Differences

This shows you the differences between two versions of the page.

--- doc:appunti:linux:sa:nf_conntrack_expect [2025/06/09 09:51] – [Shorewall and helpers] niccolo
+++ doc:appunti:linux:sa:nf_conntrack_expect [2025/06/09 09:57] (current) – [Shorewall and helpers] niccolo
@@ Line 156: / Line 156: @@
 </code>
-Or you can add this into **/etc/shorewall/conntrack** (in Debian 12 with Shorewall 5.2 the file is only considered if AUTOHELPERS is enabled):
+The default **Debian 12 Bookworm** configuration for Shorewall provides a **conntrack** file where helpers can be enabled only if the Shorewall **AUTOHELPERS** option is enabled (in ''shorewall.conf'') and if the **CT_TARGET** iptables/netfilter capability is available (verify the output of ''shorewall show capabilities'').
+For example you can enable the sip helper adding this line in **/etc/shorewall/conntrack**:
 <code>
@@ Line 163: / Line 165: @@
 In this case the helper is instantiated into the raw table in both PREROUTING and OUTPUT chains.
-The default **Debian 12 Bookworm** configuration for Shorewall provides a **conntrack** file where helpers are enabled only if the Shorewall **AUTOHELPERS** option is enabled (in ''shorewall.conf'') and if the **CT_TARGET** iptables/netfilter capability is available (verify the output of ''shorewall show capabilities'').
 ==== Shorewall upgrade from Debian 11 to 12 ====