Odi's astoundingly incomplete notes
New entries | Codeiptables connection tracking helpers
When your kernel tells you this:
It really urges you to include this in your iptables configuration:
IP_NF_RAW
IP6_NF_RAW
NETFILTER_XT_TARGET_CT
kernel: nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead. It really urges you to include this in your iptables configuration:
*raw :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] [0:0] -A PREROUTING -p tcp --dport 21 -j CT --helper ftp [0:0] -A PREROUTING -p tcp --dport 6667 -j CT --helper irc [0:0] -A PREROUTING -p tcp --dport 6566 -j CT --helper sane COMMITRequired kernel config:
IP_NF_RAW
IP6_NF_RAW
NETFILTER_XT_TARGET_CT
Add comment