[Shorewall-users] nf_conntrack automatic helper assignment

Discussion:

KP.Kirchdoerfer

2017-07-11 15:18:40 UTC

Hi all;

Things have changed recently... and I see the error:

nf_conntrack: default automatic helper assignment has been turned off for
security reasons and CT-based firewall rule not found. Use the iptables CT
target to attach helpers instead.

Is there an easy (aka shorewall) way to solve this issue?

Sorry if I have missed a discussion of this issue before.

kp

Tom Eastep

2017-07-11 17:01:54 UTC

Permalink

Post by KP.Kirchdoerfer
Hi all;
nf_conntrack: default automatic helper assignment has been turned off for
security reasons and CT-based firewall rule not found. Use the iptables CT
target to attach helpers instead.
Is there an easy (aka shorewall) way to solve this issue?
Sorry if I have missed a discussion of this issue before.

Hi KP,

Check out http://www.shorewall.org/Helpers.html.

-Tom

--
Tom Eastep \ Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \ understand
\_______________________________________________

KP.Kirchdoerfer

2017-07-11 17:33:49 UTC

Permalink

Am Dienstag, 11. Juli 2017, 18:59:45 schrieb Benny Pedersen via Shorewall-

Post by KP.Kirchdoerfer
Is there an easy (aka shorewall) way to solve this issue?

provide shorewall version and iptable version could help us more to help
you :=)

of course :)

shorewall[6] 5.1.5
iptables: 1.4.21
kernel 4.9.36

i dont se this problem with gentoo here

kind regards kp