netfilter project logo
home | download | git | lists | bugzilla | workshop | patchwork | wiki
About
Coreteam
History
License
Thanks
PGP key
Projects
iptables
nftables
libnftnl
libnfnetlink
libnetfilter_acct
libnetfilter_log
libnetfilter_queue
libnetfilter_conntrack
libnetfilter_cttimeout
libnetfilter_cthelper
conntrack-tools
Downloads
libmnl
nfacct
ipset
ulogd
xtables-addons
News
iptables 1.8.11 released
nftables 1.1.1 released
libnftnl 1.2.8 released
libnetfilter_conntrack 1.1.0 released
nftables 1.1.0 released
libnftnl 1.2.7 released
Arturo Borrero enters emeritus
Eric Leblond enters emeritus
nftables 1.0.9 released
iptables 1.8.10 released
conntrack-tools 1.4.8 released
nftables 1.0.8 released
libnftnl 1.2.6 released
nftables 1.0.7 released
libnftnl 1.2.5 released
iptables 1.8.9 released
nftables 1.0.6 released
libnftnl 1.2.4 released
ulogd 2.0.8 released
conntrack-tools 1.4.7 released
nftables 1.0.5 released
libnftnl 1.2.3 released
nftables 1.0.4 released
libnftnl 1.2.2 released
nftables 1.0.3 released
iptables 1.8.8 released
libnetfilter_cttimeout 1.0.1 released
libnetfilter_cthelper 1.0.1 released
libmnl 1.0.5 released
libnfnetlink 1.0.2 released
nftables 1.0.2 released
libnetfilter_conntrack 1.0.9 released
settlement with Patrick McHardy
Documentation
Mailing Lists
List Rules
netfilter-announce list
netfilter list
netfilter-devel list
Contact
Licensing
GPL licensing terms
GPL compliance FAQ
Supporting netfilter

The netfilter.org "conntrack-tools" project

What are the conntrack-tools?

The conntrack-tools are a set of tools targeted at system administrators. They are conntrack, the userspace command line interface, and conntrackd, the userspace daemon. The tool conntrack provides a full featured interface that is intended to replace the old /proc/net/ip_conntrack interface. Using conntrack, you can view and manage the in-kernel connection tracking state table from userspace. On the other hand, conntrackd covers the specific aspects of stateful firewalls to enable highly available scenarios, and can be used as statistics collector as well.

Since 1.2.0, the conntrack-tools includes the nfct command line utility. This utility only supports the nfnetlink_cttimeout by now. In the long run, we expect that it will replace conntrack by providing a syntax similar to nftables.

Documentation

conntrack-tools homepage

The conntrack-tools have its own homepage.

Dependencies

conntrack-tools requires libnetfilter_conntrack, libnfnetlink, libmnl, libnetfilter_cttimeout and a kernel that features the nf_conntrack_netlink subsystem. For officially released kernels, this means 2.6.14, but we suggest you to use 2.6.18 or later. To support the nfnetlink_cttimeout subsystem, you will have to install 3.4.0 or later. To support the nfnetlink_cthelper subsystem, you require 3.6.0 or later.

Main Features

  • listing the contents of the conntrack table in plain text/XML
  • searching for individual entries in the conntrack table
  • adding new entries to the conntrack table
  • listing entries in the expect table
  • adding new entries to the expect table
  • adding/deleting/updating connection tracking timeout policies

Git Tree

The current development version of conntrack-tools can be accessed at https://git.netfilter.org/conntrack-tools/.

Authors

The conntrack-tools were almost entirely written by Pablo Neira Ayuso.


Copyright © 1999-2024 The Netfilter webmasters . Contact webmaster