[1666206 views]

[]

Odi's astoundingly incomplete notes

New entries | Code

iptables connection tracking helpers

When your kernel tells you this: kernel: nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead.
It really urges you to include this in your iptables configuration:
*raw
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
[0:0] -A PREROUTING -p tcp --dport 21 -j CT --helper ftp
[0:0] -A PREROUTING -p tcp --dport 6667 -j CT --helper irc
[0:0] -A PREROUTING -p tcp --dport 6566 -j CT --helper sane
COMMIT
Required kernel config:
IP_NF_RAW
IP6_NF_RAW
NETFILTER_XT_TARGET_CT
posted on 2013-01-13 12:08 UTC in Code | 0 comments | permalink