Conntrack helpers: Difference between revisions

From nftables wiki
Jump to navigation Jump to search
Line 32: Line 32:
* Amanda
* Amanda


The [https://www.netfilter.org/projects/conntrack-tools/ conntrackd] daemon also provides support for userspace helpers, such as:
The [https://conntrack-tools.netfilter.org/manual.html#helpers conntrackd] daemon also provides support for userspace helpers, such as:


* DHCPv6
* DHCPv6

Revision as of 18:50, 18 December 2020

You can enable conntrack helpers explicitly through your ruleset. You have to attach your conntrack helper from the prerouting chain. 

table inet myhelpers {
      ct helper ftp-standard {
            type "ftp" protocol tcp
      }
      chain prerouting {
            type filter hook prerouting priority 0;
            tcp dport 21 ct helper set "ftp-standard"
      }
}

The example above shows how to enable the FTP conntrack helper for traffic going through port tcp/21 which is the standard FTP control port.

You can read more on how to enable conntrack helpers in a secure way here.

Supported conntrack helpers

Conntrack provides the following helpers:

  • FTP
  • TFTP
  • NetBIOS
  • IRC
  • SIP
  • H.323
  • SNMP
  • PPTP
  • SANE
  • Amanda

The conntrackd daemon also provides support for userspace helpers, such as:

  • DHCPv6
  • MDNS
  • SLP
  • SSDP
  • RPC
  • Oracle TNS
Retrieved from "http://wiki.nftables.org/wiki-nftables/index.php?title=Conntrack_helpers&oldid=605"