View Issue Details

IDProjectCategoryView StatusLast Update
0016624CentOS-8firewalldpublic2019-10-21 00:42
Reporterpaxnil 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
Product Version8.0.1905 
Target VersionFixed in Version 
Summary0016624: CT helpers aren't properly instantiated
DescriptionAfter I add ftp service to firewall, FTP client still cannot be connect in passive mode. /var/log/message says:
"kernel: nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead."
If I use "iptables -t raw -A PREROUTING -p tcp -m tcp --dport 21 -j CT --helper ftp", FTP client works.

I checked nftables, firewalld doesn't generate right ruleset. And it had been solved in following issue:
firewalld issue: https://github.com/firewalld/firewalld/issues/453
Steps To Reproducefirewall-cmd --permanent --add-service=ftp
firewall-cmd --reload

curl -v ftp://x.x.x.x/
TagsNo tags attached.

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2019-10-19 11:32 paxnil New Issue