Deprecated nf_conntrack automatic helper assignment
For quite a while, I’ve been getting the “nf_conntrack: automatic helper assignment is deprecated and it will be removed soon” warning at boot. So I can’t say I was too surprised when I started getting “kernel: nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.”
Back in January/February 2017 there was a post on the Linux-Kernel mailing list submitting a patch to print out the warning so firewall admins would at least have notice. As best as I can tell from reading a ton of stuff, the warning is logged if a packet which would have otherwise traversed your firewall didn’t because there was no helper available. More information can be found at Secure use of iptables and connection tracking helpers.