On Wed, Mar 27, 2013 at 04:22:26PM -0600, Eric Blake wrote:
On 03/25/2013 09:24 PM, Hu Tao wrote:
On Mon, Mar 25, 2013 at 08:39:40PM +0100, Stefan Seyfried wrote:
Hi all,
iptables-1.4.18 removed the long deprecated "state" match. Use "conntrack" instead in forwarding rules. Fixes openSUSE bug https://bugzilla.novell.com/811251 #811251.
real patch is attached as I'm pretty sure that thunderbird will mess it up otherwise :(
Basically it's
s/--match state/--match conntrack/ s/--state /--ctstate/
This is supported by old iptables. (tested with 1.4.14)
The real question is RHEL 5, which shipped with iptables 1.3.5.
I don't think we ever tried to make the nwfilter code work with RHEL-5 - I recall other problems, but can't remember wat they are offhand. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|