diff --git a/net/bcp38/Makefile b/net/bcp38/Makefile
index 4677a29729..c62aed87e0 100644
--- a/net/bcp38/Makefile
+++ b/net/bcp38/Makefile
@@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bcp38
 PKG_VERSION:=5
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 PKG_LICENCE:=GPL-3.0+
 
 include $(INCLUDE_DIR)/package.mk
diff --git a/net/bcp38/files/run.sh b/net/bcp38/files/run.sh
index 00d50342e0..736ea52c63 100755
--- a/net/bcp38/files/run.sh
+++ b/net/bcp38/files/run.sh
@@ -72,9 +72,9 @@ setup_iptables()
 	iptables -N "$IPTABLES_CHAIN" 2>/dev/null
 	iptables -F "$IPTABLES_CHAIN" 2>/dev/null
 
-	iptables -I output_rule -m state --state NEW -j "$IPTABLES_CHAIN"
-	iptables -I input_rule -m state --state NEW -j "$IPTABLES_CHAIN"
-	iptables -I forwarding_rule -m state --state NEW -j "$IPTABLES_CHAIN"
+	iptables -I output_rule -m conntrack --ctstate NEW -j "$IPTABLES_CHAIN"
+	iptables -I input_rule -m conntrack --ctstate NEW -j "$IPTABLES_CHAIN"
+	iptables -I forwarding_rule -m conntrack --ctstate NEW -j "$IPTABLES_CHAIN"
 
 	# always accept DHCP traffic
 	iptables -A "$IPTABLES_CHAIN" -p udp --dport 67:68 --sport 67:68 -j RETURN
@@ -90,9 +90,9 @@ destroy_ipset()
 
 destroy_iptables()
 {
-	iptables -D output_rule -m state --state NEW -j "$IPTABLES_CHAIN" 2>/dev/null
-	iptables -D input_rule -m state --state NEW -j "$IPTABLES_CHAIN" 2>/dev/null
-	iptables -D forwarding_rule -m state --state NEW -j "$IPTABLES_CHAIN" 2>/dev/null
+	iptables -D output_rule -m conntrack --ctstate NEW -j "$IPTABLES_CHAIN" 2>/dev/null
+	iptables -D input_rule -m conntrack --ctstate NEW -j "$IPTABLES_CHAIN" 2>/dev/null
+	iptables -D forwarding_rule -m conntrack --ctstate NEW -j "$IPTABLES_CHAIN" 2>/dev/null
 	iptables -F "$IPTABLES_CHAIN" 2>/dev/null
 	iptables -X "$IPTABLES_CHAIN" 2>/dev/null
 }