On Wed, Mar 27, 2013 at 04:22:26PM -0600, Eric Blake wrote: > On 03/25/2013 09:24 PM, Hu Tao wrote: > > On Mon, Mar 25, 2013 at 08:39:40PM +0100, Stefan Seyfried wrote: > >> Hi all, > >> > >> iptables-1.4.18 removed the long deprecated "state" match. > >> Use "conntrack" instead in forwarding rules. > >> Fixes openSUSE bug https://bugzilla.novell.com/811251 #811251. > >> > >> real patch is attached as I'm pretty sure that thunderbird will mess it > >> up otherwise :( > >> > >> Basically it's > >> > >> s/--match state/--match conntrack/ > >> s/--state /--ctstate/ > > > > This is supported by old iptables. (tested with 1.4.14) > > The real question is RHEL 5, which shipped with iptables 1.3.5. I don't think we ever tried to make the nwfilter code work with RHEL-5 - I recall other problems, but can't remember wat they are offhand. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list