Revision as of 18:50, 18 December 2020

You can enable conntrack helpers explicitly through your ruleset. You have to attach your conntrack helper from the prerouting chain.

table inet myhelpers {
      ct helper ftp-standard {
            type "ftp" protocol tcp
      }
      chain prerouting {
            type filter hook prerouting priority 0;
            tcp dport 21 ct helper set "ftp-standard"
      }
}

The example above shows how to enable the FTP conntrack helper for traffic going through port tcp/21 which is the standard FTP control port.

You can read more on how to enable conntrack helpers in a secure way here.

Supported helpers

Conntrack provides the following helpers:

FTP
TFTP
NetBIOS
IRC
SIP
H.323
SNMP
PPTP
SANE
Amanda

The conntrackd daemon also provides support for userspace helpers, such as:

DHCPv6
MDNS
SLP
SSDP
RPC
Oracle TNS

@@ Line 13: / Line 13: @@
 </source>
-The example above shows how to enable the FTP conntrack helper for traffic going through port tcp/21.
+The example above shows how to enable the FTP conntrack helper for traffic going through port tcp/21 which is the standard FTP control port.
 You can read more on how to enable conntrack helpers in a secure way [https://github.com/regit/secure-conntrack-helpers/blob/master/secure-conntrack-helpers.rst here].
+= Supported helpers =
+Conntrack provides the following helpers:
+* FTP
+* TFTP
+* NetBIOS
+* IRC
+* SIP
+* H.323
+* SNMP
+* PPTP
+* SANE
+* Amanda
+The [https://www.netfilter.org/projects/conntrack-tools/ conntrackd] daemon also provides support for userspace helpers, such as:
+* DHCPv6
+* MDNS
+* SLP
+* SSDP
+* RPC
+* Oracle TNS

Conntrack helpers: Difference between revisions

Revision as of 18:50, 18 December 2020

Supported helpers

Navigation menu

Conntrack helpers: Difference between revisions

Revision as of 18:50, 18 December 2020

Supported helpers

Navigation menu

Search