On Thursday 2010-09-23 21:20, Mr Dash Four wrote: > >> `./conntrack -L` is then what you use to test the changes. > >Have I missed something? Are you actually suggesting that in order for me to >see the new secmark changes (SELinux context shown in its full text glory >instead of that useless number) I have to install conntrack-utils and use >conntrack (the executable)? > >What happens to the new /nf(s)_conntrack If anything, secmark=x be removed. Abusing procfs is deprecated. No userspace program depends on it. >and iptables -L? As was said earlier (by Eric?), the secmark/u32 value is useless and that secname (aka. selctx) should only ever be used. That is already the case with x_tables. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html