nixos/release-notes: document conntrack helper changes

author: Franz Pletz <fpletz@fnordicwalking.de> 2017-01-22 19:53:19 +0100
committer: Franz Pletz <fpletz@fnordicwalking.de> 2017-01-25 01:14:05 +0100
commit: 8d5a4c53b8734b1fc10ab4acdcba28451b836fd9 (patch)
tree: 064566b0593d5b80e8fcbc29e1050bfa20ad35d7 /nixos/doc
parent: 2d9152d509da7fb6b4d156b094ca7525358634bd (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1703.xml b/nixos/doc/manual/release-notes/rl-1703.xml
index aa864b7a757a..177010e2a322 100644
--- a/nixos/doc/manual/release-notes/rl-1703.xml
+++ b/nixos/doc/manual/release-notes/rl-1703.xml
@@ -133,6 +133,19 @@ following incompatible changes:</para>
 
     </para>
   </listitem>
+
+  <listitem>
+    <para>
+      Autoloading connection tracking helpers is now disabled by default.
+      This default was also changed in the Linux kernel and is considered
+      insecure if not configured properly in your firewall. If you need
+      connection tracking helpers (i.e. for active FTP) please enable
+      <literal>networking.firewall.autoLoadConntrackHelpers</literal> and
+      tune <literal>networking.firewall.connectionTrackingModules</literal>
+      to suit your needs.
+    </para>
+  </listitem>
+
 </itemizedlist>
author	Franz Pletz <fpletz@fnordicwalking.de>	2017-01-22 19:53:19 +0100
committer	Franz Pletz <fpletz@fnordicwalking.de>	2017-01-25 01:14:05 +0100
commit	8d5a4c53b8734b1fc10ab4acdcba28451b836fd9 (patch)
tree	064566b0593d5b80e8fcbc29e1050bfa20ad35d7 /nixos/doc
parent	2d9152d509da7fb6b4d156b094ca7525358634bd (diff)