1 `enable`: `<boolean>` ::
3 Enable host firewall rules.
5 `log_level_in`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` ::
7 Log level for incoming traffic.
9 `log_level_out`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` ::
11 Log level for outgoing traffic.
13 `log_nf_conntrack`: `<boolean>` ('default =' `0`)::
15 Enable logging of conntrack information.
17 `ndp`: `<boolean>` ('default =' `0`)::
19 Enable NDP (Neighbor Discovery Protocol).
21 `nf_conntrack_allow_invalid`: `<boolean>` ('default =' `0`)::
23 Allow invalid packets on connection tracking.
25 `nf_conntrack_max`: `<integer> (32768 - N)` ('default =' `262144`)::
27 Maximum number of tracked connections.
29 `nf_conntrack_tcp_timeout_established`: `<integer> (7875 - N)` ('default =' `432000`)::
31 Conntrack established timeout.
33 `nf_conntrack_tcp_timeout_syn_recv`: `<integer> (30 - 60)` ('default =' `60`)::
35 Conntrack syn recv timeout.
37 `nosmurfs`: `<boolean>` ::
41 `protection_synflood`: `<boolean>` ('default =' `0`)::
43 Enable synflood protection
45 `protection_synflood_burst`: `<integer>` ('default =' `1000`)::
47 Synflood protection rate burst by ip src.
49 `protection_synflood_rate`: `<integer>` ('default =' `200`)::
51 Synflood protection rate syn/sec by ip src.
53 `smurf_log_level`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` ::
55 Log level for SMURFS filter.
57 `tcp_flags_log_level`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` ::
59 Log level for illegal tcp flags filter.
61 `tcpflags`: `<boolean>` ('default =' `0`)::
63 Filter illegal combinations of TCP flags.