libvirt/libvirt-iptables-1.4.18.diff

Index: b/src/util/viriptables.c
===================================================================
--- a/src/util/viriptables.c
+++ b/src/util/viriptables.c
@@ -478,22 +478,22 @@ iptablesForwardAllowRelatedIn(iptablesCo
                                     VIR_SOCKET_ADDR_FAMILY(netaddr),
                                     action,
                                     "--destination", networkstr,
                                     "--in-interface", physdev,
                                     "--out-interface", iface,
-                                    "--match", "state",
-                                    "--state", "ESTABLISHED,RELATED",
+                                    "--match", "conntrack",
+                                    "--ctstate", "ESTABLISHED,RELATED",
                                     "--jump", "ACCEPT",
                                     NULL);
     } else {
         ret = iptablesAddRemoveRule(ctx->forward_filter,
                                     VIR_SOCKET_ADDR_FAMILY(netaddr),
                                     action,
                                     "--destination", networkstr,
                                     "--out-interface", iface,
-                                    "--match", "state",
-                                    "--state", "ESTABLISHED,RELATED",
+                                    "--match", "conntrack",
+                                    "--ctstate", "ESTABLISHED,RELATED",
                                     "--jump", "ACCEPT",
                                     NULL);
     }
     VIR_FREE(networkstr);
     return ret;