summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--extensions/libxt_conntrack.c2
-rw-r--r--extensions/libxt_conntrack.txlate3
2 files changed, 3 insertions, 2 deletions
diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c
index 1817d335..6f350393 100644
--- a/extensions/libxt_conntrack.c
+++ b/extensions/libxt_conntrack.c
@@ -1257,8 +1257,6 @@ static int _conntrack3_mt_xlate(struct xt_xlate *xl,
}
if (sinfo->match_flags & XT_CONNTRACK_STATUS) {
- if (sinfo->status_mask == 1)
- return 0;
xt_xlate_add(xl, "%sct status %s", space,
sinfo->invert_flags & XT_CONNTRACK_STATUS ?
"!= " : "");
diff --git a/extensions/libxt_conntrack.txlate b/extensions/libxt_conntrack.txlate
index e35d5ce8..8a3d0181 100644
--- a/extensions/libxt_conntrack.txlate
+++ b/extensions/libxt_conntrack.txlate
@@ -28,6 +28,9 @@ nft add rule ip filter INPUT ct reply daddr 10.100.2.131 counter accept
iptables-translate -t filter -A INPUT -m conntrack --ctproto tcp --ctorigsrcport 443:444 -j ACCEPT
nft add rule ip filter INPUT ct original protocol 6 ct original proto-src 443-444 counter accept
+iptables-translate -t filter -A INPUT -m conntrack --ctstatus EXPECTED -j ACCEPT
+nft add rule ip filter INPUT ct status expected counter accept
+
iptables-translate -t filter -A INPUT -m conntrack ! --ctstatus CONFIRMED -j ACCEPT
nft add rule ip filter INPUT ct status != confirmed counter accept