• Eric Leblond's avatar
    netfilter: nf_ct_helper: allow to disable automatic helper assignment · a9006892
    Eric Leblond authored
    This patch allows you to disable automatic conntrack helper
    lookup based on TCP/UDP ports, eg.
    
    echo 0 > /proc/sys/net/netfilter/nf_conntrack_helper
    
    [ Note: flows that already got a helper will keep using it even
      if automatic helper assignment has been disabled ]
    
    Once this behaviour has been disabled, you have to explicitly
    use the iptables CT target to attach helper to flows.
    
    There are good reasons to stop supporting automatic helper
    assignment, for further information, please read:
    
    http://www.netfilter.org/news.html#2012-04-03
    
    This patch also adds one message to inform that automatic helper
    assignment is deprecated and it will be removed soon (this is
    spotted only once, with the first flow that gets a helper attached
    to make it as less annoying as possible).
    Signed-off-by: default avatarEric Leblond <eric@regit.org>
    Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
    a9006892
conntrack.h 1.14 KB