UPDATE 06/2023

The nf_conntrack_proto_gre is now a built-in module in kernel >= 5.1 and it is not possible to build it as a separate module.

You can check if the module is built into the running kernel using the following command:

grep CONFIG_NF_CT_PROTO_GRE /boot/config-$(uname -r)

Output of above: (this means the module is built into the kernel)

CONFIG_NF_CT_PROTO_GRE=y

---

I was getting the following message in my log files on my Debian firewall.

kernel: conntrack: generic helper won't handle protocol 47. Please consider loading the specific helper module.

The nf_conntrack_proto_gre module needs to be loaded to resolve this.

modprobe nf_conntrack_proto_gre

To load it automatically at boot, I created a new file (gre.conf) in /etc/modules-load.d

This file just needs the single line: nf_conntrack_proto_gre




Tags: Networking , Linux

Return to home page: Home