diff --git a/volatility/plugins/linux/common.py b/volatility/plugins/linux/common.py
index efe68cb20..cfd8736ef 100644
--- a/volatility/plugins/linux/common.py
+++ b/volatility/plugins/linux/common.py
@@ -76,20 +76,33 @@ def register_options(config):
         config.add_option("VIRTUAL_SHIFT", type = 'int', default = 0, help = "Linux kernel virtual shift address")
 
     def is_known_address(self, addr, modules):
+        return self.is_known_address_name(addr, modules)[0]
+
+    def is_known_address_name(self, addr, modules):
         addr = int(addr)
 
         text = self.profile.get_symbol("_text")
         etext = self.profile.get_symbol("_etext")
 
-        return (self.addr_space.address_compare(addr, text) != -1 and self.addr_space.address_compare(addr, etext) == -1) or self.address_in_module(addr, modules)
+        found = True
+
+        if self.address_in_range(addr, text, etext):
+            module = "[%s]" % (self.profile.get_symbol_by_address("kernel", addr) or "kernel")
+        else:
+            module = self.address_in_module(addr, modules)
+            if not module:
+                found = False
+                module = ""
+
+        return (found, module)
 
     def address_in_module(self, addr, modules):
-    
-        for (_, start, end) in modules:
-            if self.addr_space.address_compare(addr, start) != -1 and self.addr_space.address_compare(addr, end) == -1:
-                return True
-    
-        return False
+        for (module, start, end) in modules:
+            if self.address_in_range(addr, start, end):
+                return module
+
+    def address_in_range(self, addr, start, end):
+        return self.addr_space.address_compare(addr, start) != -1 and self.addr_space.address_compare(addr, end) == -1
 
     def verify_ops(self, ops, op_members, modules):
         ops_addr = ops.v()        
diff --git a/volatility/plugins/linux/netfilter.py b/volatility/plugins/linux/netfilter.py
index e019ea58e..afc6e5336 100644
--- a/volatility/plugins/linux/netfilter.py
+++ b/volatility/plugins/linux/netfilter.py
@@ -39,49 +39,44 @@ def calculate(self):
         linux_common.set_plugin_members(self)
 
         hook_names = ["PRE_ROUTING", "LOCAL_IN", "FORWARD", "LOCAL_OUT", "POST_ROUTING"]
-        proto_names = ["", "", "IPV4", "", "", "", "", "", "", "", "" , "", "", ""]
+        proto_names = ["UNSPEC", "INET", "IPV4", "ARP", "", "NETDEV", "", "BRIDGE", "", "", "IPV6" , "", "DECNET"]
+        NF_MAX_HOOKS = 8
 
-        # struct list_head nf_hooks[NFPROTO_NUMPROTO][NF_MAX_HOOKS]
-        # NFPROTO_NUMPROTO = 12
-        # NF_MAX_HOOKS = 7
-     
         nf_hooks_addr = self.addr_space.profile.get_symbol("nf_hooks")
-
         if nf_hooks_addr == None:
             debug.error("Unable to analyze NetFilter. It is either disabled or compiled as a module.")
 
-        modules  = linux_lsmod.linux_lsmod(self._config).get_modules()
+        modules = linux_lsmod.linux_lsmod(self._config).get_modules()
          
         list_head_size = self.addr_space.profile.get_obj_size("list_head")
         
-        for outer in range(13):
-            arr = nf_hooks_addr + (outer * (list_head_size * 8))
+        for proto_idx, proto_name in enumerate(proto_names):
+            arr = nf_hooks_addr + (proto_idx * (list_head_size * NF_MAX_HOOKS))
            
-            for inner in range(7):
-                list_head = obj.Object("list_head", offset = arr + (inner * list_head_size), vm = self.addr_space)
+            for hook_idx, hook_name in enumerate(hook_names):
+                list_head = obj.Object("list_head", offset = arr + (hook_idx * list_head_size), vm = self.addr_space)
         
                 for hook_ops in list_head.list_of_type("nf_hook_ops", "list"):
-                    if self.is_known_address(hook_ops.hook.v(), modules):
-                        hooked = "False"
-                    else:
-                        hooked = "True"
+                    found, module = self.is_known_address_name(hook_ops.hook.v(), modules) 
+                    hooked = "False" if found else "True"
 
-                    yield proto_names[outer], hook_names[inner], hook_ops.hook.v(), hooked
+                    yield proto_name, hook_name, hook_ops.hook.v(), hooked, module
 
     def unified_output(self, data):
         return TreeGrid([("Proto", str),
                        ("Hook", str),
                        ("Handler", Address),
-                       ("IsHooked", str)],
+                       ("IsHooked", str),
+                       ("Module", str)],
                         self.generator(data))
 
     def generator(self, data):
-        for outer, inner, hook_addr, hooked in data:
-            yield (0, [str(outer), str(inner), Address(hook_addr), str(hooked)])
+        for proto_name, hook_name, hook_addr, hooked, module in data:
+            yield (0, [str(proto_name), str(hook_name), Address(hook_addr), str(hooked), str(module)])
 
     def render_text(self, outfd, data):
-        self.table_header(outfd, [("Proto", "5"), ("Hook", "16"), ("Handler", "[addrpad]"), ("Is Hooked", "5")])
+        self.table_header(outfd, [("Proto", "10"), ("Hook", "16"), ("Handler", "[addrpad]"), ("Is Hooked", "5"), ("Module", "30")])
 
-        for outer, inner, hook_addr, hooked in data:
-            self.table_row(outfd, outer, inner, hook_addr, hooked)
+        for proto_name, hook_name, hook_addr, hooked, module in data:
+            self.table_row(outfd, proto_name, hook_name, hook_addr, hooked, module)