diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c index 54065a0f75..9bdefb1564 100644 --- a/src/nwfilter/nwfilter_ebiptables_driver.c +++ b/src/nwfilter/nwfilter_ebiptables_driver.c @@ -88,8 +88,6 @@ static enum ctdirStatus iptables_ctdir_corrected; #define PRINT_IPT_ROOT_CHAIN(buf, prefix, ifname) \ g_snprintf(buf, sizeof(buf), "%c%c-%s", prefix[0], prefix[1], ifname) -static bool newMatchState; - #define MATCH_PHYSDEV_IN_FW "-m", "physdev", "--physdev-in" #define MATCH_PHYSDEV_OUT_FW "-m", "physdev", "--physdev-is-bridged", "--physdev-out" #define MATCH_PHYSDEV_OUT_OLD_FW "-m", "physdev", "--physdev-out" @@ -1489,16 +1487,10 @@ _iptablesCreateRuleInstance(virFirewall *fw, } if (match && !skipMatch) { - if (newMatchState) - virFirewallRuleAddArgList(fw, fwrule, - "-m", "conntrack", - "--ctstate", match, - NULL); - else - virFirewallRuleAddArgList(fw, fwrule, - "-m", "state", - "--state", match, - NULL); + virFirewallRuleAddArgList(fw, fwrule, + "-m", "conntrack", + "--ctstate", match, + NULL); } if (defMatch && match != NULL && !skipMatch && !hasICMPType) @@ -3668,61 +3660,6 @@ ebiptablesDriverProbeCtdir(void) } -static int -ebiptablesDriverProbeStateMatchQuery(virFirewall *fw G_GNUC_UNUSED, - virFirewallLayer layer G_GNUC_UNUSED, - const char *const *lines, - void *opaque) -{ - unsigned long *version = opaque; - char *tmp; - - if (!lines || !lines[0]) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("No output from iptables --version")); - return -1; - } - - /* - * we expect output in the format - * 'iptables v1.4.16' - */ - if (!(tmp = strchr(lines[0], 'v')) || - virStringParseVersion(version, tmp + 1, true) < 0) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("Cannot parse version string '%s'"), - lines[0]); - return -1; - } - - return 0; -} - - -static int -ebiptablesDriverProbeStateMatch(void) -{ - unsigned long version; - g_autoptr(virFirewall) fw = virFirewallNew(); - - virFirewallStartTransaction(fw, 0); - virFirewallAddRuleFull(fw, VIR_FIREWALL_LAYER_IPV4, - false, ebiptablesDriverProbeStateMatchQuery, &version, - "--version", NULL); - - if (virFirewallApply(fw) < 0) - return -1; - - /* - * since version 1.4.16 '-m state --state ...' will be converted to - * '-m conntrack --ctstate ...' - */ - if (version >= 1 * 1000000 + 4 * 1000 + 16) - newMatchState = true; - - return 0; -} - static int ebiptablesDriverInit(bool privileged) { @@ -3730,8 +3667,6 @@ ebiptablesDriverInit(bool privileged) return 0; ebiptablesDriverProbeCtdir(); - if (ebiptablesDriverProbeStateMatch() < 0) - return -1; ebiptables_driver.flags = TECHDRV_FLAG_INITIALIZED; diff --git a/tests/nwfilterxml2firewalldata/ah-ipv6-linux.args b/tests/nwfilterxml2firewalldata/ah-ipv6-linux.args index f0bf85e8a1..d36d63741a 100644 --- a/tests/nwfilterxml2firewalldata/ah-ipv6-linux.args +++ b/tests/nwfilterxml2firewalldata/ah-ipv6-linux.args @@ -8,8 +8,8 @@ ip6tables \ --destination a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -19,8 +19,8 @@ ip6tables \ --source a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -32,8 +32,8 @@ ip6tables \ --destination a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -42,8 +42,8 @@ ip6tables \ --destination a:b:c::/128 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -54,8 +54,8 @@ ip6tables \ --source a:b:c::/128 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -64,8 +64,8 @@ ip6tables \ --destination a:b:c::/128 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -74,8 +74,8 @@ ip6tables \ --destination ::ffff:10.1.2.3/128 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -86,8 +86,8 @@ ip6tables \ --source ::ffff:10.1.2.3/128 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -96,6 +96,6 @@ ip6tables \ --destination ::ffff:10.1.2.3/128 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/ah-linux.args b/tests/nwfilterxml2firewalldata/ah-linux.args index c7e5c1eb17..886ccfb050 100644 --- a/tests/nwfilterxml2firewalldata/ah-linux.args +++ b/tests/nwfilterxml2firewalldata/ah-linux.args @@ -7,8 +7,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -17,8 +17,8 @@ iptables \ --source 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -29,8 +29,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -39,8 +39,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -51,8 +51,8 @@ iptables \ --source 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -61,8 +61,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -71,8 +71,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -83,8 +83,8 @@ iptables \ --source 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -93,6 +93,6 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/all-ipv6-linux.args b/tests/nwfilterxml2firewalldata/all-ipv6-linux.args index 5eb6033c64..732627c546 100644 --- a/tests/nwfilterxml2firewalldata/all-ipv6-linux.args +++ b/tests/nwfilterxml2firewalldata/all-ipv6-linux.args @@ -8,8 +8,8 @@ ip6tables \ --destination a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -19,8 +19,8 @@ ip6tables \ --source a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -32,8 +32,8 @@ ip6tables \ --destination a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -42,8 +42,8 @@ ip6tables \ --destination a:b:c::/128 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -54,8 +54,8 @@ ip6tables \ --source a:b:c::/128 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -64,8 +64,8 @@ ip6tables \ --destination a:b:c::/128 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -74,8 +74,8 @@ ip6tables \ --destination ::ffff:10.1.2.3/128 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -86,8 +86,8 @@ ip6tables \ --source ::ffff:10.1.2.3/128 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -96,6 +96,6 @@ ip6tables \ --destination ::ffff:10.1.2.3/128 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/all-linux.args b/tests/nwfilterxml2firewalldata/all-linux.args index 187d9ed9ca..a2bc6996d7 100644 --- a/tests/nwfilterxml2firewalldata/all-linux.args +++ b/tests/nwfilterxml2firewalldata/all-linux.args @@ -7,8 +7,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -17,8 +17,8 @@ iptables \ --source 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -29,8 +29,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -39,8 +39,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -51,8 +51,8 @@ iptables \ --source 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -61,8 +61,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -71,8 +71,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -83,8 +83,8 @@ iptables \ --source 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -93,6 +93,6 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/comment-linux.args b/tests/nwfilterxml2firewalldata/comment-linux.args index 2b940ccd84..052b607cb2 100644 --- a/tests/nwfilterxml2firewalldata/comment-linux.args +++ b/tests/nwfilterxml2firewalldata/comment-linux.args @@ -55,8 +55,8 @@ iptables \ --dscp 34 \ --sport 291:400 \ --dport 564:1092 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -m comment \ --comment 'udp rule' \ -j RETURN @@ -69,8 +69,8 @@ iptables \ --dscp 34 \ --dport 291:400 \ --sport 564:1092 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m comment \ --comment 'udp rule' \ -j ACCEPT @@ -85,8 +85,8 @@ iptables \ --dscp 34 \ --sport 291:400 \ --dport 564:1092 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -m comment \ --comment 'udp rule' \ -j RETURN @@ -99,8 +99,8 @@ ip6tables \ --dscp 57 \ --dport 32:33 \ --sport 256:4369 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m comment \ --comment 'tcp/ipv6 rule' \ -j RETURN @@ -115,8 +115,8 @@ ip6tables \ --dscp 57 \ --sport 32:33 \ --dport 256:4369 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -m comment \ --comment 'tcp/ipv6 rule' \ -j ACCEPT @@ -129,8 +129,8 @@ ip6tables \ --dscp 57 \ --dport 32:33 \ --sport 256:4369 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m comment \ --comment 'tcp/ipv6 rule' \ -j RETURN @@ -138,8 +138,8 @@ ip6tables \ -w \ -A FJ-vnet0 \ -p udp \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m comment \ --comment '`ls`;${COLUMNS};$(ls);"test";&'\''3 spaces'\''' \ -j RETURN @@ -147,8 +147,8 @@ ip6tables \ -w \ -A FP-vnet0 \ -p udp \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -m comment \ --comment '`ls`;${COLUMNS};$(ls);"test";&'\''3 spaces'\''' \ -j ACCEPT @@ -156,8 +156,8 @@ ip6tables \ -w \ -A HJ-vnet0 \ -p udp \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m comment \ --comment '`ls`;${COLUMNS};$(ls);"test";&'\''3 spaces'\''' \ -j RETURN @@ -165,8 +165,8 @@ ip6tables \ -w \ -A FJ-vnet0 \ -p sctp \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m comment \ --comment 'comment with lone '\'', `, ", `, \, $x, and two spaces' \ -j RETURN @@ -174,8 +174,8 @@ ip6tables \ -w \ -A FP-vnet0 \ -p sctp \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -m comment \ --comment 'comment with lone '\'', `, ", `, \, $x, and two spaces' \ -j ACCEPT @@ -183,8 +183,8 @@ ip6tables \ -w \ -A HJ-vnet0 \ -p sctp \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m comment \ --comment 'comment with lone '\'', `, ", `, \, $x, and two spaces' \ -j RETURN @@ -192,8 +192,8 @@ ip6tables \ -w \ -A FJ-vnet0 \ -p ah \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m comment \ --comment 'tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp}' \ -j RETURN @@ -201,8 +201,8 @@ ip6tables \ -w \ -A FP-vnet0 \ -p ah \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -m comment \ --comment 'tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp}' \ -j ACCEPT @@ -210,8 +210,8 @@ ip6tables \ -w \ -A HJ-vnet0 \ -p ah \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m comment \ --comment 'tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp}' \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/conntrack-linux.args b/tests/nwfilterxml2firewalldata/conntrack-linux.args index 78495598a1..4e7652e293 100644 --- a/tests/nwfilterxml2firewalldata/conntrack-linux.args +++ b/tests/nwfilterxml2firewalldata/conntrack-linux.args @@ -30,20 +30,20 @@ iptables \ -w \ -A FJ-vnet0 \ -p all \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ -A FP-vnet0 \ -p all \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ -A HJ-vnet0 \ -p all \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/esp-ipv6-linux.args b/tests/nwfilterxml2firewalldata/esp-ipv6-linux.args index 426bdd3083..be58a3f04b 100644 --- a/tests/nwfilterxml2firewalldata/esp-ipv6-linux.args +++ b/tests/nwfilterxml2firewalldata/esp-ipv6-linux.args @@ -8,8 +8,8 @@ ip6tables \ --destination a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -19,8 +19,8 @@ ip6tables \ --source a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -32,8 +32,8 @@ ip6tables \ --destination a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -42,8 +42,8 @@ ip6tables \ --destination a:b:c::/128 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -54,8 +54,8 @@ ip6tables \ --source a:b:c::/128 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -64,8 +64,8 @@ ip6tables \ --destination a:b:c::/128 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -74,8 +74,8 @@ ip6tables \ --destination ::ffff:10.1.2.3/128 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -86,8 +86,8 @@ ip6tables \ --source ::ffff:10.1.2.3/128 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -96,6 +96,6 @@ ip6tables \ --destination ::ffff:10.1.2.3/128 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/esp-linux.args b/tests/nwfilterxml2firewalldata/esp-linux.args index 7cd70afaa1..f8626282e4 100644 --- a/tests/nwfilterxml2firewalldata/esp-linux.args +++ b/tests/nwfilterxml2firewalldata/esp-linux.args @@ -7,8 +7,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -17,8 +17,8 @@ iptables \ --source 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -29,8 +29,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -39,8 +39,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -51,8 +51,8 @@ iptables \ --source 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -61,8 +61,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -71,8 +71,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -83,8 +83,8 @@ iptables \ --source 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -93,6 +93,6 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/example-1-linux.args b/tests/nwfilterxml2firewalldata/example-1-linux.args index 1cc3746d40..32ffb8edfa 100644 --- a/tests/nwfilterxml2firewalldata/example-1-linux.args +++ b/tests/nwfilterxml2firewalldata/example-1-linux.args @@ -3,66 +3,66 @@ iptables \ -A FJ-vnet0 \ -p tcp \ --sport 22 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ -A FP-vnet0 \ -p tcp \ --dport 22 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ -A HJ-vnet0 \ -p tcp \ --sport 22 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ -A FJ-vnet0 \ -p icmp \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ -A FP-vnet0 \ -p icmp \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ -A HJ-vnet0 \ -p icmp \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ -A FJ-vnet0 \ -p all \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ -A FP-vnet0 \ -p all \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ -A HJ-vnet0 \ -p all \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ diff --git a/tests/nwfilterxml2firewalldata/example-2-linux.args b/tests/nwfilterxml2firewalldata/example-2-linux.args index 87462ad954..e7247aeb23 100644 --- a/tests/nwfilterxml2firewalldata/example-2-linux.args +++ b/tests/nwfilterxml2firewalldata/example-2-linux.args @@ -2,8 +2,8 @@ iptables \ -w \ -A FJ-vnet0 \ -p all \ --m state \ ---state ESTABLISHED,RELATED \ +-m conntrack \ +--ctstate ESTABLISHED,RELATED \ -m comment \ --comment 'out: existing and related (ftp) connections' \ -j RETURN @@ -11,8 +11,8 @@ iptables \ -w \ -A HJ-vnet0 \ -p all \ --m state \ ---state ESTABLISHED,RELATED \ +-m conntrack \ +--ctstate ESTABLISHED,RELATED \ -m comment \ --comment 'out: existing and related (ftp) connections' \ -j RETURN @@ -20,8 +20,8 @@ iptables \ -w \ -A FP-vnet0 \ -p all \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m comment \ --comment 'in: existing connections' \ -j ACCEPT @@ -30,8 +30,8 @@ iptables \ -A FP-vnet0 \ -p tcp \ --dport 21:22 \ --m state \ ---state NEW \ +-m conntrack \ +--ctstate NEW \ -m comment \ --comment 'in: ftp and ssh' \ -j ACCEPT @@ -39,8 +39,8 @@ iptables \ -w \ -A FP-vnet0 \ -p icmp \ --m state \ ---state NEW \ +-m conntrack \ +--ctstate NEW \ -m comment \ --comment 'in: icmp' \ -j ACCEPT @@ -49,8 +49,8 @@ iptables \ -A FJ-vnet0 \ -p udp \ --dport 53 \ --m state \ ---state NEW \ +-m conntrack \ +--ctstate NEW \ -m comment \ --comment 'out: DNS lookups' \ -j RETURN @@ -59,8 +59,8 @@ iptables \ -A HJ-vnet0 \ -p udp \ --dport 53 \ --m state \ ---state NEW \ +-m conntrack \ +--ctstate NEW \ -m comment \ --comment 'out: DNS lookups' \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/hex-data-linux.args b/tests/nwfilterxml2firewalldata/hex-data-linux.args index ff8f528c48..8b09922a65 100644 --- a/tests/nwfilterxml2firewalldata/hex-data-linux.args +++ b/tests/nwfilterxml2firewalldata/hex-data-linux.args @@ -55,8 +55,8 @@ iptables \ --dscp 34 \ --sport 291:400 \ --dport 564:1092 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -67,8 +67,8 @@ iptables \ --dscp 34 \ --dport 291:400 \ --sport 564:1092 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -81,8 +81,8 @@ iptables \ --dscp 34 \ --sport 291:400 \ --dport 564:1092 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -93,8 +93,8 @@ ip6tables \ --dscp 57 \ --dport 32:33 \ --sport 256:4369 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -107,8 +107,8 @@ ip6tables \ --dscp 57 \ --sport 32:33 \ --dport 256:4369 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -119,6 +119,6 @@ ip6tables \ --dscp 57 \ --dport 32:33 \ --sport 256:4369 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/icmp-direction-linux.args b/tests/nwfilterxml2firewalldata/icmp-direction-linux.args index 7548aaeba5..a7ad6ac9d8 100644 --- a/tests/nwfilterxml2firewalldata/icmp-direction-linux.args +++ b/tests/nwfilterxml2firewalldata/icmp-direction-linux.args @@ -3,24 +3,24 @@ iptables \ -A FP-vnet0 \ -p icmp \ --icmp-type 0 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ -A FJ-vnet0 \ -p icmp \ --icmp-type 8 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ -A HJ-vnet0 \ -p icmp \ --icmp-type 8 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ diff --git a/tests/nwfilterxml2firewalldata/icmp-direction2-linux.args b/tests/nwfilterxml2firewalldata/icmp-direction2-linux.args index 026702caee..a1873e7448 100644 --- a/tests/nwfilterxml2firewalldata/icmp-direction2-linux.args +++ b/tests/nwfilterxml2firewalldata/icmp-direction2-linux.args @@ -3,24 +3,24 @@ iptables \ -A FP-vnet0 \ -p icmp \ --icmp-type 8 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ -A FJ-vnet0 \ -p icmp \ --icmp-type 0 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ -A HJ-vnet0 \ -p icmp \ --icmp-type 0 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ diff --git a/tests/nwfilterxml2firewalldata/icmp-direction3-linux.args b/tests/nwfilterxml2firewalldata/icmp-direction3-linux.args index 6ee6a4f84a..1fc7993908 100644 --- a/tests/nwfilterxml2firewalldata/icmp-direction3-linux.args +++ b/tests/nwfilterxml2firewalldata/icmp-direction3-linux.args @@ -2,22 +2,22 @@ iptables \ -w \ -A FJ-vnet0 \ -p icmp \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ -A FP-vnet0 \ -p icmp \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ -A HJ-vnet0 \ -p icmp \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ diff --git a/tests/nwfilterxml2firewalldata/icmp-linux.args b/tests/nwfilterxml2firewalldata/icmp-linux.args index d688e29213..02f9bf0c06 100644 --- a/tests/nwfilterxml2firewalldata/icmp-linux.args +++ b/tests/nwfilterxml2firewalldata/icmp-linux.args @@ -8,8 +8,8 @@ iptables \ -m dscp \ --dscp 2 \ --icmp-type 12/11 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -21,8 +21,8 @@ iptables \ -m dscp \ --dscp 2 \ --icmp-type 12/11 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -34,6 +34,6 @@ iptables \ -m dscp \ --dscp 33 \ --icmp-type 255/255 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT diff --git a/tests/nwfilterxml2firewalldata/icmpv6-linux.args b/tests/nwfilterxml2firewalldata/icmpv6-linux.args index 5a8546e5c8..b7f184f9b3 100644 --- a/tests/nwfilterxml2firewalldata/icmpv6-linux.args +++ b/tests/nwfilterxml2firewalldata/icmpv6-linux.args @@ -9,8 +9,8 @@ ip6tables \ -m dscp \ --dscp 2 \ --icmpv6-type 12/11 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -23,8 +23,8 @@ ip6tables \ -m dscp \ --dscp 2 \ --icmpv6-type 12/11 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -36,8 +36,8 @@ ip6tables \ -m dscp \ --dscp 33 \ --icmpv6-type 255/255 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -49,6 +49,6 @@ ip6tables \ -m dscp \ --dscp 33 \ --icmpv6-type 255/255 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT diff --git a/tests/nwfilterxml2firewalldata/igmp-linux.args b/tests/nwfilterxml2firewalldata/igmp-linux.args index b954b0ae99..c0add2539b 100644 --- a/tests/nwfilterxml2firewalldata/igmp-linux.args +++ b/tests/nwfilterxml2firewalldata/igmp-linux.args @@ -7,8 +7,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -17,8 +17,8 @@ iptables \ --source 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -29,8 +29,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -39,8 +39,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -51,8 +51,8 @@ iptables \ --source 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -61,8 +61,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -71,8 +71,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -83,8 +83,8 @@ iptables \ --source 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -93,6 +93,6 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/ipset-linux.args b/tests/nwfilterxml2firewalldata/ipset-linux.args index 5cdb151354..6848f64541 100644 --- a/tests/nwfilterxml2firewalldata/ipset-linux.args +++ b/tests/nwfilterxml2firewalldata/ipset-linux.args @@ -2,8 +2,8 @@ iptables \ -w \ -A FJ-vnet0 \ -p all \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -m set \ --match-set tck_test src,dst \ -j RETURN @@ -11,8 +11,8 @@ iptables \ -w \ -A FP-vnet0 \ -p all \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m set \ --match-set tck_test dst,src \ -j ACCEPT @@ -20,8 +20,8 @@ iptables \ -w \ -A HJ-vnet0 \ -p all \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -m set \ --match-set tck_test src,dst \ -j RETURN @@ -56,8 +56,8 @@ iptables \ -w \ -A FJ-vnet0 \ -p all \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m set \ --match-set tck_test dst,src,dst \ -j RETURN @@ -65,8 +65,8 @@ iptables \ -w \ -A FP-vnet0 \ -p all \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -m set \ --match-set tck_test src,dst,src \ -j ACCEPT @@ -74,8 +74,8 @@ iptables \ -w \ -A HJ-vnet0 \ -p all \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m set \ --match-set tck_test dst,src,dst \ -j RETURN @@ -83,8 +83,8 @@ iptables \ -w \ -A FJ-vnet0 \ -p all \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m set \ --match-set tck_test dst,src,dst \ -j RETURN @@ -92,8 +92,8 @@ iptables \ -w \ -A FP-vnet0 \ -p all \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -m set \ --match-set tck_test src,dst,src \ -j ACCEPT @@ -101,8 +101,8 @@ iptables \ -w \ -A HJ-vnet0 \ -p all \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m set \ --match-set tck_test dst,src,dst \ -j RETURN @@ -110,8 +110,8 @@ iptables \ -w \ -A FJ-vnet0 \ -p all \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m set \ --match-set tck_test dst,src \ -j RETURN @@ -119,8 +119,8 @@ iptables \ -w \ -A FP-vnet0 \ -p all \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -m set \ --match-set tck_test src,dst \ -j ACCEPT @@ -128,8 +128,8 @@ iptables \ -w \ -A HJ-vnet0 \ -p all \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m set \ --match-set tck_test dst,src \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/iter1-linux.args b/tests/nwfilterxml2firewalldata/iter1-linux.args index 9bdad18748..e50c768f67 100644 --- a/tests/nwfilterxml2firewalldata/iter1-linux.args +++ b/tests/nwfilterxml2firewalldata/iter1-linux.args @@ -6,8 +6,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -17,8 +17,8 @@ iptables \ -m dscp \ --dscp 2 \ --dport 80 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -28,8 +28,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -39,8 +39,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 90 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -50,8 +50,8 @@ iptables \ -m dscp \ --dscp 2 \ --dport 90 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -61,8 +61,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 90 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -72,8 +72,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -83,8 +83,8 @@ iptables \ -m dscp \ --dscp 2 \ --dport 80 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -94,6 +94,6 @@ iptables \ -m dscp \ --dscp 2 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/iter2-linux.args b/tests/nwfilterxml2firewalldata/iter2-linux.args index b088350ee5..7f2b0e4565 100644 --- a/tests/nwfilterxml2firewalldata/iter2-linux.args +++ b/tests/nwfilterxml2firewalldata/iter2-linux.args @@ -6,8 +6,8 @@ iptables \ -m dscp \ --dscp 1 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -17,8 +17,8 @@ iptables \ -m dscp \ --dscp 1 \ --dport 80 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -28,8 +28,8 @@ iptables \ -m dscp \ --dscp 1 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -39,8 +39,8 @@ iptables \ -m dscp \ --dscp 1 \ --sport 90 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -50,8 +50,8 @@ iptables \ -m dscp \ --dscp 1 \ --dport 90 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -61,8 +61,8 @@ iptables \ -m dscp \ --dscp 1 \ --sport 90 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -72,8 +72,8 @@ iptables \ -m dscp \ --dscp 1 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -83,8 +83,8 @@ iptables \ -m dscp \ --dscp 1 \ --dport 80 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -94,8 +94,8 @@ iptables \ -m dscp \ --dscp 1 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -105,8 +105,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -116,8 +116,8 @@ iptables \ -m dscp \ --dscp 2 \ --dport 80 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -127,8 +127,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -138,8 +138,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -149,8 +149,8 @@ iptables \ -m dscp \ --dscp 2 \ --dport 80 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -160,8 +160,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -171,8 +171,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -182,8 +182,8 @@ iptables \ -m dscp \ --dscp 2 \ --dport 80 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -193,8 +193,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -204,8 +204,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 90 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -215,8 +215,8 @@ iptables \ -m dscp \ --dscp 2 \ --dport 90 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -226,8 +226,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 90 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -237,8 +237,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 90 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -248,8 +248,8 @@ iptables \ -m dscp \ --dscp 2 \ --dport 90 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -259,8 +259,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 90 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -270,8 +270,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 90 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -281,8 +281,8 @@ iptables \ -m dscp \ --dscp 2 \ --dport 90 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -292,8 +292,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 