1 # /etc/pve/local/host.fw
6 tcp_flags_log_level: info
15 # allow more connections (default is 65536)
16 nf_conntrack_max: 196608
18 # reduce conntrack established timeout (default is 432000 - 5days)
19 nf_conntrack_tcp_timeout_established: 7875
21 # Enable firewall when bridges contains IP address.
22 # The firewall is not fully functional in that case, so
23 # you need to enable that explicitly
26 # disable SMURFS filter
29 # filter illegal combinations of TCP flags
32 # rules processing speed optimizations