X-Git-Url: https://git.proxmox.com/?p=pve-docs.git;a=blobdiff_plain;f=pve-firewall-host-opts.adoc;h=2c1226330555c15cf135ec105a625f4be2d97b5a;hp=c486cd1156a716e9a0270777cca04f27f1931dc9;hb=12804f688fe4a0a4d6affb94174b0242259588f8;hpb=95895385d2d1a3e787270b91e5a59bcae654a1d3

diff --git a/pve-firewall-host-opts.adoc b/pve-firewall-host-opts.adoc
index c486cd1..2c12263 100644
--- a/pve-firewall-host-opts.adoc
+++ b/pve-firewall-host-opts.adoc
@@ -14,26 +14,42 @@ Log level for outgoing traffic.
 
 Enable logging of conntrack information.
 
-`ndp`: `<boolean>` ::
+`ndp`: `<boolean>` ('default =' `0`)::
 
-Enable NDP.
+Enable NDP (Neighbor Discovery Protocol).
 
 `nf_conntrack_allow_invalid`: `<boolean>` ('default =' `0`)::
 
 Allow invalid packets on connection tracking.
 
-`nf_conntrack_max`: `<integer> (32768 - N)` ::
+`nf_conntrack_max`: `<integer> (32768 - N)` ('default =' `262144`)::
 
 Maximum number of tracked connections.
 
-`nf_conntrack_tcp_timeout_established`: `<integer> (7875 - N)` ::
+`nf_conntrack_tcp_timeout_established`: `<integer> (7875 - N)` ('default =' `432000`)::
 
 Conntrack established timeout.
 
+`nf_conntrack_tcp_timeout_syn_recv`: `<integer> (30 - 60)` ('default =' `60`)::
+
+Conntrack syn recv timeout.
+
 `nosmurfs`: `<boolean>` ::
 
 Enable SMURFS filter.
 
+`protection_synflood`: `<boolean>` ('default =' `0`)::
+
+Enable synflood protection
+
+`protection_synflood_burst`: `<integer>` ('default =' `1000`)::
+
+Synflood protection rate burst by ip src.
+
+`protection_synflood_rate`: `<integer>` ('default =' `200`)::
+
+Synflood protection rate syn/sec by ip src.
+
 `smurf_log_level`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` ::
 
 Log level for SMURFS filter.
@@ -42,7 +58,7 @@ Log level for SMURFS filter.
 
 Log level for illegal tcp flags filter.
 
-`tcpflags`: `<boolean>` ::
+`tcpflags`: `<boolean>` ('default =' `0`)::
 
 Filter illegal combinations of TCP flags.