X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=pve-firewall-host-opts.adoc;h=2c1226330555c15cf135ec105a625f4be2d97b5a;hb=bdf0aff2f5812118802e586f2cc7aed831769353;hp=ff955a11d6cdce528274a70f252f3589d9b2bf88;hpb=888c41167a2764f696b3e6616a9b3402b634dd0f;p=pve-docs.git

diff --git a/pve-firewall-host-opts.adoc b/pve-firewall-host-opts.adoc
index ff955a1..2c12263 100644
--- a/pve-firewall-host-opts.adoc
+++ b/pve-firewall-host-opts.adoc
@@ -1,40 +1,64 @@
-`enable`: `boolean` ::
+`enable`: `<boolean>` ::
 
 Enable host firewall rules.
 
-`log_level_in`: `(alert | crit | debug | emerg | err | info | nolog | notice | warning)` ::
+`log_level_in`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` ::
 
 Log level for incoming traffic.
 
-`log_level_out`: `(alert | crit | debug | emerg | err | info | nolog | notice | warning)` ::
+`log_level_out`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` ::
 
 Log level for outgoing traffic.
 
-`ndp`: `boolean` ::
+`log_nf_conntrack`: `<boolean>` ('default =' `0`)::
 
-Enable NDP.
+Enable logging of conntrack information.
 
-`nf_conntrack_max`: `integer (32768 - N)` ::
+`ndp`: `<boolean>` ('default =' `0`)::
+
+Enable NDP (Neighbor Discovery Protocol).
+
+`nf_conntrack_allow_invalid`: `<boolean>` ('default =' `0`)::
+
+Allow invalid packets on connection tracking.
+
+`nf_conntrack_max`: `<integer> (32768 - N)` ('default =' `262144`)::
 
 Maximum number of tracked connections.
 
-`nf_conntrack_tcp_timeout_established`: `integer (7875 - N)` ::
+`nf_conntrack_tcp_timeout_established`: `<integer> (7875 - N)` ('default =' `432000`)::
 
 Conntrack established timeout.
 
-`nosmurfs`: `boolean` ::
+`nf_conntrack_tcp_timeout_syn_recv`: `<integer> (30 - 60)` ('default =' `60`)::
+
+Conntrack syn recv timeout.
+
+`nosmurfs`: `<boolean>` ::
 
 Enable SMURFS filter.
 
-`smurf_log_level`: `(alert | crit | debug | emerg | err | info | nolog | notice | warning)` ::
+`protection_synflood`: `<boolean>` ('default =' `0`)::
+
+Enable synflood protection
+
+`protection_synflood_burst`: `<integer>` ('default =' `1000`)::
+
+Synflood protection rate burst by ip src.
+
+`protection_synflood_rate`: `<integer>` ('default =' `200`)::
+
+Synflood protection rate syn/sec by ip src.
+
+`smurf_log_level`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` ::
 
 Log level for SMURFS filter.
 
-`tcp_flags_log_level`: `(alert | crit | debug | emerg | err | info | nolog | notice | warning)` ::
+`tcp_flags_log_level`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` ::
 
 Log level for illegal tcp flags filter.
 
-`tcpflags`: `boolean` ::
+`tcpflags`: `<boolean>` ('default =' `0`)::
 
 Filter illegal combinations of TCP flags.
 
