doc:appunti:linux:sa:nf_conntrack_expect
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| doc:appunti:linux:sa:nf_conntrack_expect [2025/01/10 14:56] – [Shorewall and helpers] niccolo | doc:appunti:linux:sa:nf_conntrack_expect [2025/03/14 10:05] (current) – [Shorewall and helpers] niccolo | ||
|---|---|---|---|
| Line 163: | Line 163: | ||
| In this case the helper is instantiated into the raw table in both PREROUTING and OUTPUT chains. | In this case the helper is instantiated into the raw table in both PREROUTING and OUTPUT chains. | ||
| + | |||
| + | The default **Debian 12 Bookworm** configuration for Shorewall provides a **conntrack** file where helpers are enabled only if the Shorewall **AUTOHELPERS** option is enabled (in '' | ||
| + | |||
| + | ==== Shorewall upgrade from Debian 11 to 12 ==== | ||
| + | |||
| + | In Debian, upgrading to **Shorewall 5.2.8** as per upgrade from **Debian 11 Bullseye** to **Debian 12 Bookworm**, connection tracking protocol helpers are no longer globally enabled by default; use **shorewall-conntrack(5)** or **shorewall-rules(5)** to enable them as appropriate where they are required. | ||
| + | |||
| + | Setting **AUTOHELPERS** to ' | ||
| ===== Web references ===== | ===== Web references ===== | ||
doc/appunti/linux/sa/nf_conntrack_expect.1736517405.txt.gz · Last modified: 2025/01/10 14:56 by niccolo