From 2e6020d28e20bb8504dc69418a0e52572feffe01 Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Mon, 19 Nov 2018 15:01:31 -0800
Subject: [PATCH] Don't recognize flag that's not valid
 https://github.com/webmin/webmin/issues/948

---
 firewall/firewall-lib.pl | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/firewall/firewall-lib.pl b/firewall/firewall-lib.pl
index 6f82c1bad..1d6cd2853 100755
--- a/firewall/firewall-lib.pl
+++ b/firewall/firewall-lib.pl
@@ -240,11 +240,12 @@ return @rv;
 sub describe_rule
 {
 local (@c, $d);
+my $sd = &supports_conntrack() ? "ctstate" : "state";
 foreach $d ('p', 's', 'd', 'i', 'o', 'f', 'dport',
 	    'sport', 'tcp-flags', 'tcp-option',
 	    'icmp-type', 'icmpv6-type', 'mac-source', 'limit', 'limit-burst',
 	    'ports', 'uid-owner', 'gid-owner',
-	    'pid-owner', 'sid-owner', 'state', 'ctstate', 'tos',
+	    'pid-owner', 'sid-owner', $sd, 'tos',
 	    'dports', 'sports', 'physdev-in', 'physdev-out', 'args') {
 	if ($_[0]->{$d}) {