From 2c4aae132a672049c4d0dc63a0f78ab7fda571bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Fri, 4 Apr 2014 11:30:55 +0200 Subject: [PATCH] Use 'conntrack' iptables module instead of obsoleted 'state' --- system-config/iptables | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/system-config/iptables b/system-config/iptables index 5977ff2..a23bb82 100644 --- a/system-config/iptables +++ b/system-config/iptables @@ -18,11 +18,11 @@ COMMIT :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [128:12536] -A INPUT -i vif+ -p udp -m udp --dport 68 -j DROP --A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited --A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT +-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i vif+ -o vif+ -j DROP -A FORWARD -i vif+ -j ACCEPT -A FORWARD -j DROP