Hello,
Some of my servers have kernels built by a cloud provider which, does not have
security tables available and have nf_conntrack_* modules builtin.
When I could, I updated the kernel, as recently suggested to another user in
[1].
But, the doesn't looks like a solution for kernel we can't update.
Moreover, these tables looks not mandatory to firewalld and limit the use of
firewalld where iptables could be used.
Would you like to accept patches which make:
- security tables optional;
- support kernel with builtin network modules ?
Side question: Why is firewalld altering ipXtables when the backend is
nftables?
Regards,
[1]
https://github.com/firewalld/firewalld/issues/411
Sébastien "Seblu" Luttringer