @@ iptables \ -m dscp \ --dscp 2 \ --dport 90 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -292,8 +292,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 90 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -304,8 +304,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -316,8 +316,8 @@ iptables \ --dscp 3 \ --dport 80 \ --sport 1080 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -328,8 +328,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -340,8 +340,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -352,8 +352,8 @@ iptables \ --dscp 3 \ --dport 80 \ --sport 1080 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -364,8 +364,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -376,8 +376,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -388,8 +388,8 @@ iptables \ --dscp 3 \ --dport 80 \ --sport 1080 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -400,8 +400,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -412,8 +412,8 @@ iptables \ --dscp 3 \ --sport 90 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -424,8 +424,8 @@ iptables \ --dscp 3 \ --dport 90 \ --sport 1090 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -436,8 +436,8 @@ iptables \ --dscp 3 \ --sport 90 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -448,8 +448,8 @@ iptables \ --dscp 3 \ --sport 90 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -460,8 +460,8 @@ iptables \ --dscp 3 \ --dport 90 \ --sport 1090 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -472,8 +472,8 @@ iptables \ --dscp 3 \ --sport 90 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -484,8 +484,8 @@ iptables \ --dscp 3 \ --sport 90 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -496,8 +496,8 @@ iptables \ --dscp 3 \ --dport 90 \ --sport 1090 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -508,8 +508,8 @@ iptables \ --dscp 3 \ --sport 90 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -520,8 +520,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -532,8 +532,8 @@ iptables \ --dscp 3 \ --dport 80 \ --sport 1100 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -544,8 +544,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -556,8 +556,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -568,8 +568,8 @@ iptables \ --dscp 3 \ --dport 80 \ --sport 1100 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -580,8 +580,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -592,8 +592,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -604,8 +604,8 @@ iptables \ --dscp 3 \ --dport 80 \ --sport 1100 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -616,8 +616,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -628,8 +628,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -640,8 +640,8 @@ iptables \ --dscp 3 \ --dport 80 \ --sport 1110 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -652,8 +652,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -664,8 +664,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -676,8 +676,8 @@ iptables \ --dscp 3 \ --dport 80 \ --sport 1110 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -688,8 +688,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -700,8 +700,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -712,8 +712,8 @@ iptables \ --dscp 3 \ --dport 80 \ --sport 1110 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -724,8 +724,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -736,8 +736,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -748,8 +748,8 @@ iptables \ --dscp 4 \ --dport 80 \ --sport 1080 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -760,8 +760,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -772,8 +772,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -784,8 +784,8 @@ iptables \ --dscp 4 \ --dport 80 \ --sport 1080 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -796,8 +796,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -808,8 +808,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -820,8 +820,8 @@ iptables \ --dscp 4 \ --dport 80 \ --sport 1080 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -832,8 +832,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -844,8 +844,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -856,8 +856,8 @@ iptables \ --dscp 4 \ --dport 90 \ --sport 1080 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -868,8 +868,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -880,8 +880,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -892,8 +892,8 @@ iptables \ --dscp 4 \ --dport 90 \ --sport 1080 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -904,8 +904,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -916,8 +916,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -928,8 +928,8 @@ iptables \ --dscp 4 \ --dport 90 \ --sport 1080 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -940,8 +940,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -952,8 +952,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -964,8 +964,8 @@ iptables \ --dscp 4 \ --dport 80 \ --sport 1090 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -976,8 +976,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -988,8 +988,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1000,8 +1000,8 @@ iptables \ --dscp 4 \ --dport 80 \ --sport 1090 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1012,8 +1012,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1024,8 +1024,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1036,8 +1036,8 @@ iptables \ --dscp 4 \ --dport 80 \ --sport 1090 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1048,8 +1048,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1060,8 +1060,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1072,8 +1072,8 @@ iptables \ --dscp 4 \ --dport 90 \ --sport 1090 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1084,8 +1084,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1096,8 +1096,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1108,8 +1108,8 @@ iptables \ --dscp 4 \ --dport 90 \ --sport 1090 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1120,8 +1120,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1132,8 +1132,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1144,8 +1144,8 @@ iptables \ --dscp 4 \ --dport 90 \ --sport 1090 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1156,8 +1156,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1168,8 +1168,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1180,8 +1180,8 @@ iptables \ --dscp 4 \ --dport 80 \ --sport 1100 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1192,8 +1192,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1204,8 +1204,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1216,8 +1216,8 @@ iptables \ --dscp 4 \ --dport 80 \ --sport 1100 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1228,8 +1228,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1240,8 +1240,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1252,8 +1252,8 @@ iptables \ --dscp 4 \ --dport 80 \ --sport 1100 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1264,8 +1264,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1276,8 +1276,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1288,8 +1288,8 @@ iptables \ --dscp 4 \ --dport 90 \ --sport 1100 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1300,8 +1300,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1312,8 +1312,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1324,8 +1324,8 @@ iptables \ --dscp 4 \ --dport 90 \ --sport 1100 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1336,8 +1336,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1348,8 +1348,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1360,8 +1360,8 @@ iptables \ --dscp 4 \ --dport 90 \ --sport 1100 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1372,8 +1372,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1384,8 +1384,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1396,8 +1396,8 @@ iptables \ --dscp 4 \ --dport 80 \ --sport 1110 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1408,8 +1408,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1420,8 +1420,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1432,8 +1432,8 @@ iptables \ --dscp 4 \ --dport 80 \ --sport 1110 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1444,8 +1444,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1456,8 +1456,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1468,8 +1468,8 @@ iptables \ --dscp 4 \ --dport 80 \ --sport 1110 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1480,8 +1480,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1492,8 +1492,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1504,8 +1504,8 @@ iptables \ --dscp 4 \ --dport 90 \ --sport 1110 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1516,8 +1516,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1528,8 +1528,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1540,8 +1540,8 @@ iptables \ --dscp 4 \ --dport 90 \ --sport 1110 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1552,8 +1552,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1564,8 +1564,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1576,8 +1576,8 @@ iptables \ --dscp 4 \ --dport 90 \ --sport 1110 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1588,8 +1588,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1599,8 +1599,8 @@ iptables \ --destination 1.1.1.1 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1610,8 +1610,8 @@ iptables \ --source 1.1.1.1 \ -m dscp \ --dscp 5 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1621,8 +1621,8 @@ iptables \ --destination 1.1.1.1 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1632,8 +1632,8 @@ iptables \ --destination 1.1.1.1 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1643,8 +1643,8 @@ iptables \ --source 1.1.1.1 \ -m dscp \ --dscp 5 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1654,8 +1654,8 @@ iptables \ --destination 1.1.1.1 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1665,8 +1665,8 @@ iptables \ --destination 1.1.1.1 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1676,8 +1676,8 @@ iptables \ --source 1.1.1.1 \ -m dscp \ --dscp 5 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1687,8 +1687,8 @@ iptables \ --destination 1.1.1.1 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1698,8 +1698,8 @@ iptables \ --destination 2.2.2.2 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1709,8 +1709,8 @@ iptables \ --source 2.2.2.2 \ -m dscp \ --dscp 5 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1720,8 +1720,8 @@ iptables \ --destination 2.2.2.2 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1731,8 +1731,8 @@ iptables \ --destination 2.2.2.2 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1742,8 +1742,8 @@ iptables \ --source 2.2.2.2 \ -m dscp \ --dscp 5 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1753,8 +1753,8 @@ iptables \ --destination 2.2.2.2 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1764,8 +1764,8 @@ iptables \ --destination 2.2.2.2 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1775,8 +1775,8 @@ iptables \ --source 2.2.2.2 \ -m dscp \ --dscp 5 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1786,8 +1786,8 @@ iptables \ --destination 2.2.2.2 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1797,8 +1797,8 @@ iptables \ --destination 3.3.3.3 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1808,8 +1808,8 @@ iptables \ --source 3.3.3.3 \ -m dscp \ --dscp 5 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1819,8 +1819,8 @@ iptables \ --destination 3.3.3.3 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1830,8 +1830,8 @@ iptables \ --destination 3.3.3.3 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1841,8 +1841,8 @@ iptables \ --source 3.3.3.3 \ -m dscp \ --dscp 5 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1852,8 +1852,8 @@ iptables \ --destination 3.3.3.3 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1863,8 +1863,8 @@ iptables \ --destination 3.3.3.3 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1874,8 +1874,8 @@ iptables \ --source 3.3.3.3 \ -m dscp \ --dscp 5 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1885,8 +1885,8 @@ iptables \ --destination 3.3.3.3 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1896,8 +1896,8 @@ iptables \ --destination 1.1.1.1 \ -m dscp \ --dscp 6 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1907,8 +1907,8 @@ iptables \ --source 1.1.1.1 \ -m dscp \ --dscp 6 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1918,8 +1918,8 @@ iptables \ --destination 1.1.1.1 \ -m dscp \ --dscp 6 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1929,8 +1929,8 @@ iptables \ --destination 2.2.2.2 \ -m dscp \ --dscp 6 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1940,8 +1940,8 @@ iptables \ --source 2.2.2.2 \ -m dscp \ --dscp 6 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1951,8 +1951,8 @@ iptables \ --destination 2.2.2.2 \ -m dscp \ --dscp 6 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1962,8 +1962,8 @@ iptables \ --destination 3.3.3.3 \ -m dscp \ --dscp 6 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1973,8 +1973,8 @@ iptables \ --source 3.3.3.3 \ -m dscp \ --dscp 6 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1984,6 +1984,6 @@ iptables \ --destination 3.3.3.3 \ -m dscp \ --dscp 6 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/iter3-linux.args b/tests/nwfilterxml2firewalldata/iter3-linux.args index cc6d442c75..1bc769bcd4 100644 --- a/tests/nwfilterxml2firewalldata/iter3-linux.args +++ b/tests/nwfilterxml2firewalldata/iter3-linux.args @@ -6,8 +6,8 @@ iptables \ -m dscp \ --dscp 1 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -17,8 +17,8 @@ iptables \ -m dscp \ --dscp 1 \ --dport 80 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -28,8 +28,8 @@ iptables \ -m dscp \ --dscp 1 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -39,8 +39,8 @@ iptables \ -m dscp \ --dscp 1 \ --sport 90 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -50,8 +50,8 @@ iptables \ -m dscp \ --dscp 1 \ --dport 90 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -61,8 +61,8 @@ iptables \ -m dscp \ --dscp 1 \ --sport 90 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -72,8 +72,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -83,8 +83,8 @@ iptables \ -m dscp \ --dscp 2 \ --dport 80 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -94,8 +94,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -105,8 +105,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 90 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -116,8 +116,8 @@ iptables \ -m dscp \ --dscp 2 \ --dport 90 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -127,8 +127,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 90 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -139,8 +139,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -151,8 +151,8 @@ iptables \ --dscp 3 \ --dport 80 \ --sport 1100 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -163,6 +163,6 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/sctp-ipv6-linux.args b/tests/nwfilterxml2firewalldata/sctp-ipv6-linux.args index 086c11ca52..55b2b10037 100644 --- a/tests/nwfilterxml2firewalldata/sctp-ipv6-linux.args +++ b/tests/nwfilterxml2firewalldata/sctp-ipv6-linux.args @@ -7,8 +7,8 @@ ip6tables \ --destination a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -17,8 +17,8 @@ ip6tables \ --source a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -29,8 +29,8 @@ ip6tables \ --destination a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -41,8 +41,8 @@ ip6tables \ --dscp 33 \ --dport 20:21 \ --sport 100:1111 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -55,8 +55,8 @@ ip6tables \ --dscp 33 \ --sport 20:21 \ --dport 100:1111 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -67,8 +67,8 @@ ip6tables \ --dscp 33 \ --dport 20:21 \ --sport 100:1111 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -79,8 +79,8 @@ ip6tables \ --dscp 63 \ --dport 255:256 \ --sport 65535:65535 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -93,8 +93,8 @@ ip6tables \ --dscp 63 \ --sport 255:256 \ --dport 65535:65535 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -105,6 +105,6 @@ ip6tables \ --dscp 63 \ --dport 255:256 \ --sport 65535:65535 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/sctp-linux.args b/tests/nwfilterxml2firewalldata/sctp-linux.args index a3c5a7a72d..881f70ed72 100644 --- a/tests/nwfilterxml2firewalldata/sctp-linux.args +++ b/tests/nwfilterxml2firewalldata/sctp-linux.args @@ -7,8 +7,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -17,8 +17,8 @@ iptables \ --source 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -29,8 +29,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -41,8 +41,8 @@ iptables \ --dscp 33 \ --dport 20:21 \ --sport 100:1111 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -55,8 +55,8 @@ iptables \ --dscp 33 \ --sport 20:21 \ --dport 100:1111 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -67,8 +67,8 @@ iptables \ --dscp 33 \ --dport 20:21 \ --sport 100:1111 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -79,8 +79,8 @@ iptables \ --dscp 63 \ --dport 255:256 \ --sport 65535:65535 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -93,8 +93,8 @@ iptables \ --dscp 63 \ --sport 255:256 \ --dport 65535:65535 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -105,6 +105,6 @@ iptables \ --dscp 63 \ --dport 255:256 \ --sport 65535:65535 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/target-linux.args b/tests/nwfilterxml2firewalldata/target-linux.args index abb01debf9..54d97307d9 100644 --- a/tests/nwfilterxml2firewalldata/target-linux.args +++ b/tests/nwfilterxml2firewalldata/target-linux.args @@ -49,8 +49,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -m comment \ --comment 'accept rule -- dir out' \ -j RETURN @@ -61,8 +61,8 @@ iptables \ --source 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m comment \ --comment 'accept rule -- dir out' \ -j ACCEPT @@ -75,8 +75,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -m comment \ --comment 'accept rule -- dir out' \ -j RETURN @@ -155,8 +155,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m comment \ --comment 'accept rule -- dir in' \ -j RETURN @@ -169,8 +169,8 @@ iptables \ --source 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -m comment \ --comment 'accept rule -- dir in' \ -j ACCEPT @@ -181,8 +181,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m comment \ --comment 'accept rule -- dir in' \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/target2-linux.args b/tests/nwfilterxml2firewalldata/target2-linux.args index c774f6f24a..915f1ebb2b 100644 --- a/tests/nwfilterxml2firewalldata/target2-linux.args +++ b/tests/nwfilterxml2firewalldata/target2-linux.args @@ -21,24 +21,24 @@ iptables \ -A FJ-vnet0 \ -p tcp \ --sport 80 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ -A FP-vnet0 \ -p tcp \ --dport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ -A HJ-vnet0 \ -p tcp \ --sport 80 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ diff --git a/tests/nwfilterxml2firewalldata/tcp-ipv6-linux.args b/tests/nwfilterxml2firewalldata/tcp-ipv6-linux.args index 50b5514a3b..9463d5a4c4 100644 --- a/tests/nwfilterxml2firewalldata/tcp-ipv6-linux.args +++ b/tests/nwfilterxml2firewalldata/tcp-ipv6-linux.args @@ -7,8 +7,8 @@ ip6tables \ --destination a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -17,8 +17,8 @@ ip6tables \ --source a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -29,8 +29,8 @@ ip6tables \ --destination a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -41,8 +41,8 @@ ip6tables \ --dscp 33 \ --dport 20:21 \ --sport 100:1111 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -55,8 +55,8 @@ ip6tables \ --dscp 33 \ --sport 20:21 \ --dport 100:1111 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -67,8 +67,8 @@ ip6tables \ --dscp 33 \ --dport 20:21 \ --sport 100:1111 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -79,8 +79,8 @@ ip6tables \ --dscp 63 \ --dport 255:256 \ --sport 65535:65535 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -93,8 +93,8 @@ ip6tables \ --dscp 63 \ --sport 255:256 \ --dport 65535:65535 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -105,6 +105,6 @@ ip6tables \ --dscp 63 \ --dport 255:256 \ --sport 65535:65535 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/tcp-linux.args b/tests/nwfilterxml2firewalldata/tcp-linux.args index 74ac4a6733..ae2d05a753 100644 --- a/tests/nwfilterxml2firewalldata/tcp-linux.args +++ b/tests/nwfilterxml2firewalldata/tcp-linux.args @@ -7,8 +7,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -17,8 +17,8 @@ iptables \ --source 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -29,8 +29,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ diff --git a/tests/nwfilterxml2firewalldata/udp-ipv6-linux.args b/tests/nwfilterxml2firewalldata/udp-ipv6-linux.args index 6feec12a04..1df20ae139 100644 --- a/tests/nwfilterxml2firewalldata/udp-ipv6-linux.args +++ b/tests/nwfilterxml2firewalldata/udp-ipv6-linux.args @@ -7,8 +7,8 @@ ip6tables \ --destination a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -17,8 +17,8 @@ ip6tables \ --source a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -29,8 +29,8 @@ ip6tables \ --destination a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -41,8 +41,8 @@ ip6tables \ --dscp 33 \ --dport 20:21 \ --sport 100:1111 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -55,8 +55,8 @@ ip6tables \ --dscp 33 \ --sport 20:21 \ --dport 100:1111 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -67,8 +67,8 @@ ip6tables \ --dscp 33 \ --dport 20:21 \ --sport 100:1111 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -79,8 +79,8 @@ ip6tables \ --dscp 63 \ --dport 255:256 \ --sport 65535:65535 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -93,8 +93,8 @@ ip6tables \ --dscp 63 \ --sport 255:256 \ --dport 65535:65535 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -105,6 +105,6 @@ ip6tables \ --dscp 63 \ --dport 255:256 \ --sport 65535:65535 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/udp-linux.args b/tests/nwfilterxml2firewalldata/udp-linux.args index 32a8f56dfc..0a04a636ae 100644 --- a/tests/nwfilterxml2firewalldata/udp-linux.args +++ b/tests/nwfilterxml2firewalldata/udp-linux.args @@ -7,8 +7,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -17,8 +17,8 @@ iptables \ --source 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -29,8 +29,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -41,8 +41,8 @@ iptables \ --dscp 33 \ --dport 20:21 \ --sport 100:1111 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -55,8 +55,8 @@ iptables \ --dscp 33 \ --sport 20:21 \ --dport 100:1111 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -67,8 +67,8 @@ iptables \ --dscp 33 \ --dport 20:21 \ --sport 100:1111 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -79,8 +79,8 @@ iptables \ --dscp 63 \ --dport 255:256 \ --sport 65535:65535 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -93,8 +93,8 @@ iptables \ --dscp 63 \ --sport 255:256 \ --dport 65535:65535 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -105,6 +105,6 @@ iptables \ --dscp 63 \ --dport 255:256 \ --sport 65535:65535 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/udplite-ipv6-linux.args b/tests/nwfilterxml2firewalldata/udplite-ipv6-linux.args index 6be6aa0069..4c1d254ba8 100644 --- a/tests/nwfilterxml2firewalldata/udplite-ipv6-linux.args +++ b/tests/nwfilterxml2firewalldata/udplite-ipv6-linux.args @@ -8,8 +8,8 @@ ip6tables \ --destination a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -19,8 +19,8 @@ ip6tables \ --source a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -32,8 +32,8 @@ ip6tables \ --destination a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -42,8 +42,8 @@ ip6tables \ --destination a:b:c::/128 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -54,8 +54,8 @@ ip6tables \ --source a:b:c::/128 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -64,8 +64,8 @@ ip6tables \ --destination a:b:c::/128 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -74,8 +74,8 @@ ip6tables \ --destination ::ffff:10.1.2.3/128 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -86,8 +86,8 @@ ip6tables \ --source ::ffff:10.1.2.3/128 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -96,6 +96,6 @@ ip6tables \ --destination ::ffff:10.1.2.3/128 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/udplite-linux.args b/tests/nwfilterxml2firewalldata/udplite-linux.args index 8f3a9e8f24..7e85aaf15d 100644 --- a/tests/nwfilterxml2firewalldata/udplite-linux.args +++ b/tests/nwfilterxml2firewalldata/udplite-linux.args @@ -7,8 +7,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -17,8 +17,8 @@ iptables \ --source 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -29,8 +29,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -39,8 +39,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -51,8 +51,8 @@ iptables \ --source 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -61,8 +61,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -71,8 +71,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -83,8 +83,8 @@ iptables \ --source 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -93,6 +93,6 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN -- 2.35.1