I have seen the following message in the output of dmesg:
nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead.
My searches on google return only a few matches of dmesg outputs posted to help solve unrelated problems and source files. The only related topic I could find was .
I have no idea of what triggers this message since I don't always get it. It seems that I might have to change something in my iptables rules sooner or later but so far I couldn't find much about this, does anyone know more about it that can provide some info or pointers?
I also have just seen it recently. It seems to be related to this patch.
Creating a /etc/modprobe.d/nf_conntrack.conf with "options nf_conntrack nf_conntrack_helper=0" seems to make it go away.
After the next boot /proc/sys/net/netfilter/nf_conntrack_helper is 0 then (see here).
But same as you I wonder what other changes are coming up and if anything else has to be done to the rules at some point.
It has been a while but I had a go at this, my objective was to keep ftp(1) and sip clients working, this is from a client machine perspective. I did create a new .conf file in /etc/modprobe.d/ and confirmed ftp stopped working, so no automatic helper assignment anymore. After that I just needed to add an entry to the netfilter tables with:
iptables -t raw -A OUTPUT -p tcp --dport 21 -j CT --helper ftp
The rule I already had in place to accept related connections picked up the related connection from the ftp helper and things work, I could probably be locked down a bit more but for now I'm happy with this setup.
Sip clients (tested only with twinkle) seem to work fine without any special rules in the firewall (not even open ports for incoming connections), I was surprised I was able to do and receive calls just fine using the ekiga echo and call back tests.
I'd say most people will not even notice this change and no action will be required to keep things working.
(1) I know ftp should have been taken out back and shot a long time ago but it is still used in some places and no better alternatives are provided