openkylin
/
libvirt
mirror of https://gitee.com/openkylin/libvirt.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

net: use newer iptables syntax 

iptables-1.4.18 removed the long deprecated "state" match.
Use "conntrack" instead in forwarding rules.
Fixes openSUSE bug https://bugzilla.novell.com/811251 #811251.
This commit is contained in:
Stefan Seyfried 2013-03-25 20:39:40 +01:00 committed by Eric Blake
parent d0cc811ed0
commit e669a65903
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/util/viriptables.c
View File

@ -480,8 +480,8 @@ iptablesForwardAllowRelatedIn(iptablesContext *ctx,
"--destination", networkstr,
"--in-interface", physdev,
"--out-interface", iface,
"--match", "state",
"--state", "ESTABLISHED,RELATED",
"--match", "conntrack",
"--ctstate", "ESTABLISHED,RELATED",
"--jump", "ACCEPT",
NULL);
} else {
@ -490,8 +490,8 @@ iptablesForwardAllowRelatedIn(iptablesContext *ctx,
action,
"--destination", networkstr,
"--out-interface", iface,
"--match", "state",
"--state", "ESTABLISHED,RELATED",
"--match", "conntrack",
"--ctstate", "ESTABLISHED,RELATED",
"--jump", "ACCEPT",
NULL);
}