Re: [PATCH] net: use newer iptables syntax

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Mar 25, 2013 at 08:39:40PM +0100, Stefan Seyfried wrote:
> Hi all,
> 
> iptables-1.4.18 removed the long deprecated "state" match.
> Use "conntrack" instead in forwarding rules.
> Fixes openSUSE bug https://bugzilla.novell.com/811251 #811251.
> 
> real patch is attached as I'm pretty sure that thunderbird will mess it
> up otherwise :(
> 
> Basically it's
> 
> 	s/--match state/--match conntrack/
> 	s/--state /--ctstate/

This is supported by old iptables. (tested with 1.4.14)

> 
> in src/til/viriptables.c
> 
> Best regards,
> 
> 	Stefan
> -- 
> Stefan Seyfried
> Linux Consultant & Developer
> Mail: seyfried@xxxxxxxxxxxxx GPG Key: 0x731B665B
> 
> B1 Systems GmbH
> Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
> GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537

> >From 1aa2736263537e7856db9820bce835c1b3c2b51a Mon Sep 17 00:00:00 2001
> From: Stefan Seyfried <seife+dev@xxxxxxxxxxxxxx>
> Date: Mon, 25 Mar 2013 20:27:46 +0100
> Subject: [PATCH] net: use newer iptables syntax
> 
> iptables-1.4.18 removed the long deprecated "state" match.
> Use "conntrack" instead in forwarding rules.
> Fixes openSUSE bug https://bugzilla.novell.com/811251 #811251.
> ---
>  src/util/viriptables.c | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/src/util/viriptables.c b/src/util/viriptables.c
> index 8cfafc0..19d6161 100644
> --- a/src/util/viriptables.c
> +++ b/src/util/viriptables.c
> @@ -480,8 +480,8 @@ iptablesForwardAllowRelatedIn(iptablesContext *ctx,
>                                      "--destination", networkstr,
>                                      "--in-interface", physdev,
>                                      "--out-interface", iface,
> -                                    "--match", "state",
> -                                    "--state", "ESTABLISHED,RELATED",
> +                                    "--match", "conntrack",
> +                                    "--ctstate", "ESTABLISHED,RELATED",
>                                      "--jump", "ACCEPT",
>                                      NULL);
>      } else {
> @@ -490,8 +490,8 @@ iptablesForwardAllowRelatedIn(iptablesContext *ctx,
>                                      action,
>                                      "--destination", networkstr,
>                                      "--out-interface", iface,
> -                                    "--match", "state",
> -                                    "--state", "ESTABLISHED,RELATED",
> +                                    "--match", "conntrack",
> +                                    "--ctstate", "ESTABLISHED,RELATED",
>                                      "--jump", "ACCEPT",
>                                      NULL);
>      }
> -- 
> 1.8.2
> 

ACK.


--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]