| title: | Re conntrack E i not allowed |
|
Alan Ezust wrote:
Thanks for the reply. Ok, I can see how I can generate some IDs, but I first
want to make sure i have all of the information I need.
When I run conntrack, I only see one protocol number. I think it is a layer4
protocol (tcp vs udp). If Im not seeing an l3proto in my output, why might
that be?
udp 17 12 src=10.10.201.2 dst=204.174.64.1 sport=54475 dport=53
src=204.174.64.1 dst=209.53.156.2 sport=53 dport=54475 use=1 mark=0
tcp 6 420332 ESTABLISHED src=10.10.100.3 dst=10.10.1.22 sport=1356
dport=5432 src=10.10.1.22 dst=10.10.100.3 sport=5432 dport=1356 [ASSURED]
use=1 mark=0
Are you using nf_conntrack? If so, l3protonum is not shown yet but it
would not be hard to cook a patch to show it. Ill introduce this change
in the new libnetfilter_conntrack API.
--
The dawn of the fourth age of Linux firewalling is coming; a time of
great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris
|
