Comment 0 for bug 1823633

OS distributions started to disable the nf_conntrack_helper functionality by default. (Ubuntu Bionic) Without the nf_conntrack_helper traffic such as tftp and other protocols that require a nf_conntrack module will not work. (This became apparent with Openstack Ironic which uses tftp transfer boot images during Pre Boot Execution (PXE) stopped working.)

Desactivate the automatic conntrack helper assignment i better securitu practice, ref:
https://github.com/regit/secure-conntrack-helpers/blob/master/secure-conntrack-helpers.rst

This RFE is for adding support in Neutron to configure protocol specific CT target rules. This was discussed in meeting[1] 2019-03-20 with consensus on adding an L3 extension.

[1] http://eavesdrop.openstack.org/irclogs/%23openstack-meeting/%23openstack-meeting.2019-03-20.log.html#t2019-03-20T14:47:08