From e33a69b9de2d1c2736e11fcc4d250b5d3aea16c5 Mon Sep 17 00:00:00 2001
From: "/C=DE/ST=Berlin/L=Berlin/O=Netfilter
 Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org"
 </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org>
Date: Thu, 17 Nov 2005 13:34:51 +0000
Subject: The conntrack match does not print any info for --ctproto, thus
 breaking iptables-restore of any rules using this option.  Below patch adds
 output and closes bug #398. (Phil Oester)

---
 extensions/libipt_conntrack.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/extensions/libipt_conntrack.c b/extensions/libipt_conntrack.c
index 27870b1..cdb86c4 100644
--- a/extensions/libipt_conntrack.c
+++ b/extensions/libipt_conntrack.c
@@ -442,6 +442,13 @@ matchinfo_print(const struct ipt_ip *ip, const struct ipt_entry_match *match, in
 		print_state(sinfo->statemask);
 	}
 
+	if(sinfo->flags & IPT_CONNTRACK_PROTO) {
+		printf("%sctproto ", optpfx);
+        	if (sinfo->invflags & IPT_CONNTRACK_PROTO)
+                	printf("! ");
+		printf("%u ", sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum);
+	}
+
 	if(sinfo->flags & IPT_CONNTRACK_ORIGSRC) {
 		printf("%sctorigsrc ", optpfx);
 
-- 
cgit v1.2.3