View Full Version : Warning: The State Match is Obsolete Use conntrack instead.

29-Aug-2015, 13:17
I have just installed a SLES11SP4 server after a very frustrating episode with SLES12. It was a clean install, and I have used YAST to set up the firewall. I now get a number of warning messages every time I boot the system (Warning: The state match is obsolete, Use conntrack instead). I have always used YAST to set up the firewall, and have never had this problem until now. Anyone got any ideas how to resolve this issue as I assumed that YAST would not contribute to such issues.

Also, I had a redundant network card in the server, which I physically removed, hoping this might help out the situation. I now have a situation where this card is not now visible to the system, but still appears in the YAST firewall configuration as an available interface. I have noticed this in the past, and it has not caused any problems, but someone may know how to remove this card from the firewall settings.

Many thanks,


31-Aug-2015, 11:31
Hi ChasR,

> but someone may know how to remove this card from the firewall settings

have you checked for a stale "/etc/sysconfig/network/ifcfg-*" file?

> Warning: The state match is obsolete, Use conntrack instead

"conntrack" replaced "-m state" some time ago, probably SLES11SP4 ships with the new modules that reflect this change, and the firewall scripts were not adopted as this is only a warning? If possible, you should raise a service request with SUSE on this issue.


02-Sep-2015, 11:54
Thanks for your reply. You have just confirmed my initial thoughts. rather than wait for changes to be made, I will dig in and make them myself. Regarding the other problem, I have already searched all the files where you suggested and found no mention of the redundant eth3. I have looked through some of the firewall files, and can still not find where this removed card is being picked up from. Perhaps someone may have some thoughts on this.