Conntrack helpers

From nftables wiki
Revision as of 19:43, 18 December 2020 by Pablo (talk | contribs) (Created page with "You can enable conntrack helpers explicitly through your ruleset. You have to attach your conntrack helper from the prerouting chain. <source lang="bash"> table inet myhelpe...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

You can enable conntrack helpers explicitly through your ruleset. You have to attach your conntrack helper from the prerouting chain. 

table inet myhelpers {
      ct helper ftp-standard {
            type "ftp" protocol tcp
      }
      chain prerouting {
            type filter hook prerouting priority 0;
            tcp dport 21 ct helper set "ftp-standard"
      }
}

The example above shows how to enable the FTP conntrack helper for traffic going through port tcp/21.

You can read more on how to enable conntrack helpers in a secure way here.

Retrieved from "http://wiki.nftables.org/wiki-nftables/index.php?title=Conntrack_helpers&oldid=602"