OS distributions started to disable the nf_conntrack_helper functionality by default. (Ubuntu Bionic) Without the nf_conntrack_helper traffic such as tftp and other protocols that require a nf_conntrack module will not work. (This became apparent with Openstack Ironic which uses tftp transfer boot images during Pre Boot Execution (PXE) stopped working.)
This RFE is for adding support in Neutron to configure protocol specific CT target rules. This was discussed in meeting[1] 2019-03-20 with consensus on adding an L3 extension.
OS distributions started to disable the nf_conntrack_helper functionality by default. (Ubuntu Bionic) Without the nf_conntrack_helper traffic such as tftp and other protocols that require a nf_conntrack module will not work. (This became apparent with Openstack Ironic which uses tftp transfer boot images during Pre Boot Execution (PXE) stopped working.)
Desactivate the automatic conntrack helper assignment i better securitu practice, ref: /github. com/regit/ secure- conntrack- helpers/ blob/master/ secure- conntrack- helpers. rst
https:/
This RFE is for adding support in Neutron to configure protocol specific CT target rules. This was discussed in meeting[1] 2019-03-20 with consensus on adding an L3 extension.
[1] http:// eavesdrop. openstack. org/irclogs/ %23openstack- meeting/ %23openstack- meeting. 2019-03- 20.log. html#t2019- 03-20T14: 47:08