Re: Nftables + ALG + Linux 6.1.0-10-amd64 …?... is it a kown Problem?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Florian Westphal <fw@strlen.de>
To: toml <toml@thlu.de>
Cc: netfilter@vger.kernel.org
Subject: Re: Nftables + ALG + Linux 6.1.0-10-amd64 …?... is it a kown Problem?
Date: Mon, 31 Jul 2023 15:36:08 +0200	[thread overview]
Message-ID: <20230731133608.GA21425@breakpoint.cc> (raw)
In-Reply-To: <51c40f7943609435e914c4f1fd43a98e6c579b83.camel@mail>

toml <toml@thlu.de> wrote:
> After updating my server from Bullseye to Bookworm I noticed that my
> NFT rules seem to be causing problems lately. Upon closer inspection,
> the running process came to a virtual halt with a kernel-panic-message
> in the journal.

Please report this panic message.

> # ls /proc/sys/net/netfilter/net.netfilter.nf_conntrack_helper
>     ls: File not found
> 
> I cannot enable the conntrack-helper with '1'.

This workaround was removed.

You need to assign the helper to use in your nftables ruleset.

ct helper ftp-standard {
    type "ftp" protocol tcp
}

And then, from a prerouting chain:

tcp dport 21 ct helper set "ftp-standard"

You might need to do this from output too if you need
this to work from the machine itself as well.

next prev parent reply	other threads:[~2023-07-31 13:36 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-07-31  7:57 Nftables + ALG + Linux 6.1.0-10-amd64 …?... is it a kown Problem? toml
2023-07-31 13:36 ` Florian Westphal [this message]
2023-08-01 14:20   ` toml
2023-08-01 20:11     ` Florian Westphal
2023-08-02  7:27       ` toml
2023-08-03 12:35       ` toml
2023-08-03 13:47         ` Florian Westphal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230731133608.GA21425@breakpoint.cc \
    --to=fw@strlen.de \
    --cc=netfilter@vger.kernel.org \
    --cc=toml@thlu.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.