From f22b7bb5529b816eef840a1180b677e4ea31b124 Mon Sep 17 00:00:00 2001 From: Matthew Gyurgyik Date: Sun, 19 Dec 2010 22:40:09 -0500 Subject: efw-iptables: Use the iptables conntrack module Make use of the iptables conntrack module instead of the older state module for stateful firewalling. Signed-off-by: David Sommerseth --- plugin/firewall/iptables/efw-iptables.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'plugin') diff --git a/plugin/firewall/iptables/efw-iptables.c b/plugin/firewall/iptables/efw-iptables.c index 6172d5d..4aebbac 100644 --- a/plugin/firewall/iptables/efw-iptables.c +++ b/plugin/firewall/iptables/efw-iptables.c @@ -207,8 +207,8 @@ int process_input(eurephiaCTX *ctx, const char *fwcmd, const eFWupdateRequest *r iptables_args[argc++] = req->macaddress; } iptables_args[argc++] = "-m\0"; - iptables_args[argc++] = "state\0"; - iptables_args[argc++] = "--state\0"; + iptables_args[argc++] = "conntrack\0"; + iptables_args[argc++] = "--ctstate\0"; iptables_args[argc++] = "NEW\0"; iptables_args[argc++] = "-j\0"; iptables_args[argc++] = req->goto_destination; @@ -261,8 +261,8 @@ int process_input(eurephiaCTX *ctx, const char *fwcmd, const eFWupdateRequest *r iptables_args[1] = "-I\0"; iptables_args[2] = req->rule_destination; iptables_args[3] = "-m\0"; - iptables_args[4] = "state\0"; - iptables_args[5] = "--state\0"; + iptables_args[4] = "conntrack\0"; + iptables_args[5] = "--ctstate\0"; iptables_args[6] = "ESTABLISHED,RELATED\0"; iptables_args[7] = "-j\0"; iptables_args[8] = "ACCEPT\0"; -- cgit