Conntrack helpers: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| Line 17: | Line 17: | ||
You can read more on how to enable conntrack helpers in a secure way [https://github.com/regit/secure-conntrack-helpers/blob/master/secure-conntrack-helpers.rst here]. | You can read more on how to enable conntrack helpers in a secure way [https://github.com/regit/secure-conntrack-helpers/blob/master/secure-conntrack-helpers.rst here]. | ||
= Supported helpers = | = Supported conntrack helpers = | ||
Conntrack provides the following helpers: | Conntrack provides the following helpers: | ||
Revision as of 18:50, 18 December 2020
You can enable conntrack helpers explicitly through your ruleset. You have to attach your conntrack helper from the prerouting chain.
table inet myhelpers {
ct helper ftp-standard {
type "ftp" protocol tcp
}
chain prerouting {
type filter hook prerouting priority 0;
tcp dport 21 ct helper set "ftp-standard"
}
}
The example above shows how to enable the FTP conntrack helper for traffic going through port tcp/21 which is the standard FTP control port.
You can read more on how to enable conntrack helpers in a secure way here.
Supported conntrack helpers
Conntrack provides the following helpers:
- FTP
- TFTP
- NetBIOS
- IRC
- SIP
- H.323
- SNMP
- PPTP
- SANE
- Amanda
The conntrackd daemon also provides support for userspace helpers, such as:
- DHCPv6
- MDNS
- SLP
- SSDP
- RPC
- Oracle TNS