How to fix nf_conntrack: automatic helper assignment is deprecated and it will be removed soon

More info here:

Since Linux 3.5, it is possible to desactivate the automatic conntrack helper assignment. This can be done when loading the nf_conntrack module

modprobe nf_conntrack nf_conntrack_helper=0

This can also be done after the module is loading by using a /proc entry

echo 0 > /proc/sys/net/netfilter/nf_conntrack_helper

By doing this, the following modules will be deactivated on all flows by default:

  • ftp
  • irc
  • sane
  • sip
  • tftp

https://home.regit.org/netfilter-en/secure-use-of-helpers/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s