[libvirt] [PATCH v2] nwfilter: Use -m conntrack rather than -m state
Stefan Berger
stefanb at linux.vnet.ibm.com
Wed Aug 7 00:36:29 UTC 2013
On 08/06/2013 08:11 PM, John Ferlan wrote:
> On 08/06/2013 07:46 PM, Stefan Berger wrote:
>> Since iptables version 1.4.16 '-m state --state NEW' is converted to
>> '-m conntrack --ctstate NEW'. Therefore, when encountering this or later
>> versions of iptables use '-m conntrack --ctstate'.
>>
>> Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
>>
>> ---
>> v1->v2:
>> - Fixed a logic bug and adjusted version comparison to use '>='
>> rather than '>'
>>
>> ---
> ACK
Pushed
More information about the libvir-list
mailing list