nixos/release-notes: document conntrack helper changes

2017-01-22 19:53:19 +01:00 · 2017-01-22 19:53:19 +01:00 · 8d5a4c53b8
commit 8d5a4c53b8
parent 2d9152d509
1 changed files with 13 additions and 0 deletions
--- a/nixos/doc/manual/release-notes/rl-1703.xml
+++ b/nixos/doc/manual/release-notes/rl-1703.xml
@ -133,6 +133,19 @@ following incompatible changes:</para>

    </para>
  </listitem>
+
+  <listitem>
+    <para>
+      Autoloading connection tracking helpers is now disabled by default.
+      This default was also changed in the Linux kernel and is considered
+      insecure if not configured properly in your firewall. If you need
+      connection tracking helpers (i.e. for active FTP) please enable
+      <literal>networking.firewall.autoLoadConntrackHelpers</literal> and
+      tune <literal>networking.firewall.connectionTrackingModules</literal>
+      to suit your needs.
+    </para>
+  </listitem>
+
 </itemizedlist>