[libvirt] [PATCH v2] nwfilter: Use -m conntrack rather than -m state

Stefan Berger stefanb at linux.vnet.ibm.com
Wed Aug 7 00:36:29 UTC 2013


On 08/06/2013 08:11 PM, John Ferlan wrote:
> On 08/06/2013 07:46 PM, Stefan Berger wrote:
>> Since iptables version 1.4.16 '-m state --state NEW' is converted to
>> '-m conntrack --ctstate NEW'. Therefore, when encountering this or later
>> versions of iptables use '-m conntrack --ctstate'.
>>
>> Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
>>
>> ---
>> v1->v2:
>>     - Fixed a logic bug and adjusted version comparison to use '>='
>>       rather than '>'
>>
>> ---
> ACK

Pushed




More information about the libvir-list mailing list