bcp38: iptables 1.6.1 compatibility (#4248)

[feed/packages.git] / net / bcp38 / files / run.sh

diff --git a/net/bcp38/files/run.sh b/net/bcp38/files/run.sh
index 00d50342e0e2e0d55a6a7090ac77cb76b566a179..736ea52c638c9f964ca5a166efa2c128b2e4710d 100755 (executable)
--- a/net/bcp38/files/run.sh
+++ b/net/bcp38/files/run.sh
@@ -72,9 +72,9 @@ setup_iptables()
        iptables -N "$IPTABLES_CHAIN" 2>/dev/null
        iptables -F "$IPTABLES_CHAIN" 2>/dev/null
 
-       iptables -I output_rule -m state --state NEW -j "$IPTABLES_CHAIN"
-       iptables -I input_rule -m state --state NEW -j "$IPTABLES_CHAIN"
-       iptables -I forwarding_rule -m state --state NEW -j "$IPTABLES_CHAIN"
+       iptables -I output_rule -m conntrack --ctstate NEW -j "$IPTABLES_CHAIN"
+       iptables -I input_rule -m conntrack --ctstate NEW -j "$IPTABLES_CHAIN"
+       iptables -I forwarding_rule -m conntrack --ctstate NEW -j "$IPTABLES_CHAIN"
 
        # always accept DHCP traffic
        iptables -A "$IPTABLES_CHAIN" -p udp --dport 67:68 --sport 67:68 -j RETURN
@@ -90,9 +90,9 @@ destroy_ipset()
 
 destroy_iptables()
 {
-       iptables -D output_rule -m state --state NEW -j "$IPTABLES_CHAIN" 2>/dev/null
-       iptables -D input_rule -m state --state NEW -j "$IPTABLES_CHAIN" 2>/dev/null
-       iptables -D forwarding_rule -m state --state NEW -j "$IPTABLES_CHAIN" 2>/dev/null
+       iptables -D output_rule -m conntrack --ctstate NEW -j "$IPTABLES_CHAIN" 2>/dev/null
+       iptables -D input_rule -m conntrack --ctstate NEW -j "$IPTABLES_CHAIN" 2>/dev/null
+       iptables -D forwarding_rule -m conntrack --ctstate NEW -j "$IPTABLES_CHAIN" 2>/dev/null
        iptables -F "$IPTABLES_CHAIN" 2>/dev/null
        iptables -X "$IPTABLES_CHAIN" 2>/dev/null
 }