IPVS: Enable connection tracking by default

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
index 4066af767b2876eefbb87f872f5342cf5c78e705..dd087d2d97a77ed52af9b557a73a2935dc1c2908 100644 (file)
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -26,6 +26,9 @@ net.ipv4.conf.all.accept_redirects = 0
 net.ipv4.conf.all.accept_source_route = 0
 net.ipv4.conf.all.log_martians = 1
 
+# Enable connection tracking for IPVS
+net.ipv4.vs.conntrack = 1
+
 kernel.printk = 1 4 1 7
 vm.swappiness=1
 vm.mmap_min_addr = 4096

diff --git a/config/rootfiles/core/127/filelists/files b/config/rootfiles/core/127/filelists/files
index d3de58f5260466fc2c92bb93cec28a62568506f0..bea3f3c10a7235b51c0aebc037dc2a0884f80c70 100644 (file)
--- a/config/rootfiles/core/127/filelists/files
+++ b/config/rootfiles/core/127/filelists/files
@@ -9,6 +9,7 @@ etc/rc.d/init.d/unbound
 etc/rc.d/rc0.d/K77conntrackd
 etc/rc.d/rc3.d/S22conntrackd
 etc/rc.d/rc6.d/K77conntrackd
+etc/sysctl.conf
 srv/web/ipfire/cgi-bin/dnsforward.cgi
 srv/web/ipfire/cgi-bin/ids.cgi
 srv/web/ipfire/cgi-bin/ovpnmain.cgi

diff --git a/config/rootfiles/core/127/update.sh b/config/rootfiles/core/127/update.sh
index a8a206eab7460cb6c527e98e486496c5c287bece..1b4ce29188a208fa84779c81254dc097b046bc61 100644 (file)
--- a/config/rootfiles/core/127/update.sh
+++ b/config/rootfiles/core/127/update.sh
@@ -52,6 +52,9 @@ sudo -u nobody /srv/web/ipfire/cgi-bin/proxy.cgi
 /etc/init.d/unbound restart
 /etc/init.d/squid start
 
+# Reload sysctl.conf
+sysctl -p
+
 # Finish
 /etc/init.d/fireinfo start
 sendprofile