projects / pve-docs.git / blame
| Commit | Line | Data |
|---|---|---|
| 013dc89f | 1 | `enable`: `<boolean>` :: |
| 888c4116 DM |
2 | |
| 3 | Enable host firewall rules. | |
| 4 | ||
| 013dc89f | 5 | `log_level_in`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` :: |
| 888c4116 DM |
6 | |
| 7 | Log level for incoming traffic. | |
| 8 | ||
| 013dc89f | 9 | `log_level_out`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` :: |
| 888c4116 DM |
10 | |
| 11 | Log level for outgoing traffic. | |
| 12 | ||
| 95895385 TL |
13 | `log_nf_conntrack`: `<boolean>` ('default =' `0`):: |
| 14 | ||
| 15 | Enable logging of conntrack information. | |
| 16 | ||
| 5c1699e5 | 17 | `ndp`: `<boolean>` ('default =' `0`):: |
| 888c4116 | 18 | |
| 5c1699e5 | 19 | Enable NDP (Neighbor Discovery Protocol). |
| 888c4116 | 20 | |
| 5f26e15b TL |
21 | `nf_conntrack_allow_invalid`: `<boolean>` ('default =' `0`):: |
| 22 | ||
| 23 | Allow invalid packets on connection tracking. | |
| 24 | ||
| 9d2e98ed TL |
25 | `nf_conntrack_helpers`: `<string>` ('default =' ``):: |
| 26 | ||
| 27 | Enable conntrack helpers for specific protocols. Supported protocols: amanda, ftp, irc, netbios-ns, pptp, sane, sip, snmp, tftp | |
| 28 | ||
| 5c1699e5 | 29 | `nf_conntrack_max`: `<integer> (32768 - N)` ('default =' `262144`):: |
| 888c4116 DM |
30 | |
| 31 | Maximum number of tracked connections. | |
| 32 | ||
| 5c1699e5 | 33 | `nf_conntrack_tcp_timeout_established`: `<integer> (7875 - N)` ('default =' `432000`):: |
| 888c4116 DM |
34 | |
| 35 | Conntrack established timeout. | |
| 36 | ||
| 5c1699e5 TL |
37 | `nf_conntrack_tcp_timeout_syn_recv`: `<integer> (30 - 60)` ('default =' `60`):: |
| 38 | ||
| 39 | Conntrack syn recv timeout. | |
| 40 | ||
| 907e4bc3 TL |
41 | `nftables`: `<boolean>` ('default =' `0`):: |
| 42 | ||
| 43 | Enable nftables based firewall (tech preview) | |
| 44 | ||
| 013dc89f | 45 | `nosmurfs`: `<boolean>` :: |
| 888c4116 DM |
46 | |
| 47 | Enable SMURFS filter. | |
| 48 | ||
| 5c1699e5 TL |
49 | `protection_synflood`: `<boolean>` ('default =' `0`):: |
| 50 | ||
| 51 | Enable synflood protection | |
| 52 | ||
| 53 | `protection_synflood_burst`: `<integer>` ('default =' `1000`):: | |
| 54 | ||
| 55 | Synflood protection rate burst by ip src. | |
| 56 | ||
| 57 | `protection_synflood_rate`: `<integer>` ('default =' `200`):: | |
| 58 | ||
| 59 | Synflood protection rate syn/sec by ip src. | |
| 60 | ||
| 013dc89f | 61 | `smurf_log_level`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` :: |
| 888c4116 DM |
62 | |
| 63 | Log level for SMURFS filter. | |
| 64 | ||
| 013dc89f | 65 | `tcp_flags_log_level`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` :: |
| 888c4116 DM |
66 | |
| 67 | Log level for illegal tcp flags filter. | |
| 68 | ||
| 5c1699e5 | 69 | `tcpflags`: `<boolean>` ('default =' `0`):: |
| 888c4116 DM |
70 | |
| 71 | Filter illegal combinations of TCP flags. | |
| 72 |