diff --git a/network/iptables b/network/iptables
index 5977ff2..a23bb82 100644
--- a/network/iptables
+++ b/network/iptables
@@ -18,11 +18,11 @@ COMMIT
 :FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [128:12536]
 -A INPUT -i vif+ -p udp -m udp --dport 68 -j DROP
--A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 -A INPUT -p icmp -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -j REJECT --reject-with icmp-host-prohibited
--A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 -A FORWARD -i vif+ -o vif+ -j DROP
 -A FORWARD -i vif+ -j ACCEPT
 -A FORWARD -j DROP
diff --git a/network/qubes-firewall b/network/qubes-firewall
index 2efaeb5..0b8da66 100755
--- a/network/qubes-firewall
+++ b/network/qubes-firewall
@@ -29,7 +29,7 @@ while true; do
 
 	if ! [ "$TRIGGER" = "reload" ]; then continue ; fi
 
-	# Disable forarding to prevent potential "leaks" that might
+	# Disable forwarding to prevent potential "leaks" that might
 	# be bypassing the firewall or some proxy service (e.g. tor)
 	# during the time when the rules are being (re)applied
 	echo "0" > /proc/sys/net/ipv4/ip_forward