]>
Commit | Line | Data |
---|---|---|
013dc89f | 1 | `enable`: `<boolean>` :: |
888c4116 DM |
2 | |
3 | Enable host firewall rules. | |
4 | ||
013dc89f | 5 | `log_level_in`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` :: |
888c4116 DM |
6 | |
7 | Log level for incoming traffic. | |
8 | ||
013dc89f | 9 | `log_level_out`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` :: |
888c4116 DM |
10 | |
11 | Log level for outgoing traffic. | |
12 | ||
95895385 TL |
13 | `log_nf_conntrack`: `<boolean>` ('default =' `0`):: |
14 | ||
15 | Enable logging of conntrack information. | |
16 | ||
5c1699e5 | 17 | `ndp`: `<boolean>` ('default =' `0`):: |
888c4116 | 18 | |
5c1699e5 | 19 | Enable NDP (Neighbor Discovery Protocol). |
888c4116 | 20 | |
5f26e15b TL |
21 | `nf_conntrack_allow_invalid`: `<boolean>` ('default =' `0`):: |
22 | ||
23 | Allow invalid packets on connection tracking. | |
24 | ||
5c1699e5 | 25 | `nf_conntrack_max`: `<integer> (32768 - N)` ('default =' `262144`):: |
888c4116 DM |
26 | |
27 | Maximum number of tracked connections. | |
28 | ||
5c1699e5 | 29 | `nf_conntrack_tcp_timeout_established`: `<integer> (7875 - N)` ('default =' `432000`):: |
888c4116 DM |
30 | |
31 | Conntrack established timeout. | |
32 | ||
5c1699e5 TL |
33 | `nf_conntrack_tcp_timeout_syn_recv`: `<integer> (30 - 60)` ('default =' `60`):: |
34 | ||
35 | Conntrack syn recv timeout. | |
36 | ||
013dc89f | 37 | `nosmurfs`: `<boolean>` :: |
888c4116 DM |
38 | |
39 | Enable SMURFS filter. | |
40 | ||
5c1699e5 TL |
41 | `protection_synflood`: `<boolean>` ('default =' `0`):: |
42 | ||
43 | Enable synflood protection | |
44 | ||
45 | `protection_synflood_burst`: `<integer>` ('default =' `1000`):: | |
46 | ||
47 | Synflood protection rate burst by ip src. | |
48 | ||
49 | `protection_synflood_rate`: `<integer>` ('default =' `200`):: | |
50 | ||
51 | Synflood protection rate syn/sec by ip src. | |
52 | ||
013dc89f | 53 | `smurf_log_level`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` :: |
888c4116 DM |
54 | |
55 | Log level for SMURFS filter. | |
56 | ||
013dc89f | 57 | `tcp_flags_log_level`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` :: |
888c4116 DM |
58 | |
59 | Log level for illegal tcp flags filter. | |
60 | ||
5c1699e5 | 61 | `tcpflags`: `<boolean>` ('default =' `0`):: |
888c4116 DM |
62 | |
63 | Filter illegal combinations of TCP flags. | |
64 |