Hi.
I'm struggling a bit with helpers and can't get them working. I'm using
this simple script from wiki:
#!/usr/sbin/nft -f
table ip ipv4_mangle{
# Helpers
ct helper ftp_std{
type "ftp" protocol tcp
}
# PREROUTING chain in filter hook
chain fl_prerouting{
type filter hook prerouting priority 0;
tcp dport 21 ct helper set "ftp_std"
}
}
When I try to load script to nft, then I get this error:
Error: Could not process rule: No such file or directory
tcp dport 21 ct helper set "ftp_std"
^^^^^^^^^^^^^^^^^^^^^
Just before loading script, I have executed following command: "echo 1 >
/proc/sys/net/netfilter/nf_conntrack_helper"
I'm running nftables 0.8.2 and kernel 4.14.32
I have tried lsmod | grep nf_conntrack_helper and I get nothing, meaning
this module is not loaded. I have investigated a bit, and apparently
nf_conntract_helper is built as a part of kmod-ipt-core which I do not
use. I'm trying to build pure nftables firewall without any iptables
components. On the other hand, I have nf_conntrack_ftp module loaded,
but it does not help.
Where can be the problem? How to use helpers without having iptables
components installed?
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
