diff --git a/.gitignore b/.gitignore
index 194eab89..d2b87e8e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,5 @@
 *~
 #*
 _obj
-*.tmp
\ No newline at end of file
+*.tmp
+.idea
diff --git a/net/net.go b/net/net.go
index 61f9abf0..22533102 100644
--- a/net/net.go
+++ b/net/net.go
@@ -64,6 +64,11 @@ type NetInterfaceStat struct {
 	Addrs        []NetInterfaceAddr `json:"addrs"`
 }
 
+type NetFilterStat struct {
+	ConnTrackCount	int32	`json:"conntrackcount"`
+	ConnTrackMax	int32	`json:"conntrackmax"`
+}
+
 var constMap = map[string]int{
 	"TCP":  syscall.SOCK_STREAM,
 	"UDP":  syscall.SOCK_DGRAM,
diff --git a/net/net_linux.go b/net/net_linux.go
index 51d80913..b12a8fc7 100644
--- a/net/net_linux.go
+++ b/net/net_linux.go
@@ -160,3 +160,33 @@ func NetProtoCounters(protocols []string) ([]NetProtoCountersStat, error) {
 	}
 	return stats, nil
 }
+
+// NetFilterCounters returns iptables conntrack statistics
+// the currently in use conntrack count and the max.
+// If the file does not exist or is invalid it will return nil.
+func NetFilterCounters() (NetFilterStat, error) {
+	countfile := "/proc/sys/net/netfilter/nf_conntrack_count"
+	count, err := common.ReadLines(count)
+	if err != nil {
+		return nil, err
+	}
+
+	maxfile := "/proc/sys/net/netfilter/nf_conntrack_max"
+	max, err := common.ReadLines(maxfile)
+	if err != nil {
+		return nil, err
+	}
+	if len(count) != 1 {
+		// format of file has changed
+		return nil, err
+	}
+	if len(max) != 1 {
+		// format of file has changed
+		return nil, err
+	}
+	stats := NetFilterStat{
+		ConnTrackCount: count,
+		ConnTrackMax:   max,
+	}
+	return stats, nil
+}
diff --git a/net/net_test.go b/net/net_test.go
index 187c320d..0bac45fe 100644
--- a/net/net_test.go
+++ b/net/net_test.go
@@ -196,3 +196,23 @@ func TestNetConnections(t *testing.T) {
 	}
 
 }
+
+func TestNetFilterCounters(t *testing.T) {
+	if ci := os.Getenv("CI"); ci != "" { // skip if test on drone.io
+		return
+	}
+
+	v, err := NetFilterCounters()
+	if err != nil {
+		t.Errorf("could not get NetConnections: %v", err)
+	}
+	if len(v) == 0 {
+		t.Errorf("could not get NetConnections: %v", v)
+	}
+	for _, vv := range v {
+		if vv.ConnTrackMax == 0 {
+			t.Errorf("nf_conntrack_max needs to be greater than zero: %v", vv)
+		}
+	}
+
+}