Conntrack helpers should be disabled by default
Closed, InvalidPublicBUG
Actions

Assigned To

None

Authored By

	Apachez
	Aug 27 2023, 9:44 AM

Description

For a fresh VyOS installation the following conntrack helpers are enabled by default:

conntrack {               
     modules {             
         ftp               
         h323              
         nfs               
         pptp 
         sip  
         sqlnet
         tftp  
     }         
 }

In order to follow the design of offloading options (default disabled) I think that also ct helpers should by default be disabled and that the admin must explicitly enable whatever helper they want to use.

Details

Difficulty level: Unknown (require assessment)
Version: VyOS 1.4-rolling-202308260020
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Unspecified (possibly destroys the router)
Issue type: Bug (incorrect behavior)

Related Objects

Mentioned In: T3275: Disable conntrack helpers by default
Mentioned Here: T3275: Disable conntrack helpers by default

Event Timeline

Apachez created this task.Aug 27 2023, 9:44 AM

Duplicate T3275

jestabro mentioned this in T3275: Disable conntrack helpers by default.Aug 27 2023, 1:29 PM

Conntrack helpers should be disabled by defaultClosed, InvalidPublicBUGActions

Description

Details

Related Objects

Event Timeline

Conntrack helpers should be disabled by default
Closed, InvalidPublicBUG
Actions