[pve-devel] loading nf_conntrack_ftp module by default ?

[Dietmar Maurer]

> >>It's probably a negligible difference in overhead and so forth, but it might be
> nice to only load the module if FTP rules actually exist. I, for one, never plan to
> support FTP in particular on my servers. Maybe a >>future optimization, at least?
> 
> with kernel 3.10, we can autoload module with a simple rule
> 
> iptables -A PREROUTING -t raw -p tcp --dport 21 -j CT --helper ftp

Users already complain, so it is maybe better to do not autoload that for now.