`enable`: `` :: Enable host firewall rules. `log_level_in`: `` :: Log level for incoming traffic. `log_level_out`: `` :: Log level for outgoing traffic. `log_nf_conntrack`: `` ('default =' `0`):: Enable logging of conntrack information. `ndp`: `` ('default =' `0`):: Enable NDP (Neighbor Discovery Protocol). `nf_conntrack_allow_invalid`: `` ('default =' `0`):: Allow invalid packets on connection tracking. `nf_conntrack_max`: ` (32768 - N)` ('default =' `262144`):: Maximum number of tracked connections. `nf_conntrack_tcp_timeout_established`: ` (7875 - N)` ('default =' `432000`):: Conntrack established timeout. `nf_conntrack_tcp_timeout_syn_recv`: ` (30 - 60)` ('default =' `60`):: Conntrack syn recv timeout. `nosmurfs`: `` :: Enable SMURFS filter. `protection_synflood`: `` ('default =' `0`):: Enable synflood protection `protection_synflood_burst`: `` ('default =' `1000`):: Synflood protection rate burst by ip src. `protection_synflood_rate`: `` ('default =' `200`):: Synflood protection rate syn/sec by ip src. `smurf_log_level`: `` :: Log level for SMURFS filter. `tcp_flags_log_level`: `` :: Log level for illegal tcp flags filter. `tcpflags`: `` ('default =' `0`):: Filter illegal combinations of TCP flags.