]>
Commit | Line | Data |
---|---|---|
013dc89f | 1 | `enable`: `<boolean>` :: |
888c4116 DM |
2 | |
3 | Enable host firewall rules. | |
4 | ||
013dc89f | 5 | `log_level_in`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` :: |
888c4116 DM |
6 | |
7 | Log level for incoming traffic. | |
8 | ||
013dc89f | 9 | `log_level_out`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` :: |
888c4116 DM |
10 | |
11 | Log level for outgoing traffic. | |
12 | ||
95895385 TL |
13 | `log_nf_conntrack`: `<boolean>` ('default =' `0`):: |
14 | ||
15 | Enable logging of conntrack information. | |
16 | ||
5c1699e5 | 17 | `ndp`: `<boolean>` ('default =' `0`):: |
888c4116 | 18 | |
5c1699e5 | 19 | Enable NDP (Neighbor Discovery Protocol). |
888c4116 | 20 | |
5f26e15b TL |
21 | `nf_conntrack_allow_invalid`: `<boolean>` ('default =' `0`):: |
22 | ||
23 | Allow invalid packets on connection tracking. | |
24 | ||
9d2e98ed TL |
25 | `nf_conntrack_helpers`: `<string>` ('default =' ``):: |
26 | ||
27 | Enable conntrack helpers for specific protocols. Supported protocols: amanda, ftp, irc, netbios-ns, pptp, sane, sip, snmp, tftp | |
28 | ||
5c1699e5 | 29 | `nf_conntrack_max`: `<integer> (32768 - N)` ('default =' `262144`):: |
888c4116 DM |
30 | |
31 | Maximum number of tracked connections. | |
32 | ||
5c1699e5 | 33 | `nf_conntrack_tcp_timeout_established`: `<integer> (7875 - N)` ('default =' `432000`):: |
888c4116 DM |
34 | |
35 | Conntrack established timeout. | |
36 | ||
5c1699e5 TL |
37 | `nf_conntrack_tcp_timeout_syn_recv`: `<integer> (30 - 60)` ('default =' `60`):: |
38 | ||
39 | Conntrack syn recv timeout. | |
40 | ||
013dc89f | 41 | `nosmurfs`: `<boolean>` :: |
888c4116 DM |
42 | |
43 | Enable SMURFS filter. | |
44 | ||
5c1699e5 TL |
45 | `protection_synflood`: `<boolean>` ('default =' `0`):: |
46 | ||
47 | Enable synflood protection | |
48 | ||
49 | `protection_synflood_burst`: `<integer>` ('default =' `1000`):: | |
50 | ||
51 | Synflood protection rate burst by ip src. | |
52 | ||
53 | `protection_synflood_rate`: `<integer>` ('default =' `200`):: | |
54 | ||
55 | Synflood protection rate syn/sec by ip src. | |
56 | ||
013dc89f | 57 | `smurf_log_level`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` :: |
888c4116 DM |
58 | |
59 | Log level for SMURFS filter. | |
60 | ||
013dc89f | 61 | `tcp_flags_log_level`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` :: |
888c4116 DM |
62 | |
63 | Log level for illegal tcp flags filter. | |
64 | ||
5c1699e5 | 65 | `tcpflags`: `<boolean>` ('default =' `0`):: |
888c4116 DM |
66 | |
67 | Filter illegal combinations of TCP flags. | |
68 |