diff --git a/patches/openwrt/branding/0001-base-files-Improve-defaults-for-conntrack.patch b/patches/openwrt/branding/0001-base-files-Improve-defaults-for-conntrack.patch
new file mode 100644
index 0000000000000000000000000000000000000000..9243d9f95dcabbf67c567a973b136f06e865c5d0
--- /dev/null
+++ b/patches/openwrt/branding/0001-base-files-Improve-defaults-for-conntrack.patch
@@ -0,0 +1,26 @@
+From 9d8820d86e03b19f4ea7dbdf130e091045ccf86b Mon Sep 17 00:00:00 2001
+From: Michal Hrusecky <michal.hrusecky@nic.cz>
+Date: Tue, 17 Jul 2018 11:20:50 +0200
+Subject: [PATCH] base-files: Improve defaults for conntrack
+
+---
+ package/base-files/files/etc/sysctl.d/10-default.conf | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/package/base-files/files/etc/sysctl.d/10-default.conf b/package/base-files/files/etc/sysctl.d/10-default.conf
+index 46d079b..484654d 100644
+--- a/package/base-files/files/etc/sysctl.d/10-default.conf
++++ b/package/base-files/files/etc/sysctl.d/10-default.conf
+@@ -23,3 +23,9 @@ net.ipv4.tcp_dsack=1
+ 
+ net.ipv6.conf.default.forwarding=1
+ net.ipv6.conf.all.forwarding=1
++
++net.nf_conntrack_max = 262144
++net.netfilter.nf_conntrack_tcp_timeout_established = 432000
++net.netfilter.nf_conntrack_udp_timeout=60
++net.netfilter.nf_conntrack_udp_timeout_stream=180
++net.netfilter.nf_conntrack_checksum=1
+-- 
+2.18.0
+