From af2cc3be64d82d35978590b316a46b5b206afa0d Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun, 6 Jan 2019 21:33:43 +0000
Subject: [PATCH] IPVS: Enable connection tracking by default

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/etc/sysctl.conf                    | 3 +++
 config/rootfiles/core/127/filelists/files | 1 +
 config/rootfiles/core/127/update.sh       | 3 +++
 3 files changed, 7 insertions(+)

diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
index 4066af767b..dd087d2d97 100644
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -26,6 +26,9 @@ net.ipv4.conf.all.accept_redirects = 0
 net.ipv4.conf.all.accept_source_route = 0
 net.ipv4.conf.all.log_martians = 1
 
+# Enable connection tracking for IPVS
+net.ipv4.vs.conntrack = 1
+
 kernel.printk = 1 4 1 7
 vm.swappiness=1
 vm.mmap_min_addr = 4096
diff --git a/config/rootfiles/core/127/filelists/files b/config/rootfiles/core/127/filelists/files
index d3de58f526..bea3f3c10a 100644
--- a/config/rootfiles/core/127/filelists/files
+++ b/config/rootfiles/core/127/filelists/files
@@ -9,6 +9,7 @@ etc/rc.d/init.d/unbound
 etc/rc.d/rc0.d/K77conntrackd
 etc/rc.d/rc3.d/S22conntrackd
 etc/rc.d/rc6.d/K77conntrackd
+etc/sysctl.conf
 srv/web/ipfire/cgi-bin/dnsforward.cgi
 srv/web/ipfire/cgi-bin/ids.cgi
 srv/web/ipfire/cgi-bin/ovpnmain.cgi
diff --git a/config/rootfiles/core/127/update.sh b/config/rootfiles/core/127/update.sh
index a8a206eab7..1b4ce29188 100644
--- a/config/rootfiles/core/127/update.sh
+++ b/config/rootfiles/core/127/update.sh
@@ -52,6 +52,9 @@ sudo -u nobody /srv/web/ipfire/cgi-bin/proxy.cgi
 /etc/init.d/unbound restart
 /etc/init.d/squid start
 
+# Reload sysctl.conf
+sysctl -p
+
 # Finish
 /etc/init.d/fireinfo start
 sendprofile
-- 
2.39.2