firewall: Always enable connection tracking for GRE

If this module is not being loaded, the kernel will mark any
GRE connection as INVALID in connection tracking, which will
be then silently dropped by a firewall rule.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

src/initscripts/system/firewall

@@ -96,6 +96,9 @@ iptables_init() {
 
 	# Conntrack helpers (https://home.regit.org/netfilter-en/secure-use-of-helpers/)
 
+	# GRE (always enabled)
+	modprobe nf_conntrack_proto_gre
+
 	# SIP
 	if [ "${CONNTRACK_SIP}" = "on" ]; then
 		modprobe nf_nat_sip