diff --git a/neutron/privileged/__init__.py b/neutron/privileged/__init__.py
index f1129a2316b..76eb7080271 100644
--- a/neutron/privileged/__init__.py
+++ b/neutron/privileged/__init__.py
@@ -54,3 +54,11 @@ namespace_cmd = priv_context.PrivContext(
     pypath=__name__ + '.namespace_cmd',
     capabilities=[caps.CAP_SYS_ADMIN]
 )
+
+
+conntrack_cmd = priv_context.PrivContext(
+    __name__,
+    cfg_section='privsep_conntrack',
+    pypath=__name__ + '.conntrack_cmd',
+    capabilities=[caps.CAP_NET_ADMIN]
+)
diff --git a/neutron/privileged/agent/linux/netlink_lib.py b/neutron/privileged/agent/linux/netlink_lib.py
index f330f925a7a..32ea0507d47 100644
--- a/neutron/privileged/agent/linux/netlink_lib.py
+++ b/neutron/privileged/agent/linux/netlink_lib.py
@@ -263,7 +263,7 @@ def _parse_entry(entry, ipversion, zone):
     return tuple(parsed_entry)
 
 
-@privileged.default.entrypoint
+@privileged.conntrack_cmd.entrypoint
 def list_entries(zone):
     """List and parse all conntrack entries in zone
 
@@ -289,7 +289,7 @@ def list_entries(zone):
     return sorted(parsed_entries, key=lambda x: x[3])
 
 
-@privileged.default.entrypoint
+@privileged.conntrack_cmd.entrypoint
 def delete_entries(entries):
     """Delete selected entries