diff --git a/libvirt-iptables-1.4.18.diff b/libvirt-iptables-1.4.18.diff
new file mode 100644
index 0000000..a9158f7
--- /dev/null
+++ b/libvirt-iptables-1.4.18.diff
@@ -0,0 +1,31 @@
+Index: b/src/util/viriptables.c
+===================================================================
+--- a/src/util/viriptables.c
++++ b/src/util/viriptables.c
+@@ -478,22 +478,22 @@ iptablesForwardAllowRelatedIn(iptablesCo
+                                     VIR_SOCKET_ADDR_FAMILY(netaddr),
+                                     action,
+                                     "--destination", networkstr,
+                                     "--in-interface", physdev,
+                                     "--out-interface", iface,
+-                                    "--match", "state",
+-                                    "--state", "ESTABLISHED,RELATED",
++                                    "--match", "conntrack",
++                                    "--ctstate", "ESTABLISHED,RELATED",
+                                     "--jump", "ACCEPT",
+                                     NULL);
+     } else {
+         ret = iptablesAddRemoveRule(ctx->forward_filter,
+                                     VIR_SOCKET_ADDR_FAMILY(netaddr),
+                                     action,
+                                     "--destination", networkstr,
+                                     "--out-interface", iface,
+-                                    "--match", "state",
+-                                    "--state", "ESTABLISHED,RELATED",
++                                    "--match", "conntrack",
++                                    "--ctstate", "ESTABLISHED,RELATED",
+                                     "--jump", "ACCEPT",
+                                     NULL);
+     }
+     VIR_FREE(networkstr);
+     return ret;
diff --git a/libvirt.changes b/libvirt.changes
index e0f7c82..7e63a1d 100644
--- a/libvirt.changes
+++ b/libvirt.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Sun Mar 24 20:05:28 UTC 2013 - seife+obs@b1-systems.com
+
+- add libvirt-iptables-1.4.18.diff, fix masquerading with iptables
+  v1.4.18 (--state match is deprectated, use conntrack instead)
+
 -------------------------------------------------------------------
 Fri Mar  8 12:00:39 MST 2013 - jfehlig@suse.com
 
diff --git a/libvirt.spec b/libvirt.spec
index a3cfde7..b2d4f32 100644
--- a/libvirt.spec
+++ b/libvirt.spec
@@ -422,6 +422,7 @@ Patch0:         ce4557c3-apparmor-tapfd-label.patch
 Patch100:       xen-name-for-devid.patch
 Patch101:       clone.patch
 Patch102:       xen-pv-cdrom.patch
+Patch103:       libvirt-iptables-1.4.18.diff
 # Our patches
 Patch200:       libvirtd-defaults.patch
 Patch201:       libvirtd-init-script.patch
@@ -562,6 +563,7 @@ Authors:
 %patch100 -p1
 %patch101
 %patch102 -p1
+%patch103 -p1
 %patch200 -p1
 %patch201 -p1
 %patch202 -p1