by I was getting the following message in my log files on my Debian firewall.
kernel: conntrack: generic helper won't handle protocol 47. Please consider loading the specific helper module.
The nf_conntrack_proto_gre module needs to be loaded to resolve this.
modprobe nf_conntrack_proto_gre
To load it automatically at boot, I created a new file (gre.conf) in /etc/modules-load.d
This file just needs the single line: nf_conntrack_proto_gre