add tunnable nf_conntrack_tcp_timeout_established value
default nf_conntrack_tcp_timeout_established value is 5 days.
This is really huge, in case of a ddos attack for example
from:
https://dev.openwrt.org/ticket/12976
minimum value should be
"7875 seconds (= tcp_keepalive_time + tcp_keepalive_probes * tcp_keepalive_intvl = 7200 + 9 * 75 by default) to give the endpoints sufficient time to send keep-alive probes"