What is a secure way of enabling NFT helpers through Luci?
In Firewall -> Traffic Rules or Port Forwards -> Advanced Setting
there is only a "Match helper".
However the helper does not scan and classifying traffic at all.
It only stared doing this after:
echo 1 > /proc/sys/net/netfilter/nf_conntrack_helper
This approach however seems to be listed as insecure on linux related forums.
What is the correct way to pass (not match) only specific traffic through the nft helpers for it to be scanned? Like scanning traffic only on port 21.