How to see firewall state table

panks21 · May 28, 2022, 1:38pm

Hi
I recently started using VyOS in my homelab. Currently running 1.4-rolling version. Earlier on the Ubiquiti Edgerouter, I used to check the state table with command “show conntrack table ipv4” but this command doesn’t seem to work on the native VyOS.
Need some guidance.

The output from Edgerouter is as below for reference

show conntrack table ipv4 | match ES
TCP state codes: SS - SYN SENT, SR - SYN RECEIVED, ES - ESTABLISHED,
2315141632 192.168.155.46:53393   52.23.132.38:443       tcp [6] ES       7433                
2232049408 192.168.155.46:52854   20.197.71.89:443       tcp [6] ES       6258                
2234923520 192.168.155.45:54407   17.57.145.116:5223     tcp [6] ES       7155                
2382913536 192.168.155.49:52186   104.108.231.229:443    tcp [6] ES       7435                
2233082368 192.168.155.40:47688   52.98.58.50:443        tcp [6] ES       7050                
2356425472 192.168.155.46:53409   8.36.116.91:443        tcp [6] ES       7439                
2212756480 192.168.155.46:52853   20.197.71.89:443       tcp [6] ES       6259                
2234921728 192.168.155.41:62881   17.57.145.117:5223     tcp [6] ES       7368                
2382913792 192.168.155.49:52191   157.240.198.60:443     tcp [6] ES       7436                
2319441664 192.168.155.44:58726   52.221.96.120:5223     tcp [6] ES       7408

n.fort · May 28, 2022, 1:43pm

sudo conntrack -L will print out all contrack entries. Add -f ipv4 for ipv4 filtering

panks21 · May 28, 2022, 1:48pm

Thanks for the quick response. sudo conntrack -L definitely works. Couldn’t find this in documentation post multiple google search
Though I do see the some documentation here

What is the purpose of conntrack-sync?
I tried configure it but it never commits successfully. I have a single router with two VLANs and static IP as internet connection

n.fort · May 28, 2022, 1:51pm

It’s used when more than one routers are used. Not applicable in your case.

n.fort · May 28, 2022, 1:52pm

You can find more options for conntrack command here: conntrack manual

p252 · May 29, 2022, 2:57pm

A bit confused on this one. ‘show conntrack table ipv4’ works on my VyOS 1.3. Has this command been removed in VyOS 1.4?

panks21 · May 29, 2022, 3:12pm

WoW. This is interesting. I didn’t know it existed on 1.3

n.fort · May 29, 2022, 4:56pm

T4145

system · May 31, 2022, 4:57pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.