From 502f5953c734346edc680a0b898b435e6c6f6e27 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@whonix.org>
Date: Mon, 21 Apr 2025 04:55:19 -0400
Subject: [PATCH] comments

---
 etc/modprobe.d/30_security-misc_conntrack.conf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/etc/modprobe.d/30_security-misc_conntrack.conf b/etc/modprobe.d/30_security-misc_conntrack.conf
index c3ff5b9..7f36327 100644
--- a/etc/modprobe.d/30_security-misc_conntrack.conf
+++ b/etc/modprobe.d/30_security-misc_conntrack.conf
@@ -3,7 +3,8 @@
 
 ## Conntrack:
 ## Disable Netfilter's automatic connection tracking helper assignment.
-## Increases the kernel attack surface by enabling superfluous functionality such as IRC parsing in the kernel.
+## This functionality adds unnecessary features, such as IRC protocol parsing, into the kernel.
+## Disabling it reduces the kernel attack surface and improves security.
 ##
 ## https://conntrack-tools.netfilter.org/manual.html
 ## https://forums.whonix.org/t/disable-conntrack-helper/18917