I think I failed to explain the problem clearly. I'll try again. If I use iptables 1.1.14 or 1.4.15 to create a match state rule, iptables 1.4.16+ binaries do not display the state information that is in the kernel. https://gist.github.com/anonymous/6180482 The gist shows a way reproduce the problem. I can post that directly on list if it's appropriate and necessary. The iptables-save output (from iptables 1.4.16) on line 52 is missing "--state INVALID,NEW,RELATED,ESTABLISHED,UNTRACKED". If I roll back to 1.4.15, the info is still there. There I used a fresh archlinux VM and compiled iptables 1.4.15 and 1.4.16 in the VM. I have the same results with Debian on VMs and HW, with stock kernel.org and Debian kernels, and using both i686 and amd64 and using iptables versions from 1.4.14 to 1.4.20. I'm fairly certain it's the change between iptables 1.4.15 and 1.4.16, not any kernel or distro influence, that is causing the problem. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
