system-config-firewall conntrack patch

[Andrew Wyatt]

Howdy folks, saw that you hadn't patched system-config-firewall to 
support conntrack so I thought I'd send our patch your way.  Not a large 
contribution by any means, but I hope it helps.

diff -rupN system-config-firewall-1.2.29.orig/src/fw_iptables.py 
system-config-firewall-1.2.29/src/fw_iptables.py
--- system-config-firewall-1.2.29.orig/src/fw_iptables.py 2012-12-24 
14:44:23.094496819 -0500
+++ system-config-firewall-1.2.29/src/fw_iptables.py    2012-12-24 
14:46:06.040498696 -0500
@@ -362,7 +362,7 @@ class iptablesClass:

          # accept established and related connections as early as possible
          #   RELATED is extremely important as it matches ICMP error 
messages
-        fd.write("-A INPUT -m state --state ESTABLISHED,RELATED -j 
ACCEPT\n")
+        fd.write("-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED 
-j ACCEPT\n")

          # icmp
          self._icmp(conf, fd, "INPUT", reject_type)
@@ -377,7 +377,7 @@ class iptablesClass:
              for fwd in conf.forward_port:
                  if fwd.has_key("toaddr"):
                      continue
-                line = "-A INPUT -i %s -m state --state NEW -m %s -p 
%s" % \
+                line = "-A INPUT -i %s -m conntrack --ctstate NEW -m %s 
-p %s" % \
                      (fwd["if"], fwd["proto"], fwd["proto"])
                  if fwd.has_key("toport"):
                      line += " --dport %s" % self._portStr(fwd["toport"])
@@ -394,7 +394,7 @@ class iptablesClass:
                      _dest = ""
                      _port = ""
                      if proto in [ "tcp", "udp" ]:
-                        _state = "-m state --state NEW "
+                        _state = "-m conntrack --ctstate NEW "
                          _proto = "-m %s -p %s " % (proto, proto)
                      else:
                          if self.type == "ipv4":
@@ -411,7 +411,7 @@ class iptablesClass:
          # open ports
          if conf.ports and len(conf.ports) > 0:
              for (ports, proto) in conf.ports:
-                fd.write("-A INPUT -m state --state NEW -m %s -p %s 
--dport %s "
+                fd.write("-A INPUT -m conntrack --ctstate NEW -m %s -p 
%s --dport %s "
                           "-j ACCEPT\n" % (proto, proto, 
self._portStr(ports)))

          # FORWARD
@@ -419,7 +419,7 @@ class iptablesClass:
                  (self.type == "ipv4" and conf.masq and len(conf.masq) 
 > 0) or \
                  (self.type == "ipv4" and remote_forward):
              # accept established and related connections
-            fd.write("-A FORWARD -m state --state ESTABLISHED,RELATED "
+            fd.write("-A FORWARD -m conntrack --ctstate 
ESTABLISHED,RELATED "
                       "-j ACCEPT\n")
              # icmp
              self._icmp(conf, fd, "FORWARD", reject_type)
@@ -442,7 +442,7 @@ class iptablesClass:
                          port = self._portStr(fwd["toport"])
                      else:
                          port = self._portStr(fwd["port"])
-                    fd.write("-A FORWARD -i %s -m state --state NEW "
+                    fd.write("-A FORWARD -i %s -m conntrack --ctstate NEW "
                               "-m %s -p %s -d %s --dport %s "
                               "-j ACCEPT\n" % (fwd["if"], fwd["proto"],
                                                fwd["proto"], fwd["toaddr"],