add auto-generated host firewall options

[pve-docs.git] / pve-firewall-host-opts.adoc

diff --git a/pve-firewall-host-opts.adoc b/pve-firewall-host-opts.adoc
new file mode 100644 (file)
index 0000000..ff955a1
--- /dev/null
+++ b/pve-firewall-host-opts.adoc
@@ -0,0 +1,40 @@
+`enable`: `boolean` ::
+
+Enable host firewall rules.
+
+`log_level_in`: `(alert | crit | debug | emerg | err | info | nolog | notice | warning)` ::
+
+Log level for incoming traffic.
+
+`log_level_out`: `(alert | crit | debug | emerg | err | info | nolog | notice | warning)` ::
+
+Log level for outgoing traffic.
+
+`ndp`: `boolean` ::
+
+Enable NDP.
+
+`nf_conntrack_max`: `integer (32768 - N)` ::
+
+Maximum number of tracked connections.
+
+`nf_conntrack_tcp_timeout_established`: `integer (7875 - N)` ::
+
+Conntrack established timeout.
+
+`nosmurfs`: `boolean` ::
+
+Enable SMURFS filter.
+
+`smurf_log_level`: `(alert | crit | debug | emerg | err | info | nolog | notice | warning)` ::
+
+Log level for SMURFS filter.
+
+`tcp_flags_log_level`: `(alert | crit | debug | emerg | err | info | nolog | notice | warning)` ::
+
+Log level for illegal tcp flags filter.
+
+`tcpflags`: `boolean` ::
+
+Filter illegal combinations of TCP flags.
+