Comment # 2 on bug 986527 from 
New firewall maintainer here. I'm working on the backlog bugs. Sorry for the
delay.

Is this line really in your sysctl.conf?

As I see it the default for this setting was changed in the Linux kernel
starting in version 4.7. Thus it wasn't an explicit decision of openSUSE to
disable this.

You can work around this problem either by changing the sysctl value
explicitly back to 1 (which would be less secure, but compatible). Or by
adding the firewall rule you mentioned to a custom script configured via
FW_CUSTOMRULES in /etc/sysconfig/SuSEfirewall2.

I'm not sure how we will solve this in future SuSEfirewall2 versions, because
we're thinking about migrating to a new solution using firewalld.

Either we will restore the previous value of
net.netfilter.nf_conntrack_helper, or we have to add a simple configuration
method to explicitly enabled helpers. I will have to think about your
suggestion of implicitly enabling helpers based on allowed services.

Thank you for the report and the suggestion. I will update this bug when I've
implemented a viable solution.

You are receiving this mail because: