On 1/15/13, Jan Engelhardt <jengelh@xxxxxxx> wrote: > > On Tuesday 2013-01-15 06:09, Nick Edwards wrote: > >>WARNING: The state match is obsolete. Use conntrack instead. >> >>Getting these errors since upgrading to 1.4.17 > > It is a warning, not an error. (An error would not let use you > the command at all.) > >>Am I right in assuming that : >>iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT >>must now become : >>iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT >>or does that not do the same thing? > > state is a redundant subset of conntrack (the latter was introduced around > Linux 2.5.32) and shall go away. > I can understand that if there is a lot of pre warning, as others have mentioned, most guides show the former.. And can you confirm my change is the correct method to obtain the same net result please? Maybe the warning could be changed to WARNING: The state match is deprecated and will eventually go away. Use conntrack instead. That wont panic people into thinking the rule is not working. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
