Hi all, iptables-1.4.18 removed the long deprecated "state" match. Use "conntrack" instead in forwarding rules. Fixes openSUSE bug https://bugzilla.novell.com/811251 #811251. real patch is attached as I'm pretty sure that thunderbird will mess it up otherwise :( Basically it's s/--match state/--match conntrack/ s/--state /--ctstate/ in src/til/viriptables.c Best regards, Stefan -- Stefan Seyfried Linux Consultant & Developer Mail: seyfried@xxxxxxxxxxxxx GPG Key: 0x731B665B B1 Systems GmbH Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
>From 1aa2736263537e7856db9820bce835c1b3c2b51a Mon Sep 17 00:00:00 2001 From: Stefan Seyfried <seife+dev@xxxxxxxxxxxxxx> Date: Mon, 25 Mar 2013 20:27:46 +0100 Subject: [PATCH] net: use newer iptables syntax iptables-1.4.18 removed the long deprecated "state" match. Use "conntrack" instead in forwarding rules. Fixes openSUSE bug https://bugzilla.novell.com/811251 #811251. --- src/util/viriptables.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/util/viriptables.c b/src/util/viriptables.c index 8cfafc0..19d6161 100644 --- a/src/util/viriptables.c +++ b/src/util/viriptables.c @@ -480,8 +480,8 @@ iptablesForwardAllowRelatedIn(iptablesContext *ctx, "--destination", networkstr, "--in-interface", physdev, "--out-interface", iface, - "--match", "state", - "--state", "ESTABLISHED,RELATED", + "--match", "conntrack", + "--ctstate", "ESTABLISHED,RELATED", "--jump", "ACCEPT", NULL); } else { @@ -490,8 +490,8 @@ iptablesForwardAllowRelatedIn(iptablesContext *ctx, action, "--destination", networkstr, "--out-interface", iface, - "--match", "state", - "--state", "ESTABLISHED,RELATED", + "--match", "conntrack", + "--ctstate", "ESTABLISHED,RELATED", "--jump", "ACCEPT", NULL); } -- 1.8.2
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list