toml <toml@xxxxxxx> wrote:
> After updating my server from Bullseye to Bookworm I noticed that my
> NFT rules seem to be causing problems lately. Upon closer inspection,
> the running process came to a virtual halt with a kernel-panic-message
> in the journal.
Please report this panic message.
> # ls /proc/sys/net/netfilter/net.netfilter.nf_conntrack_helper
> ls: File not found
>
> I cannot enable the conntrack-helper with '1'.
This workaround was removed.
You need to assign the helper to use in your nftables ruleset.
ct helper ftp-standard {
type "ftp" protocol tcp
}
And then, from a prerouting chain:
tcp dport 21 ct helper set "ftp-standard"
You might need to do this from output too if you need
this to work from the machine itself as well.
