]>
Commit | Line | Data |
---|---|---|
2d404ffc DM |
1 | # /etc/pve/local/host.fw |
2 | ||
3 | [OPTIONS] | |
4 | ||
5 | enable: 0 | |
6 | tcp_flags_log_level: info | |
7 | smurf_log_level: nolog | |
178a63be DM |
8 | log_level_in: info |
9 | log_level_out: info | |
72f63fde DM |
10 | |
11 | # default policy | |
12 | policy_in: DROP | |
13 | policy_out: ACCEPT | |
14 | ||
530c005e | 15 | # allow more connections (default is 65536) |
1ec3e3d0 | 16 | nf_conntrack_max: 196608 |
2d404ffc | 17 | |
530c005e DM |
18 | # Enable firewall when bridges contains IP address. |
19 | # The firewall is not fully functional in that case, so | |
20 | # you need to enable that explicitly | |
21 | allow_bridge_route: 1 | |
92e976b3 | 22 | |
4ac863a6 DM |
23 | # disable SMURFS filter |
24 | nosmurfs: 0 | |
25 | ||
11f12eae DM |
26 | # filter illegal combinations of TCP flags |
27 | tcpflags: 1 | |
28 | ||
cc10e5d7 AD |
29 | # rules processing speed optimizations |
30 | optimize : 1 | |
31 | ||
92e976b3 DM |
32 | [RULES] |
33 | ||
34 | IN SSH(ACCEPT) net0 | |
35 | OUT SSH(ACCEPT) net0 |