Difference between revisions of "Conntrack helpers"

From nftables wiki

Jump to navigation Jump to search

Revision as of 19:43, 18 December 2020

You can enable conntrack helpers explicitly through your ruleset. You have to attach your conntrack helper from the prerouting chain.

table inet myhelpers {
      ct helper ftp-standard {
            type "ftp" protocol tcp
      }
      chain prerouting {
            type filter hook prerouting priority 0;
            tcp dport 21 ct helper set "ftp-standard"
      }
}

The example above shows how to enable the FTP conntrack helper for traffic going through port tcp/21.

You can read more on how to enable conntrack helpers in a secure way here.

Retrieved from "http://wiki.nftables.org/wiki-nftables/index.php?title=Conntrack_helpers&oldid=602"

Pages using deprecated source tags