Le 11/02/2017 à 23:13, Robert White a écrit :
I think I read somewhere that the as of Kernel 4.7 the connection tracker no longer _automatically_ loads the helper module.
AFAIK, the connection tracking never loaded any protocol helper module automatically.
What has changed in recent kernels is that by default the helper is no more automatically associated to the "master" connection. You must do so explicitly with the 'CT' target, or change the default setting with some sysctl or module parameter I forgot about.
I fail to retrieve the information page I had read about this change, but this one contains useful information :
<https://home.regit.org/netfilter-en/secure-use-of-helpers/> -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
