conntrack -E -i not allowed?

Pablo Neira Ayuso pablo at
Thu Nov 9 18:10:05 CET 2006

Alan Ezust wrote:
> Thanks for the reply. Ok, I can see how I can generate some IDs, but I first 
> want to make sure i have all of the information I need.
> When I run conntrack, I only see one protocol number. I think it is a layer4 
> protocol (tcp vs udp). If I'm not seeing an l3proto in my output, why might 
> that be?
> udp      17 12 src= dst= sport=54475 dport=53 
> src= dst= sport=53 dport=54475 use=1 mark=0
> tcp      6 420332 ESTABLISHED src= dst= sport=1356 
> dport=5432 src= dst= sport=5432 dport=1356 [ASSURED] 
> use=1 mark=0

Are you using nf_conntrack? If so, l3protonum is not shown yet but it
would not be hard to cook a patch to show it. I'll introduce this change
in the new libnetfilter_conntrack API.

The dawn of the fourth age of Linux firewalling is coming; a time of
great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris

More information about the netfilter mailing list