Martin Zaharinov <micron10@xxxxxxxxx> wrote:
> Huh
> Very strange in kernel 6.0.0 i not found : net.netfilter.nf_conntrack_helper
>
>
> in old kernel 5.19.14 in sysctl -a | grep net.netfilter.nf_conntrack_helper
>
> net.netfilter.nf_conntrack_helper = 1
Yes, so this is expected -- 6.0.0 should behave like 5.19.14 with
net.netfilter.nf_conntrack_helper=0.
You need something like:
table inet foo {
ct helper pptp {
type "pptp" protocol tcp
l3proto ip
}
chain prerouting {
type filter hook prerouting priority filter; policy accept;
tcp dport 1723 ct helper set "pptp"
}
}
... so that the helper will start processing traffic on the pptp control port.
You might want to refine the rule a big, e.g.
'iifname ppp*' or similar, to restrict/limit the helper to those clients that need
it.
