NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

net: use newer iptables syntax

Browse Source 
iptables-1.4.18 removed the long deprecated "state" match.
Use "conntrack" instead in forwarding rules.
Fixes openSUSE bug https://bugzilla.novell.com/811251 #811251.
This commit is contained in:
Stefan Seyfried 2013-03-25 20:39:40 +01:00 committed by Eric Blake
parent d0cc811ed0
commit e669a65903
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/util/viriptables.c
View File

@ -480,8 +480,8 @@ iptablesForwardAllowRelatedIn(iptablesContext *ctx,
"--destination", networkstr, "--destination", networkstr,
"--in-interface", physdev, "--in-interface", physdev,
"--out-interface", iface, "--out-interface", iface,
"--match", "state", "--match", "conntrack",
"--state", "ESTABLISHED,RELATED", "--ctstate", "ESTABLISHED,RELATED",
"--jump", "ACCEPT", "--jump", "ACCEPT",
NULL); NULL);
} else { } else {
@ -490,8 +490,8 @@ iptablesForwardAllowRelatedIn(iptablesContext *ctx,
action, action,
"--destination", networkstr, "--destination", networkstr,
"--out-interface", iface, "--out-interface", iface,
"--match", "state", "--match", "conntrack",
"--state", "ESTABLISHED,RELATED", "--ctstate", "ESTABLISHED,RELATED",
"--jump", "ACCEPT", "--jump", "ACCEPT",
NULL); NULL);
} }