Package: nftables Version: 0.7-1 Severity: normal Dear Maintainer, since with recent kernel ct helpers are not automatic, it is required to manually assign them via firewall.
With current combination of nftables and kernel in Debian stretch the approach to setting helpers documented upstream is not supported: https://wiki.nftables.org/wiki-nftables/index.php/Setting_packet_connection_tracking_metainformation So there seem to be no viable nftables analogs to iptables constructs like these: iptables -t raw -A PREROUTING -i lan0 -p tcp -m tcp --dport 1723 -j CT --helper pptp Or at least no documentation available on how to do it, which is bad since migration to nftables is encouraged in stretch. -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (900, 'testing'), (400, 'unstable'), (300, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages nftables depends on: ii dpkg 1.18.23 ii init-system-helpers 1.47 ii libc6 2.24-10 ii libgmp10 2:6.1.2+dfsg-1 ii libmnl0 1.0.4-2 ii libnftnl4 1.0.7-1 ii libreadline7 7.0-2 ii libxtables12 1.6.0+snapshot20161117-6 nftables recommends no packages. nftables suggests no packages. -- Configuration Files: /etc/nftables.conf changed [not included] -- debconf-show failed
