3 files changed, 25 insertions, 0 deletions

diff --git a/Makefile.am b/Makefile.am
index 0fc5b44..eb642c0 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -2,14 +2,18 @@ cfgdir = $(datadir)/vyatta-cfg/templates
 share_perl5dir = /opt/vyatta/share/perl5/Vyatta/IpTables
 curverdir = $(sysconfdir)/config-migrate/current
 modprobedir = /etc/modprobe.d
+checkparamsonrebootdir = $(bindir)/sudo-users/check-params-on-reboot.d
 
 modprobe_DATA  = etc/modprobe.d/vyatta_nf_conntrack.conf
 modprobe_DATA += etc/modprobe.d/vyatta_xt_recent.conf
 
+checkparamsonreboot_SCRIPTS =
 sbin_SCRIPTS =
 share_perl5_DATA =
 curver_DATA = cfg-version/firewall@4
 
+checkparamsonreboot_SCRIPTS += scripts/check-params-on-reboot.d/conntrack-hash-size
+
 sbin_SCRIPTS += scripts/firewall/vyatta-firewall.pl
 sbin_SCRIPTS += scripts/firewall/firewall.init
 sbin_SCRIPTS += scripts/firewall/vyatta-ipset.pl
diff --git a/debian/vyatta-cfg-firewall.install b/debian/vyatta-cfg-firewall.install
index 633b9e0..57cc62b 100644
--- a/debian/vyatta-cfg-firewall.install
+++ b/debian/vyatta-cfg-firewall.install
@@ -1,4 +1,5 @@
 etc/modprobe.d
+opt/vyatta/bin/sudo-users/check-params-on-reboot.d
 opt/vyatta/sbin
 opt/vyatta/etc
 opt/vyatta/share/perl5
diff --git a/scripts/check-params-on-reboot.d/conntrack-hash-size b/scripts/check-params-on-reboot.d/conntrack-hash-size
new file mode 100755
index 0000000..6b3ba83
--- /dev/null
+++ b/scripts/check-params-on-reboot.d/conntrack-hash-size
@@ -0,0 +1,20 @@
+#!/bin/sh
+#
+# fix conntrack-hash-size on reboot
+#
+
+BOOTFILE=$1
+cthash_cfg=$(cli-shell-api cfReturnValue $BOOTFILE firewall conntrack-hash-size)
+
+if [ -z "$cthash_cfg" ]; then
+	cthash_cfg=4096 # default hashsize value that Vyatta ships
+fi
+
+if ! grep -q "nf_conntrack hashsize=$cthash_cfg$" \
+	/etc/modprobe.d/vyatta_nf_conntrack.conf
+then
+	sudo sh -c "sed -i -e '/options nf_conntrack hashsize/d' \
+		/etc/modprobe.d/vyatta_nf_conntrack.conf"
+	sudo sh -c "echo options nf_conntrack hashsize=$cthash_cfg >> \
+		/etc/modprobe.d/vyatta_nf_conntrack.conf"
+fi