我收到消息
nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
内核是 5.4.23,nftables 版本是 0.9.3。如何将帮助程序分配到该 ct 状态?
table ip filter {
chain input {
type filter hook input priority filter; policy accept;
ct state established,related accept
iif "lo" accept
}
chain forward {
type filter hook forward priority filter; policy accept;
}
chain output {
type filter hook output priority filter; policy accept;
}
}
我在 CentOS 8 上遇到了同样的错误。 要解决此问题,请通过以下方式启用自动连接帮助程序分配:
echo "net.netfilter.nf_conntrack_helper = 1" >> /etc/sysctl.conf
sysctl -p
--编辑: 根据@2072和@Gwyneth Llewelyn的以下评论,除非仅用于测试,否则根本不建议执行上述更改。相反,可以在此处找到适当的解决方案