90 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -304,8 +304,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -316,8 +316,8 @@ iptables \ --dscp 3 \ --dport 80 \ --sport 1080 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -328,8 +328,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -340,8 +340,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -352,8 +352,8 @@ iptables \ --dscp 3 \ --dport 80 \ --sport 1080 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -364,8 +364,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -376,8 +376,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -388,8 +388,8 @@ iptables \ --dscp 3 \ --dport 80 \ --sport 1080 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -400,8 +400,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -412,8 +412,8 @@ iptables \ --dscp 3 \ --sport 90 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -424,8 +424,8 @@ iptables \ --dscp 3 \ --dport 90 \ --sport 1090 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -436,8 +436,8 @@ iptables \ --dscp 3 \ --sport 90 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -448,8 +448,8 @@ iptables \ --dscp 3 \ --sport 90 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -460,8 +460,8 @@ iptables \ --dscp 3 \ --dport 90 \ --sport 1090 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -472,8 +472,8 @@ iptables \ --dscp 3 \ --sport 90 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -484,8 +484,8 @@ iptables \ --dscp 3 \ --sport 90 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -496,8 +496,8 @@ iptables \ --dscp 3 \ --dport 90 \ --sport 1090 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -508,8 +508,8 @@ iptables \ --dscp 3 \ --sport 90 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -520,8 +520,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -532,8 +532,8 @@ iptables \ --dscp 3 \ --dport 80 \ --sport 1100 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -544,8 +544,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -556,8 +556,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -568,8 +568,8 @@ iptables \ --dscp 3 \ --dport 80 \ --sport 1100 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -580,8 +580,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -592,8 +592,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -604,8 +604,8 @@ iptables \ --dscp 3 \ --dport 80 \ --sport 1100 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -616,8 +616,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -628,8 +628,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -640,8 +640,8 @@ iptables \ --dscp 3 \ --dport 80 \ --sport 1110 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -652,8 +652,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -664,8 +664,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -676,8 +676,8 @@ iptables \ --dscp 3 \ --dport 80 \ --sport 1110 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -688,8 +688,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -700,8 +700,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -712,8 +712,8 @@ iptables \ --dscp 3 \ --dport 80 \ --sport 1110 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -724,8 +724,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -736,8 +736,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -748,8 +748,8 @@ iptables \ --dscp 4 \ --dport 80 \ --sport 1080 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -760,8 +760,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -772,8 +772,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -784,8 +784,8 @@ iptables \ --dscp 4 \ --dport 80 \ --sport 1080 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -796,8 +796,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -808,8 +808,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -820,8 +820,8 @@ iptables \ --dscp 4 \ --dport 80 \ --sport 1080 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -832,8 +832,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -844,8 +844,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -856,8 +856,8 @@ iptables \ --dscp 4 \ --dport 90 \ --sport 1080 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -868,8 +868,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -880,8 +880,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -892,8 +892,8 @@ iptables \ --dscp 4 \ --dport 90 \ --sport 1080 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -904,8 +904,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -916,8 +916,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -928,8 +928,8 @@ iptables \ --dscp 4 \ --dport 90 \ --sport 1080 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -940,8 +940,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1080 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -952,8 +952,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -964,8 +964,8 @@ iptables \ --dscp 4 \ --dport 80 \ --sport 1090 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -976,8 +976,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -988,8 +988,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1000,8 +1000,8 @@ iptables \ --dscp 4 \ --dport 80 \ --sport 1090 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1012,8 +1012,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1024,8 +1024,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1036,8 +1036,8 @@ iptables \ --dscp 4 \ --dport 80 \ --sport 1090 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1048,8 +1048,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1060,8 +1060,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1072,8 +1072,8 @@ iptables \ --dscp 4 \ --dport 90 \ --sport 1090 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1084,8 +1084,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1096,8 +1096,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1108,8 +1108,8 @@ iptables \ --dscp 4 \ --dport 90 \ --sport 1090 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1120,8 +1120,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1132,8 +1132,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1144,8 +1144,8 @@ iptables \ --dscp 4 \ --dport 90 \ --sport 1090 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1156,8 +1156,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1090 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1168,8 +1168,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1180,8 +1180,8 @@ iptables \ --dscp 4 \ --dport 80 \ --sport 1100 