On 2/23/2018 2:07 AM, Rodary Jacques wrote:
When I reboot, what program is responsible for "CT-based firewall rule" (dixit
jounalctl). I would like to have my own firewall rules, and for now, I must flush those
"CT-based firewall rules" before I set my owns.
Again it's not too important, since I don't reboot very often, but I would
appreciate not to have to spend quite a lot of time to change default setup
each time I reboot.
I already got rid of bind9.service (I have my own DNS config but I need named
of course), Avahi-daemon package (I don't need multicast DNS).
I know the good solution would be to build my own packages with my own choices,
but I haven't the necessary knowledge.
Are you talking about this message:
"nf_conntrack: default automatic helper assignment has been turned off
for security reasons and CT-based firewall rule not found. Use the
iptables CT target to attach helpers instead."
It's always better to have the message in question! :)
As a dirty workaroungd, '/etc/rc.local' could be useful.