Re: CT-based firewall rules?
- Date: Fri, 23 Feb 2018 06:34:33 +0100
- From: john doe <johndoe65534@xxxxxxxx>
- Subject: Re: CT-based firewall rules?
On 2/23/2018 2:07 AM, Rodary Jacques wrote:
When I reboot, what program is responsible for "CT-based firewall rule" (dixit jounalctl). I would like to have my own firewall rules, and for now, I must flush those "CT-based firewall rules" before I set my owns.
Again it's not too important, since I don't reboot very often, but I would appreciate not to have to spend quite a lot of time to change default setup each time I reboot.
I already got rid of bind9.service (I have my own DNS config but I need named of course), Avahi-daemon package (I don't need multicast DNS).
I know the good solution would be to build my own packages with my own choices, but I haven't the necessary knowledge.
Are you talking about this message:
"nf_conntrack: default automatic helper assignment has been turned off
for security reasons and CT-based firewall rule not found. Use the
iptables CT target to attach helpers instead."
It's always better to have the message in question! :)
As a dirty workaroungd, '/etc/rc.local' could be useful.