Re: [libvirt] [PATCH] net: use newer iptables syntax
On Wed, Mar 27, 2013 at 04:22:26PM -0600, Eric Blake wrote:
On 03/25/2013 09:24 PM, Hu Tao wrote:
> On Mon, Mar 25, 2013 at 08:39:40PM +0100, Stefan Seyfried wrote:
>> Hi all,
>>
>> iptables-1.4.18 removed the long deprecated "state" match.
>> Use "conntrack" instead in forwarding rules.
>> Fixes openSUSE bug https://bugzilla.novell.com/811251 #811251.
>>
>> real patch is attached as I'm pretty sure that thunderbird will mess it
>> up otherwise :(
>>
>> Basically it's
>>
>> s/--match state/--match conntrack/
>> s/--state /--ctstate/
>
> This is supported by old iptables. (tested with 1.4.14)
The real question is RHEL 5, which shipped with iptables 1.3.5.
I don't think we ever tried to make the nwfilter code work with
RHEL-5 - I recall other problems, but can't remember wat they
are offhand.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|