From d30e249d4c7d9c3654059074decd643c1a4839e7 Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant Date: Wed, 12 Apr 2017 09:34:02 +0100 Subject: bcp38: iptables 1.6.1 compatibility (#4248) -m state has been removed, now use -m conntrack --ctstate Signed-off-by: Kevin Darbyshire-Bryant --- net/bcp38/files/run.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'net/bcp38/files') diff --git a/net/bcp38/files/run.sh b/net/bcp38/files/run.sh index 00d50342e..736ea52c6 100755 --- a/net/bcp38/files/run.sh +++ b/net/bcp38/files/run.sh @@ -72,9 +72,9 @@ setup_iptables() iptables -N "$IPTABLES_CHAIN" 2>/dev/null iptables -F "$IPTABLES_CHAIN" 2>/dev/null - iptables -I output_rule -m state --state NEW -j "$IPTABLES_CHAIN" - iptables -I input_rule -m state --state NEW -j "$IPTABLES_CHAIN" - iptables -I forwarding_rule -m state --state NEW -j "$IPTABLES_CHAIN" + iptables -I output_rule -m conntrack --ctstate NEW -j "$IPTABLES_CHAIN" + iptables -I input_rule -m conntrack --ctstate NEW -j "$IPTABLES_CHAIN" + iptables -I forwarding_rule -m conntrack --ctstate NEW -j "$IPTABLES_CHAIN" # always accept DHCP traffic iptables -A "$IPTABLES_CHAIN" -p udp --dport 67:68 --sport 67:68 -j RETURN @@ -90,9 +90,9 @@ destroy_ipset() destroy_iptables() { - iptables -D output_rule -m state --state NEW -j "$IPTABLES_CHAIN" 2>/dev/null - iptables -D input_rule -m state --state NEW -j "$IPTABLES_CHAIN" 2>/dev/null - iptables -D forwarding_rule -m state --state NEW -j "$IPTABLES_CHAIN" 2>/dev/null + iptables -D output_rule -m conntrack --ctstate NEW -j "$IPTABLES_CHAIN" 2>/dev/null + iptables -D input_rule -m conntrack --ctstate NEW -j "$IPTABLES_CHAIN" 2>/dev/null + iptables -D forwarding_rule -m conntrack --ctstate NEW -j "$IPTABLES_CHAIN" 2>/dev/null iptables -F "$IPTABLES_CHAIN" 2>/dev/null iptables -X "$IPTABLES_CHAIN" 2>/dev/null } -- cgit v1.2.3