我收到消息了
nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
内核是5.4.23,nftables版本是0.9.3。我如何为该 ct 状态分配助手?
table ip filter {
chain input {
type filter hook input priority filter; policy accept;
ct state established,related accept
iif "lo" accept
}
chain forward {
type filter hook forward priority filter; policy accept;
}
chain output {
type filter hook output priority filter; policy accept;
}
}
我在 CentOS 8 上遇到了同样的错误。要解决此问题,请通过以下方式启用自动 conntrack 帮助程序分配:
echo "net.netfilter.nf_conntrack_helper = 1" >> /etc/sysctl.conf
sysctl -p
--编辑: 根据 @2072 和 @Gwyneth Llewelyn 的以下评论,除非仅用于测试,否则根本不建议执行上述更改。相反,可以在这里
找到正确的解决方案