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1192,8 +1192,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1204,8 +1204,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1216,8 +1216,8 @@ iptables \ --dscp 4 \ --dport 80 \ --sport 1100 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1228,8 +1228,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1240,8 +1240,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1252,8 +1252,8 @@ iptables \ --dscp 4 \ --dport 80 \ --sport 1100 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1264,8 +1264,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1276,8 +1276,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1288,8 +1288,8 @@ iptables \ --dscp 4 \ --dport 90 \ --sport 1100 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1300,8 +1300,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1312,8 +1312,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1324,8 +1324,8 @@ iptables \ --dscp 4 \ --dport 90 \ --sport 1100 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1336,8 +1336,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1348,8 +1348,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1360,8 +1360,8 @@ iptables \ --dscp 4 \ --dport 90 \ --sport 1100 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1372,8 +1372,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1384,8 +1384,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1396,8 +1396,8 @@ iptables \ --dscp 4 \ --dport 80 \ --sport 1110 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1408,8 +1408,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1420,8 +1420,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1432,8 +1432,8 @@ iptables \ --dscp 4 \ --dport 80 \ --sport 1110 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1444,8 +1444,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1456,8 +1456,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1468,8 +1468,8 @@ iptables \ --dscp 4 \ --dport 80 \ --sport 1110 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1480,8 +1480,8 @@ iptables \ --dscp 4 \ --sport 80 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1492,8 +1492,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1504,8 +1504,8 @@ iptables \ --dscp 4 \ --dport 90 \ --sport 1110 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1516,8 +1516,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1528,8 +1528,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1540,8 +1540,8 @@ iptables \ --dscp 4 \ --dport 90 \ --sport 1110 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1552,8 +1552,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1564,8 +1564,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1576,8 +1576,8 @@ iptables \ --dscp 4 \ --dport 90 \ --sport 1110 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1588,8 +1588,8 @@ iptables \ --dscp 4 \ --sport 90 \ --dport 1110 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1599,8 +1599,8 @@ iptables \ --destination 1.1.1.1 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1610,8 +1610,8 @@ iptables \ --source 1.1.1.1 \ -m dscp \ --dscp 5 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1621,8 +1621,8 @@ iptables \ --destination 1.1.1.1 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1632,8 +1632,8 @@ iptables \ --destination 1.1.1.1 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1643,8 +1643,8 @@ iptables \ --source 1.1.1.1 \ -m dscp \ --dscp 5 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1654,8 +1654,8 @@ iptables \ --destination 1.1.1.1 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1665,8 +1665,8 @@ iptables \ --destination 1.1.1.1 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1676,8 +1676,8 @@ iptables \ --source 1.1.1.1 \ -m dscp \ --dscp 5 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1687,8 +1687,8 @@ iptables \ --destination 1.1.1.1 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1698,8 +1698,8 @@ iptables \ --destination 2.2.2.2 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1709,8 +1709,8 @@ iptables \ --source 2.2.2.2 \ -m dscp \ --dscp 5 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1720,8 +1720,8 @@ iptables \ --destination 2.2.2.2 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1731,8 +1731,8 @@ iptables \ --destination 2.2.2.2 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1742,8 +1742,8 @@ iptables \ --source 2.2.2.2 \ -m dscp \ --dscp 5 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1753,8 +1753,8 @@ iptables \ --destination 2.2.2.2 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1764,8 +1764,8 @@ iptables \ --destination 2.2.2.2 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1775,8 +1775,8 @@ iptables \ --source 2.2.2.2 \ -m dscp \ --dscp 5 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1786,8 +1786,8 @@ iptables \ --destination 2.2.2.2 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1797,8 +1797,8 @@ iptables \ --destination 3.3.3.3 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1808,8 +1808,8 @@ iptables \ --source 3.3.3.3 \ -m dscp \ --dscp 5 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1819,8 +1819,8 @@ iptables \ --destination 3.3.3.3 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1830,8 +1830,8 @@ iptables \ --destination 3.3.3.3 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1841,8 +1841,8 @@ iptables \ --source 3.3.3.3 \ -m dscp \ --dscp 5 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1852,8 +1852,8 @@ iptables \ --destination 3.3.3.3 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1863,8 +1863,8 @@ iptables \ --destination 3.3.3.3 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1874,8 +1874,8 @@ iptables \ --source 3.3.3.3 \ -m dscp \ --dscp 5 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1885,8 +1885,8 @@ iptables \ --destination 3.3.3.3 \ -m dscp \ --dscp 5 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1896,8 +1896,8 @@ iptables \ --destination 1.1.1.1 \ -m dscp \ --dscp 6 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1907,8 +1907,8 @@ iptables \ --source 1.1.1.1 \ -m dscp \ --dscp 6 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1918,8 +1918,8 @@ iptables \ --destination 1.1.1.1 \ -m dscp \ --dscp 6 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1929,8 +1929,8 @@ iptables \ --destination 2.2.2.2 \ -m dscp \ --dscp 6 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1940,8 +1940,8 @@ iptables \ --source 2.2.2.2 \ -m dscp \ --dscp 6 