doc:appunti:linux:sa:nf_conntrack_expect
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| doc:appunti:linux:sa:nf_conntrack_expect [2025/01/10 14:46] – [Shorewall and helpers] niccolo | doc:appunti:linux:sa:nf_conntrack_expect [2025/03/14 10:05] (current) – [Shorewall and helpers] niccolo | ||
|---|---|---|---|
| Line 159: | Line 159: | ||
| < | < | ||
| + | CT: | ||
| </ | </ | ||
| + | In this case the helper is instantiated into the raw table in both PREROUTING and OUTPUT chains. | ||
| - | FIXME ... edit shorewall-conntrack or shorewall-rules. | + | The default **Debian 12 Bookworm** configuration for Shorewall provides a **conntrack** file where helpers are enabled only if the Shorewall **AUTOHELPERS** option is enabled (in '' |
| + | |||
| + | ==== Shorewall upgrade from Debian 11 to 12 ==== | ||
| + | |||
| + | In Debian, upgrading to **Shorewall 5.2.8** as per upgrade from **Debian 11 Bullseye** to **Debian 12 Bookworm**, connection tracking protocol helpers are no longer globally enabled by default; use **shorewall-conntrack(5)** or **shorewall-rules(5)** to enable them as appropriate where they are required. | ||
| + | |||
| + | Setting **AUTOHELPERS** to ' | ||
| ===== Web references ===== | ===== Web references ===== | ||
doc/appunti/linux/sa/nf_conntrack_expect.1736516777.txt.gz · Last modified: 2025/01/10 14:46 by niccolo