]>
Commit | Line | Data |
---|---|---|
1 | `enable`: `<boolean>` :: | |
2 | ||
3 | Enable host firewall rules. | |
4 | ||
5 | `log_level_in`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` :: | |
6 | ||
7 | Log level for incoming traffic. | |
8 | ||
9 | `log_level_out`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` :: | |
10 | ||
11 | Log level for outgoing traffic. | |
12 | ||
13 | `log_nf_conntrack`: `<boolean>` ('default =' `0`):: | |
14 | ||
15 | Enable logging of conntrack information. | |
16 | ||
17 | `ndp`: `<boolean>` ('default =' `0`):: | |
18 | ||
19 | Enable NDP (Neighbor Discovery Protocol). | |
20 | ||
21 | `nf_conntrack_allow_invalid`: `<boolean>` ('default =' `0`):: | |
22 | ||
23 | Allow invalid packets on connection tracking. | |
24 | ||
25 | `nf_conntrack_max`: `<integer> (32768 - N)` ('default =' `262144`):: | |
26 | ||
27 | Maximum number of tracked connections. | |
28 | ||
29 | `nf_conntrack_tcp_timeout_established`: `<integer> (7875 - N)` ('default =' `432000`):: | |
30 | ||
31 | Conntrack established timeout. | |
32 | ||
33 | `nf_conntrack_tcp_timeout_syn_recv`: `<integer> (30 - 60)` ('default =' `60`):: | |
34 | ||
35 | Conntrack syn recv timeout. | |
36 | ||
37 | `nosmurfs`: `<boolean>` :: | |
38 | ||
39 | Enable SMURFS filter. | |
40 | ||
41 | `protection_synflood`: `<boolean>` ('default =' `0`):: | |
42 | ||
43 | Enable synflood protection | |
44 | ||
45 | `protection_synflood_burst`: `<integer>` ('default =' `1000`):: | |
46 | ||
47 | Synflood protection rate burst by ip src. | |
48 | ||
49 | `protection_synflood_rate`: `<integer>` ('default =' `200`):: | |
50 | ||
51 | Synflood protection rate syn/sec by ip src. | |
52 | ||
53 | `smurf_log_level`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` :: | |
54 | ||
55 | Log level for SMURFS filter. | |
56 | ||
57 | `tcp_flags_log_level`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` :: | |
58 | ||
59 | Log level for illegal tcp flags filter. | |
60 | ||
61 | `tcpflags`: `<boolean>` ('default =' `0`):: | |
62 | ||
63 | Filter illegal combinations of TCP flags. | |
64 |