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1951,8 +1951,8 @@ iptables \ --destination 2.2.2.2 \ -m dscp \ --dscp 6 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1962,8 +1962,8 @@ iptables \ --destination 3.3.3.3 \ -m dscp \ --dscp 6 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -1973,8 +1973,8 @@ iptables \ --source 3.3.3.3 \ -m dscp \ --dscp 6 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -1984,6 +1984,6 @@ iptables \ --destination 3.3.3.3 \ -m dscp \ --dscp 6 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/iter3-linux.args b/tests/nwfilterxml2firewalldata/iter3-linux.args index cc6d442c75..1bc769bcd4 100644 --- a/tests/nwfilterxml2firewalldata/iter3-linux.args +++ b/tests/nwfilterxml2firewalldata/iter3-linux.args @@ -6,8 +6,8 @@ iptables \ -m dscp \ --dscp 1 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -17,8 +17,8 @@ iptables \ -m dscp \ --dscp 1 \ --dport 80 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -28,8 +28,8 @@ iptables \ -m dscp \ --dscp 1 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -39,8 +39,8 @@ iptables \ -m dscp \ --dscp 1 \ --sport 90 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -50,8 +50,8 @@ iptables \ -m dscp \ --dscp 1 \ --dport 90 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -61,8 +61,8 @@ iptables \ -m dscp \ --dscp 1 \ --sport 90 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -72,8 +72,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -83,8 +83,8 @@ iptables \ -m dscp \ --dscp 2 \ --dport 80 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -94,8 +94,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -105,8 +105,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 90 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -116,8 +116,8 @@ iptables \ -m dscp \ --dscp 2 \ --dport 90 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -127,8 +127,8 @@ iptables \ -m dscp \ --dscp 2 \ --sport 90 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -139,8 +139,8 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -151,8 +151,8 @@ iptables \ --dscp 3 \ --dport 80 \ --sport 1100 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -163,6 +163,6 @@ iptables \ --dscp 3 \ --sport 80 \ --dport 1100 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/sctp-ipv6-linux.args b/tests/nwfilterxml2firewalldata/sctp-ipv6-linux.args index 086c11ca52..55b2b10037 100644 --- a/tests/nwfilterxml2firewalldata/sctp-ipv6-linux.args +++ b/tests/nwfilterxml2firewalldata/sctp-ipv6-linux.args @@ -7,8 +7,8 @@ ip6tables \ --destination a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -17,8 +17,8 @@ ip6tables \ --source a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -29,8 +29,8 @@ ip6tables \ --destination a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -41,8 +41,8 @@ ip6tables \ --dscp 33 \ --dport 20:21 \ --sport 100:1111 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -55,8 +55,8 @@ ip6tables \ --dscp 33 \ --sport 20:21 \ --dport 100:1111 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -67,8 +67,8 @@ ip6tables \ --dscp 33 \ --dport 20:21 \ --sport 100:1111 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -79,8 +79,8 @@ ip6tables \ --dscp 63 \ --dport 255:256 \ --sport 65535:65535 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -93,8 +93,8 @@ ip6tables \ --dscp 63 \ --sport 255:256 \ --dport 65535:65535 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -105,6 +105,6 @@ ip6tables \ --dscp 63 \ --dport 255:256 \ --sport 65535:65535 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/sctp-linux.args b/tests/nwfilterxml2firewalldata/sctp-linux.args index a3c5a7a72d..881f70ed72 100644 --- a/tests/nwfilterxml2firewalldata/sctp-linux.args +++ b/tests/nwfilterxml2firewalldata/sctp-linux.args @@ -7,8 +7,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -17,8 +17,8 @@ iptables \ --source 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -29,8 +29,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -41,8 +41,8 @@ iptables \ --dscp 33 \ --dport 20:21 \ --sport 100:1111 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -55,8 +55,8 @@ iptables \ --dscp 33 \ --sport 20:21 \ --dport 100:1111 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -67,8 +67,8 @@ iptables \ --dscp 33 \ --dport 20:21 \ --sport 100:1111 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -79,8 +79,8 @@ iptables \ --dscp 63 \ --dport 255:256 \ --sport 65535:65535 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -93,8 +93,8 @@ iptables \ --dscp 63 \ --sport 255:256 \ --dport 65535:65535 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -105,6 +105,6 @@ iptables \ --dscp 63 \ --dport 255:256 \ --sport 65535:65535 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/target-linux.args b/tests/nwfilterxml2firewalldata/target-linux.args index abb01debf9..54d97307d9 100644 --- a/tests/nwfilterxml2firewalldata/target-linux.args +++ b/tests/nwfilterxml2firewalldata/target-linux.args @@ -49,8 +49,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -m comment \ --comment 'accept rule -- dir out' \ -j RETURN @@ -61,8 +61,8 @@ iptables \ --source 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m comment \ --comment 'accept rule -- dir out' \ -j ACCEPT @@ -75,8 +75,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -m comment \ --comment 'accept rule -- dir out' \ -j RETURN @@ -155,8 +155,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m comment \ --comment 'accept rule -- dir in' \ -j RETURN @@ -169,8 +169,8 @@ iptables \ --source 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -m comment \ --comment 'accept rule -- dir in' \ -j ACCEPT @@ -181,8 +181,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -m comment \ --comment 'accept rule -- dir in' \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/target2-linux.args b/tests/nwfilterxml2firewalldata/target2-linux.args index c774f6f24a..915f1ebb2b 100644 --- a/tests/nwfilterxml2firewalldata/target2-linux.args +++ b/tests/nwfilterxml2firewalldata/target2-linux.args @@ -21,24 +21,24 @@ iptables \ -A FJ-vnet0 \ -p tcp \ --sport 80 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ -A FP-vnet0 \ -p tcp \ --dport 80 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ -A HJ-vnet0 \ -p tcp \ --sport 80 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ diff --git a/tests/nwfilterxml2firewalldata/tcp-ipv6-linux.args b/tests/nwfilterxml2firewalldata/tcp-ipv6-linux.args index 50b5514a3b..9463d5a4c4 100644 --- a/tests/nwfilterxml2firewalldata/tcp-ipv6-linux.args +++ b/tests/nwfilterxml2firewalldata/tcp-ipv6-linux.args @@ -7,8 +7,8 @@ ip6tables \ --destination a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -17,8 +17,8 @@ ip6tables \ --source a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -29,8 +29,8 @@ ip6tables \ --destination a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -41,8 +41,8 @@ ip6tables \ --dscp 33 \ --dport 20:21 \ --sport 100:1111 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -55,8 +55,8 @@ ip6tables \ --dscp 33 \ --sport 20:21 \ --dport 100:1111 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -67,8 +67,8 @@ ip6tables \ --dscp 33 \ --dport 20:21 \ --sport 100:1111 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -79,8 +79,8 @@ ip6tables \ --dscp 63 \ --dport 255:256 \ --sport 65535:65535 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -93,8 +93,8 @@ ip6tables \ --dscp 63 \ --sport 255:256 \ --dport 65535:65535 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -105,6 +105,6 @@ ip6tables \ --dscp 63 \ --dport 255:256 \ --sport 65535:65535 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/tcp-linux.args b/tests/nwfilterxml2firewalldata/tcp-linux.args index 74ac4a6733..ae2d05a753 100644 --- a/tests/nwfilterxml2firewalldata/tcp-linux.args +++ b/tests/nwfilterxml2firewalldata/tcp-linux.args @@ -7,8 +7,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -17,8 +17,8 @@ iptables \ --source 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -29,8 +29,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ diff --git a/tests/nwfilterxml2firewalldata/udp-ipv6-linux.args b/tests/nwfilterxml2firewalldata/udp-ipv6-linux.args index 6feec12a04..1df20ae139 100644 --- a/tests/nwfilterxml2firewalldata/udp-ipv6-linux.args +++ b/tests/nwfilterxml2firewalldata/udp-ipv6-linux.args @@ -7,8 +7,8 @@ ip6tables \ --destination a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -17,8 +17,8 @@ ip6tables \ --source a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -29,8 +29,8 @@ ip6tables \ --destination a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -41,8 +41,8 @@ ip6tables \ --dscp 33 \ --dport 20:21 \ --sport 100:1111 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -55,8 +55,8 @@ ip6tables \ --dscp 33 \ --sport 20:21 \ --dport 100:1111 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -67,8 +67,8 @@ ip6tables \ --dscp 33 \ --dport 20:21 \ --sport 100:1111 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -79,8 +79,8 @@ ip6tables \ --dscp 63 \ --dport 255:256 \ --sport 65535:65535 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -93,8 +93,8 @@ ip6tables \ --dscp 63 \ --sport 255:256 \ --dport 65535:65535 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -105,6 +105,6 @@ ip6tables \ --dscp 63 \ --dport 255:256 \ --sport 65535:65535 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/udp-linux.args b/tests/nwfilterxml2firewalldata/udp-linux.args index 32a8f56dfc..0a04a636ae 100644 --- a/tests/nwfilterxml2firewalldata/udp-linux.args +++ b/tests/nwfilterxml2firewalldata/udp-linux.args @@ -7,8 +7,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -17,8 +17,8 @@ iptables \ --source 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -29,8 +29,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -41,8 +41,8 @@ iptables \ --dscp 33 \ --dport 20:21 \ --sport 100:1111 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -55,8 +55,8 @@ iptables \ --dscp 33 \ --sport 20:21 \ --dport 100:1111 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -67,8 +67,8 @@ iptables \ --dscp 33 \ --dport 20:21 \ --sport 100:1111 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -79,8 +79,8 @@ iptables \ --dscp 63 \ --dport 255:256 \ --sport 65535:65535 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -93,8 +93,8 @@ iptables \ --dscp 63 \ --sport 255:256 \ --dport 65535:65535 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -105,6 +105,6 @@ iptables \ --dscp 63 \ --dport 255:256 \ --sport 65535:65535 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/udplite-ipv6-linux.args b/tests/nwfilterxml2firewalldata/udplite-ipv6-linux.args index 6be6aa0069..4c1d254ba8 100644 --- a/tests/nwfilterxml2firewalldata/udplite-ipv6-linux.args +++ b/tests/nwfilterxml2firewalldata/udplite-ipv6-linux.args @@ -8,8 +8,8 @@ ip6tables \ --destination a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -19,8 +19,8 @@ ip6tables \ --source a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -32,8 +32,8 @@ ip6tables \ --destination a:b:c::d:e:f/128 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -42,8 +42,8 @@ ip6tables \ --destination a:b:c::/128 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -54,8 +54,8 @@ ip6tables \ --source a:b:c::/128 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -64,8 +64,8 @@ ip6tables \ --destination a:b:c::/128 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -74,8 +74,8 @@ ip6tables \ --destination ::ffff:10.1.2.3/128 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN ip6tables \ -w \ @@ -86,8 +86,8 @@ ip6tables \ --source ::ffff:10.1.2.3/128 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT ip6tables \ -w \ @@ -96,6 +96,6 @@ ip6tables \ --destination ::ffff:10.1.2.3/128 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN diff --git a/tests/nwfilterxml2firewalldata/udplite-linux.args b/tests/nwfilterxml2firewalldata/udplite-linux.args index 8f3a9e8f24..7e85aaf15d 100644 --- a/tests/nwfilterxml2firewalldata/udplite-linux.args +++ b/tests/nwfilterxml2firewalldata/udplite-linux.args @@ -7,8 +7,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -17,8 +17,8 @@ iptables \ --source 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -29,8 +29,8 @@ iptables \ --destination 10.1.2.3/32 \ -m dscp \ --dscp 2 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j RETURN iptables \ -w \ @@ -39,8 +39,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -51,8 +51,8 @@ iptables \ --source 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -61,8 +61,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -71,8 +71,8 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN iptables \ -w \ @@ -83,8 +83,8 @@ iptables \ --source 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state NEW,ESTABLISHED \ +-m conntrack \ +--ctstate NEW,ESTABLISHED \ -j ACCEPT iptables \ -w \ @@ -93,6 +93,6 @@ iptables \ --destination 10.1.2.3/22 \ -m dscp \ --dscp 33 \ --m state \ ---state ESTABLISHED \ +-m conntrack \ +--ctstate ESTABLISHED \ -j RETURN