The netfilter.org "conntrack-tools" project
What are the conntrack-tools?
The conntrack-tools are a set of tools targeted at system administrators. They are conntrack, the userspace command line interface, and conntrackd, the userspace daemon. The tool conntrack provides a full featured interface that is intended to replace the old /proc/net/ip_conntrack interface. Using conntrack, you can view and manage the in-kernel connection tracking state table from userspace. On the other hand, conntrackd covers the specific aspects of stateful firewalls to enable highly available scenarios, and can be used as statistics collector as well.
conntrack-tools requires libnetfilter_conntrack,
libnfnetlink and a kernel that features the netnetlink_conntrack
subsystem. For officially released kernels, this means 2.6.14, but we suggest you to use 2.6.18 or later.
- listing the contents of the conntrack table in plain text/XML
- searching for individual entries in the conntrack table
- adding new entries to the conntrack table
- listing entries in the expect table
- adding new entries to the expect table
The conntrack-tools were almost entirely written by Pablo Neira Ayuso.
|
