by UPDATE 06/2023
The nf_conntrack_proto_gre is now a built-in module in kernel >= 5.1 and it is not possible to build it as a separate module.
You can check if the module is built into the running kernel using the following command:
grep CONFIG_NF_CT_PROTO_GRE /boot/config-$(uname -r)
Output of above: (this means the module is built into the kernel)
CONFIG_NF_CT_PROTO_GRE=y
I was getting the following message in my log files on my Debian firewall.
kernel: conntrack: generic helper won't handle protocol 47. Please consider loading the specific helper module.
The nf_conntrack_proto_gre module needs to be loaded to resolve this.
modprobe nf_conntrack_proto_gre
To load it automatically at boot, I created a new file (gre.conf) in /etc/modules-load.d
This file just needs the single line: nf_conntrack_proto_gre