automatic helper assignment is deprecated and it will be removed soon

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,
 This message is now appearing on some of our servers..
google is full of much info, and confusion.

I understand it to be
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
becomes
iptables -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT

with new rules to add being
-A FORWARD -m conntrack --ctstate RELATED -m helper --helper ftp -p
tcp --dport 21 -j ACCEPT

then some sites talk about
 -A PREROUTING -t raw -p tcp --dport 21 -j CT --helper ftp

So, does removal of ESTABLISHED on original rules, now mean we need
one of, of both of, these new rules?

I tried on our IRC server, but it balked with ip6tables  at xt_CT: No
such helper "irc"
same command with iptables seemed to take..

What is the correct way to replace this ESTABLISED since nf_conntrack
will soon be removed

Are they even needed anymore?  (I think irc helper is only needed for dcc etc)
 is FTP still  needed for ftp?

WTF kernel TINKERERS cant leave things alone i'll never know.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux