| 1 |
I'm trying to bone up on netfilter, iptables, conntrack etc etc. |
| 2 |
|
| 3 |
Using the howto at: |
| 4 |
http://gentoo-wiki.com/HOWTO_Iptables_and_stateful_firewalls#Firewall_design_basics |
| 5 |
|
| 6 |
Early on after describing how to generate a netfilter enabled kernel, |
| 7 |
the author has this to say: |
| 8 |
|
| 9 |
"If you've already rebooted and are using your new netfilter-enabled |
| 10 |
kernel, you can view a list of active network connections that your |
| 11 |
machine is participating in by typing |
| 12 |
|
| 13 |
"cat /proc/net/ip_conntrack" |
| 14 |
|
| 15 |
Even with no firewall configured, Linux's conntrack functionality is |
| 16 |
working behind the scenes, keeping track of the connections that your |
| 17 |
machine is participating in" |
| 18 |
|
| 19 |
That file is not present on my setup. I'm guessing it may have been |
| 20 |
renamed since the howto was written... maybe to `nf_conntrack'. But in |
| 21 |
the files listed in /proc/net... I don't see the behavior described. |
| 22 |
|
| 23 |
Maybe someone can tell me what has changed or what is missing... |
| 24 |
|
| 25 |
ls /proc/net: |
| 26 |
|
| 27 |
arp ip_tables_matches netlink ptype |
| 28 |
softnet_stat |
| 29 |
arp_tables_matches ip_tables_names netstat raw |
| 30 |
stat |
| 31 |
arp_tables_names ip_tables_targets nf_conntrack route |
| 32 |
tcp |
| 33 |
arp_tables_targets ipt_hashlimit nf_conntrack_expect rt_acct |
| 34 |
udp |
| 35 |
dev ipt_recent packet rt_cache |
| 36 |
udplite |
| 37 |
dev_mcast mcfilter pnp snmp |
| 38 |
unix |
| 39 |
igmp netfilter protocols sockstat |
| 40 |
|
| 41 |
-- |
| 42 |
gentoo-user@l.g.o mailing list |
Archives