Public bug reported: When using the --ctproto option of the libxt_conntrack iptables module, whatever you pass as the layer4 protocol, it's always recorded as 0.
This this in fact this known bug : http://marc.info/?l=netfilter-devel&m=131392499328928&w=2 Clean patch is available on netfilter git repos : http://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=bca5b9afbe4b3823989f1e78f178203eb3bfa37d Applaying this patch fixed this, and allow to use --ctproto again. Please apply it ! Thanks ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: iptables 1.4.12-1ubuntu4 ProcVersionSignature: Ubuntu 3.2.0-26.41-generic-pae 3.2.19 Uname: Linux 3.2.0-26-generic-pae i686 ApportVersion: 2.0.1-0ubuntu8 Architecture: i386 Date: Tue Jul 3 11:50:26 2012 InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release i386 (20120423.2) ProcEnviron: LANGUAGE= TERM=xterm-256color LANG=fr_FR.UTF-8 SHELL=/bin/bash SourcePackage: iptables UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: iptables (Ubuntu) Importance: Undecided Status: New ** Tags: apport-bug i386 precise -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1020490 Title: iptables has broken libxt_conntrack: --ctproto always 0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1020490/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs