flush existing connections on steal

[aviramha]

Bug Description

on calico k3s we found out that steal doesn't work until established connections are reset, probably due to different behavior in that setup.
possible solution is to have conntrack binary in our image and call conntrack -F on each stolen port after adding the rule.

**this should be controlled via env var, at least for the first version, then decide if to make it enabled by default **

Steps to Reproduce

calico + k3s

Backtrace

No response

Relevant Logs

No response

Your operating system and version

n/a

Local process

n/a

Local process version

No response

Additional Info

No response

[aviramha]

This fixed their issue. Leaving this open until we decide if to have it this way by default.

Can be enabled right now using

"agent": {
"flush_connections": true
}

[eyalb181]

@meowjesty Discussed this with @aviramha , can you please change it to default to true?