1

我正在接收消息

nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.

内核为 5.4.23,nftables 版本为 0.9.3。我如何为那个 ct 状态分配一个助手?

table ip filter {
        chain input {
                type filter hook input priority filter; policy accept;
                ct state established,related accept
                iif "lo" accept
        }

        chain forward {
                type filter hook forward priority filter; policy accept;
        }

        chain output {
                type filter hook output priority filter; policy accept;
        }
}
4

1 回答 1

0

我在 CentOS 8 上遇到了同样的错误。通过以下方式解决它启用自动 conntrack 助手分配:

echo "net.netfilter.nf_conntrack_helper = 1" >> /etc/sysctl.conf
sysctl -p
于 2021-01-12T11:52:15.400 回答