From 4c3d5a46c27d219213a35dc8fe738e85f92d2392 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Fri, 28 Mar 2014 02:56:43 +0100
Subject: [PATCH] firewall: replace deprecated "state" iptables module with
 "conntrack"

---
 network/iptables       | 4 ++--
 network/qubes-firewall | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/network/iptables b/network/iptables
index 5977ff2..a23bb82 100644
--- a/network/iptables
+++ b/network/iptables
@@ -18,11 +18,11 @@ COMMIT
 :FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [128:12536]
 -A INPUT -i vif+ -p udp -m udp --dport 68 -j DROP
--A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 -A INPUT -p icmp -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -j REJECT --reject-with icmp-host-prohibited
--A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 -A FORWARD -i vif+ -o vif+ -j DROP
 -A FORWARD -i vif+ -j ACCEPT
 -A FORWARD -j DROP
diff --git a/network/qubes-firewall b/network/qubes-firewall
index 2efaeb5..0b8da66 100755
--- a/network/qubes-firewall
+++ b/network/qubes-firewall
@@ -29,7 +29,7 @@ while true; do
 
 	if ! [ "$TRIGGER" = "reload" ]; then continue ; fi
 
-	# Disable forarding to prevent potential "leaks" that might
+	# Disable forwarding to prevent potential "leaks" that might
 	# be bypassing the firewall or some proxy service (e.g. tor)
 	# during the time when the rules are being (re)applied
 	echo "0" > /proc/sys/net/ipv4/ip_forward