Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

nf_conntrack: automatic helper assignment is deprecated
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
FizzyWidget
Veteran
Veteran


Joined: 21 Nov 2008
Posts: 1133
Location: 127.0.0.1
PostPosted: Tue Dec 18, 2012 9:45 am    Post subject: nf_conntrack: automatic helper assignment is deprecated Reply with quote
Quote:
nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead.


Is the message I am seeing, and seeing as I know little to nothing about iptables, and google isn't being of much use, I was wondering if someone here might know what this means and how I can correct it
_________________
I know 43 ways to kill with a SKITTLE, so taste my rainbow bitch.
Back to top
View user's profile Send private message
hydrapolic
Tux's lil' helper
Tux's lil' helper


Joined: 07 Feb 2008
Posts: 126
PostPosted: Tue Dec 18, 2012 3:36 pm    Post subject: Reply with quote
I think this has something to do with state module being obsoleted by conntrack.

conntrack:
This module, when combined with connection tracking, allows access to the connection tracking state for this packet/connection.

state:
The "state" module is an obsolete version of "conntrack". "state" allows access to the connection tracking state for this packet.

Since CONFIG_NETFILTER_XT_MATCH_STATE is by default included in the kernel, this can trigger the warning you are seeing. If you use iptables, enable the conntrack module and rewrite your rules and/or remove the state module from iptables.
Back to top
View user's profile Send private message
bxm
n00b
n00b


Joined: 23 May 2013
Posts: 1
PostPosted: Thu May 23, 2013 5:58 pm    Post subject: Reply with quote
I'm also receiving the same message.
According to https://home.regit.org/netfilter-en/secure-use-of-helpers/, the helper is a security risk and can disabled in the /proc (> kernels 3.5) by executing :
echo 0 > /proc/sys/net/netfilter/nf_conntrack_helper
(or by appending to /etc/sysctl.conf: net.netfilter.nf_conntrack_helper = 0)

If nf_conntract is configured as a module, it can be loaded with the helper disabled:
modprobe nf_conntrack nf_conntrack_helper=0

Otherwise, if the module is built in the kernel, according to http://wiki.soekris.info/Gentoo_3.6.6, it can be disabled in grub by appending to the kernel options:
nf_conntrack.nf_conntrack_helper=0
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy