Description of problem: I run tftp-server via xinetd, but lately firewalld cannot permit inbound traffic to it from the LAN. When I click "tftp" in the firewalld services, I get the error: INVALID_HELPER: nf_conntrack_tftp not available in kernel If I run a "locate conntrack" I also no longer see a file named nf_conntrack_tftp in the kernel's /usr/include/linux/netfilter folder. Version-Release number of selected component (if applicable): kernel-4.8.8-200.fc24.x86_64 firewalld-0.4.4.1-1.fc24.noarch tftp-server-5.2-18.fc24.x86_64 xinetd-2.3.15-17.fc24.x86_64 How reproducible: Always Steps to Reproduce: 1. Run firewall-config 2. Access the Services panel for your network card's zone 3. Select tftp Actual results: Popup message with INVALID_HELPER: nf_conntrack_tftp not available in kernel Expected results: tftp should be permitted through the firewall. Additional info: The daemon is running, as I can run the tftp client on the same device and get and put files to the tftp server folder.
It seems it's actually worse than just TFTP .... When I restarted my laptop today and looked at the logs I got this: [root@lenovo ~]# service firewalld status Redirecting to /bin/systemctl status firewalld.service ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2016-11-30 13:17:50 SAST; 1h 5min ago Docs: man:firewalld(1) Main PID: 1116 (firewalld) Tasks: 3 (limit: 512) CGroup: /system.slice/firewalld.service └─1116 /usr/bin/python3 -Es /usr/sbin/firewalld --nofork --nopid Nov 30 13:17:30 lenovo.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon... Nov 30 13:17:50 lenovo.localdomain systemd[1]: Started firewalld - dynamic firewall daemon. Nov 30 13:18:02 lenovo.localdomain firewalld[1116]: WARNING: internal: INVALID_HELPER: 'nf_conntrack_ftp' not available in kernel Nov 30 13:18:02 lenovo.localdomain firewalld[1116]: WARNING: internal: INVALID_HELPER: 'nf_conntrack_netbios_ns' not available in kernel Nov 30 13:18:02 lenovo.localdomain firewalld[1116]: WARNING: internal: INVALID_HELPER: 'nf_conntrack_tftp' not available in kernel Nov 30 13:18:02 lenovo.localdomain firewalld[1116]: WARNING: internal: INVALID_HELPER: 'nf_conntrack_netbios_ns' not available in kernel Nov 30 13:18:02 lenovo.localdomain firewalld[1116]: WARNING: INVALID_HELPER: 'nf_conntrack_netbios_ns' not available in kernel Nov 30 13:18:02 lenovo.localdomain firewalld[1116]: WARNING: INVALID_HELPER: 'nf_conntrack_netbios_ns' not available in kernel Nov 30 13:18:15 lenovo.localdomain firewalld[1116]: WARNING: INVALID_HELPER: 'nf_conntrack_tftp' not available in kernel Nov 30 13:18:15 lenovo.localdomain firewalld[1116]: WARNING: INVALID_HELPER: 'nf_conntrack_ftp' not available in kernel
On Fedora 25 and I still see this error message. Is there a fix or workaround? There is no firewalld logging so long as this error message occurs. Thanks,
*********** MASS BUG UPDATE ************** We apologize for the inconvenience. There are a large number of bugs to go through and several of them have gone stale. Due to this, we are doing a mass bug update across all of the Fedora 24 kernel bugs. Fedora 25 has now been rebased to 4.10.9-100.fc24. Please test this kernel update (or newer) and let us know if you issue has been resolved or if it is still present with the newer kernel. If you have moved on to Fedora 26, and are still experiencing this issue, please change the version to Fedora 26. If you experience different issues, please open a new bug report for those.
*********** MASS BUG UPDATE ************** This bug is being closed with INSUFFICIENT_DATA as there has not been a response in 2 weeks. If you are still experiencing this issue, please reopen and attach the relevant data from the latest kernel you are running and any data that might have been requested previously.