Connection tracking issues using ufw with Raspbian Stretch

On a Raspberry Pi running Raspbian Stretch and running ufw the connection state tracking mechanism doesn't allow connections from an external FTP client in passive mode. I found the following in the syslog:

Oct 23 14:05:09 raspberrypi kernel: [ 50.993344] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
Oct 23 14:11:51 raspberrypi kernel: [ 2.781931] nf_conntrack version 0.5.0 (14336 buckets, 57344 max)

With some more research I discovered that the file /proc/sys/net/netfilter/nf_conntrack_helper contains a 0. It needs to be a 1 for the usual connection tracking mechanism to work. For whatever reason that value cannot be permanently changed (or at least I can't change it) on my Raspberry Pi running Stretch.

After more research I found this website: https://home.regit.org/netfilter-en/secure-use-of-helpers/, which has the following:

"Using the CT target to refine security
Introduction

One classic problem with helpers is the fact that helpers listen on predefined ports. If a service does not run on standard port, it is necessary to declare it. Before 2.6.34, the only method to do so was to use a module option. This was resulting in having a systematic parsing of the added port by the chosen helper. This was clearly suboptimal and the CT target has been introduced in 2.6.34. It allows to specify what helper to use for a specific flow. For example, let’s say we have a FTP server on IP address 1.2.3.4 running on port 2121.

To declare it, we can simply do

iptables -A PREROUTING -t raw -p tcp --dport 2121 \\
       -d 1.2.3.4 -j CT --helper ftp

Therefore, the use of the module options is NOT recommended anymore – please use the CT target instead."

So by running the following from the command line I can get my passive ftp clients to connect with no problem:

sudo iptables -A PREROUTING -t raw -p tcp --dport 21 -j CT --helper ftp

I know there are other helpers for other protocols and they work differently than does the helper for ftp. I don't know if you want to modify ufw to enable these or not. I don't understand completely when ufw loads the iptables rules or know where is the best place to put the command above. It would be nice to make it permanent so that my ftp server will always be able to allow passive connections.

ufw version: 0.35
Raspbian Stretch 9
Kernel 4.91.41

Thanks!