[pve-devel] [PATCH pve-firewall] add nf_conntrack_tcp_be_liberal option

[Wolfgang Bumiller]

On Wed, Feb 20, 2019 at 11:05:50AM +0100, Alexandre Derumier wrote:
> Allow to not flag as invalid, out of windows packets.
> 
> Can't persist in sysctl at boot, because if need to be set
> after conntrack loading.

What if you add nf_conntrack to /etc/modules-load.d?
systemd-sysctl.service contains `After=systemd-modules-load.service`