[pve-docs.git] / pve-firewall-host-opts.adoc

`enable`: `<boolean>` ::

Enable host firewall rules.

`log_level_in`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` ::

Log level for incoming traffic.

`log_level_out`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` ::

Log level for outgoing traffic.

`log_nf_conntrack`: `<boolean>` ('default =' `0`)::

Enable logging of conntrack information.

`ndp`: `<boolean>` ('default =' `0`)::

Enable NDP (Neighbor Discovery Protocol).

`nf_conntrack_allow_invalid`: `<boolean>` ('default =' `0`)::

Allow invalid packets on connection tracking.

`nf_conntrack_max`: `<integer> (32768 - N)` ('default =' `262144`)::

Maximum number of tracked connections.

`nf_conntrack_tcp_timeout_established`: `<integer> (7875 - N)` ('default =' `432000`)::

Conntrack established timeout.

`nf_conntrack_tcp_timeout_syn_recv`: `<integer> (30 - 60)` ('default =' `60`)::

Conntrack syn recv timeout.

`nosmurfs`: `<boolean>` ::

Enable SMURFS filter.

`protection_synflood`: `<boolean>` ('default =' `0`)::

Enable synflood protection

`protection_synflood_burst`: `<integer>` ('default =' `1000`)::

Synflood protection rate burst by ip src.

`protection_synflood_rate`: `<integer>` ('default =' `200`)::

Synflood protection rate syn/sec by ip src.

`smurf_log_level`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` ::

Log level for SMURFS filter.

`tcp_flags_log_level`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` ::

Log level for illegal tcp flags filter.

`tcpflags`: `<boolean>` ('default =' `0`)::

Filter illegal combinations of TCP flags.
Commit	Line	Data
	1	`enable`: `<boolean>` ::
	2
	3	Enable host firewall rules.
	4
	5	`log_level_in`: `<alert \| crit \| debug \| emerg \| err \| info \| nolog \| notice \| warning>` ::
	6
	7	Log level for incoming traffic.
	8
	9	`log_level_out`: `<alert \| crit \| debug \| emerg \| err \| info \| nolog \| notice \| warning>` ::
	10
	11	Log level for outgoing traffic.
	12
	13	`log_nf_conntrack`: `<boolean>` ('default =' `0`)::
	14
	15	Enable logging of conntrack information.
	16
	17	`ndp`: `<boolean>` ('default =' `0`)::
	18
	19	Enable NDP (Neighbor Discovery Protocol).
	20
	21	`nf_conntrack_allow_invalid`: `<boolean>` ('default =' `0`)::
	22
	23	Allow invalid packets on connection tracking.
	24
	25	`nf_conntrack_max`: `<integer> (32768 - N)` ('default =' `262144`)::
	26
	27	Maximum number of tracked connections.
	28
	29	`nf_conntrack_tcp_timeout_established`: `<integer> (7875 - N)` ('default =' `432000`)::
	30
	31	Conntrack established timeout.
	32
	33	`nf_conntrack_tcp_timeout_syn_recv`: `<integer> (30 - 60)` ('default =' `60`)::
	34
	35	Conntrack syn recv timeout.
	36
	37	`nosmurfs`: `<boolean>` ::
	38
	39	Enable SMURFS filter.
	40
	41	`protection_synflood`: `<boolean>` ('default =' `0`)::
	42
	43	Enable synflood protection
	44
	45	`protection_synflood_burst`: `<integer>` ('default =' `1000`)::
	46
	47	Synflood protection rate burst by ip src.
	48
	49	`protection_synflood_rate`: `<integer>` ('default =' `200`)::
	50
	51	Synflood protection rate syn/sec by ip src.
	52
	53	`smurf_log_level`: `<alert \| crit \| debug \| emerg \| err \| info \| nolog \| notice \| warning>` ::
	54
	55	Log level for SMURFS filter.
	56
	57	`tcp_flags_log_level`: `<alert \| crit \| debug \| emerg \| err \| info \| nolog \| notice \| warning>` ::
	58
	59	Log level for illegal tcp flags filter.
	60
	61	`tcpflags`: `<boolean>` ('default =' `0`)::
	62
	63	Filter illegal combinations of TCP flags.
	64