Hi, This message is now appearing on some of our servers.. google is full of much info, and confusion. I understand it to be iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT becomes iptables -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT with new rules to add being -A FORWARD -m conntrack --ctstate RELATED -m helper --helper ftp -p tcp --dport 21 -j ACCEPT then some sites talk about -A PREROUTING -t raw -p tcp --dport 21 -j CT --helper ftp So, does removal of ESTABLISHED on original rules, now mean we need one of, of both of, these new rules? I tried on our IRC server, but it balked with ip6tables at xt_CT: No such helper "irc" same command with iptables seemed to take.. What is the correct way to replace this ESTABLISED since nf_conntrack will soon be removed Are they even needed anymore? (I think irc helper is only needed for dcc etc) is FTP still needed for ftp? WTF kernel TINKERERS cant leave things alone i'll never know. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
