Long answer: That piece of config is only there if you migrated from 1.3. It used to be the case that all conntrack modules were enabled by default and had to be blacklisted individually. Since they aren’t particularly useful, we decided to disable them all by default, so what you’re seeing is a whitelist that allows all conntrack modules to keep up the previous behaviour in order to avoid breaking things in case you relied on them previously.
tl;dr: Backwards compatibility for a feature no one uses
Yes, it’s completely harmless and likely not related to your problem. I’d simply delete it because the shorter the config the better :-), plus you shouldn’t rely on them even if you’re using conntrack because they can cause headaches with complex networks, which is why the first step in conntrack sync walkthrough is to delete it: High Availability Walkthrough — VyOS 1.4.x (sagitta) documentation
Really, it’s only there because we don’t want to break people’s networks that do use the modules.
I was thinking of adding this information to the documentation. Something along the lines of:
Enables conntrack modules. All modules are now disabled by default, while they used to be enabled in VyOS 1.3. Enabling the modules ensures backwards compatibility with VyOS 1.3 — keeping the previous behavior.
In most cases they can be disabled by removing the block of configuration — for some scenarios it is in fact recommended.
And then add a code block showing the system/conntrack/modules.
Yes, mentioning that in the documentation is a good idea. I just checked and this migration script applies to 1.3 as well (conntrack module is at version 3), thus the migration clearly happened during 1.3 development, months before the LTS. So it’s better to mention backwards compatibility with 1.2 instead (where the old syntax applies) or just “previous versions”.