X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=blobdiff_plain;f=src%2Finitscripts%2Fsystem%2Ffirewall;fp=src%2Finitscripts%2Fsystem%2Ffirewall;h=65f1c979bb4007f1987fbfe897b5e1d91ed30f23;hp=5d7f1c1b4be37257ae339aa68151c9e0b9508d03;hb=af7f9fc43d84cdce163a699992d8cf3ff74817dc;hpb=45f4de2bbcafb689b21a201c0aa836881ce417c2

diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 5d7f1c1b4b..65f1c979bb 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -32,6 +32,10 @@ iptables_init() {
 	iptables -P FORWARD DROP
 	iptables -P OUTPUT ACCEPT
 
+	# Enable TRACE logging to syslog
+	modprobe nf_log_ipv4
+	sysctl -q -w net.netfilter.nf_log.2=nf_log_ipv4
+
 	# Empty LOG_DROP and LOG_REJECT chains
 	iptables -N LOG_DROP
 	iptables -A LOG_DROP   -m limit --limit 10/second -j LOG
@@ -96,6 +100,9 @@ iptables_init() {
 
 	# Conntrack helpers (https://home.regit.org/netfilter-en/secure-use-of-helpers/)
 
+	# GRE (always enabled)
+	modprobe nf_conntrack_proto_gre
+
 	# SIP
 	if [ "${CONNTRACK_SIP}" = "on" ]; then
 		modprobe nf_nat_sip