Web lists-archives.com

Re: CT-based firewall rules?




On 2/23/2018 2:07 AM, Rodary Jacques wrote:
When I reboot, what program  is responsible for  "CT-based  firewall rule" (dixit jounalctl). I would like to have my own firewall rules, and for now, I must flush those "CT-based  firewall rules" before  I set my owns.
Again it's not too important, since I don't reboot very often, but I would appreciate not to have to spend quite a lot of time to change default setup each time I reboot.
I already got rid of bind9.service (I have my own DNS config but I need named of course), Avahi-daemon package (I don't need multicast DNS).
I know the good solution would be to build my own packages with my own choices, but I haven't the necessary knowledge.


Are you talking about this message:

https://bbs.archlinux.org/viewtopic.php?id=224647

"nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead."

It's always better to have the message in question! :)

As a dirty workaroungd, '/etc/rc.local' could be useful.

--
John Doe