The conntrack match does not print any info for --ctproto, thus
breaking iptables-restore of any rules using this option.  Below
patch adds output and closes bug #398.

Phil