https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=a9006892643a8f4e885b692de0708bcb35a7d530 netfilter: nf_ct_helper: allow to disable automatic helper assignment
This patch allows you to disable automatic conntrack helper lookup based on TCP/UDP ports, eg. echo 0 > /proc/sys/net/netfilter/nf_conntrack_helper [ Note: flows that already got a helper will keep using it even if automatic helper assignment has been disabled ] Once this behaviour has been disabled, you have to explicitly use the iptables CT target to attach helper to flows. There are good reasons to stop supporting automatic helper assignment, for further information, please read: http://www.netfilter.org/news.html#2012-04-03 This patch also adds one message to inform that automatic helper assignment is deprecated and it will be removed soon (this is spotted only once, with the first flow that gets a helper attached to make it as less annoying as possible). https://home.regit.org/netfilter-en/secure-use-of-helpers/ -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1556419 Title: nf_conntrack: automatic helper assignment is deprecated Status in iptables package in Ubuntu: New Status in linux package in Ubuntu: Confirmed Bug description: Get this logged into journalctl (since a moment): kernel: nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-13-generic 4.4.0-13.29 ProcVersionSignature: Ubuntu 4.4.0-13.29-generic 4.4.5 Uname: Linux 4.4.0-13-generic x86_64 NonfreeKernelModules: nvidia_uvm nvidia_modeset nvidia ApportVersion: 2.20-0ubuntu3 Architecture: amd64 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/controlC1: oem 1942 F.... pulseaudio /dev/snd/pcmC0D0p: oem 1942 F...m pulseaudio /dev/snd/controlC0: oem 1942 F.... pulseaudio CurrentDesktop: GNOME Date: Sat Mar 12 14:52:09 2016 HibernationDevice: RESUME=UUID=0a9ca7f0-6eeb-4b21-b70f-670fa600de16 IwConfig: eth0 no wireless extensions. eth1 no wireless extensions. lo no wireless extensions. Lsusb: Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 003 Device 002: ID 046d:c062 Logitech, Inc. M-UAS144 [LS1 Laser Mouse] Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub MachineType: ASUSTEK COMPUTER INC P5W DH Deluxe ProcFB: ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-13-generic root=UUID=7c755ed6-51cc-4b75-88ac-9c75acf82749 ro RelatedPackageVersions: linux-restricted-modules-4.4.0-13-generic N/A linux-backports-modules-4.4.0-13-generic N/A linux-firmware 1.156 RfKill: SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 07/22/2010 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: 3002 dmi.board.asset.tag: To Be Filled By O.E.M. dmi.board.name: P5W DH Deluxe dmi.board.vendor: ASUSTeK Computer INC. dmi.board.version: Rev 1.xx dmi.chassis.asset.tag: Asset-1234567890 dmi.chassis.type: 3 dmi.chassis.vendor: Chassis Manufacture dmi.chassis.version: Chassis Version dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr3002:bd07/22/2010:svnASUSTEKCOMPUTERINC:pnP5WDHDeluxe:pvrSystemVersion:rvnASUSTeKComputerINC.:rnP5WDHDeluxe:rvrRev1.xx:cvnChassisManufacture:ct3:cvrChassisVersion: dmi.product.name: P5W DH Deluxe dmi.product.version: System Version dmi.sys.vendor: ASUSTEK COMPUTER INC To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1556419/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
