X-Git-Url: https://git.proxmox.com/?p=pve-docs.git;a=blobdiff_plain;f=pve-firewall-host-opts.adoc;h=2c1226330555c15cf135ec105a625f4be2d97b5a;hp=f2d93e79a449e502471d19e2fbd2baff445b72d5;hb=66aecccb578bc5ab3e94532f3aebe63adac820c8;hpb=5f26e15b397f8a3e502c5aec60073b284f625c54

diff --git a/pve-firewall-host-opts.adoc b/pve-firewall-host-opts.adoc
index f2d93e7..2c12263 100644
--- a/pve-firewall-host-opts.adoc
+++ b/pve-firewall-host-opts.adoc
@@ -10,26 +10,46 @@ Log level for incoming traffic.
 
 Log level for outgoing traffic.
 
-`ndp`: `<boolean>` ::
+`log_nf_conntrack`: `<boolean>` ('default =' `0`)::
 
-Enable NDP.
+Enable logging of conntrack information.
+
+`ndp`: `<boolean>` ('default =' `0`)::
+
+Enable NDP (Neighbor Discovery Protocol).
 
 `nf_conntrack_allow_invalid`: `<boolean>` ('default =' `0`)::
 
 Allow invalid packets on connection tracking.
 
-`nf_conntrack_max`: `<integer> (32768 - N)` ::
+`nf_conntrack_max`: `<integer> (32768 - N)` ('default =' `262144`)::
 
 Maximum number of tracked connections.
 
-`nf_conntrack_tcp_timeout_established`: `<integer> (7875 - N)` ::
+`nf_conntrack_tcp_timeout_established`: `<integer> (7875 - N)` ('default =' `432000`)::
 
 Conntrack established timeout.
 
+`nf_conntrack_tcp_timeout_syn_recv`: `<integer> (30 - 60)` ('default =' `60`)::
+
+Conntrack syn recv timeout.
+
 `nosmurfs`: `<boolean>` ::
 
 Enable SMURFS filter.
 
+`protection_synflood`: `<boolean>` ('default =' `0`)::
+
+Enable synflood protection
+
+`protection_synflood_burst`: `<integer>` ('default =' `1000`)::
+
+Synflood protection rate burst by ip src.
+
+`protection_synflood_rate`: `<integer>` ('default =' `200`)::
+
+Synflood protection rate syn/sec by ip src.
+
 `smurf_log_level`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` ::
 
 Log level for SMURFS filter.
@@ -38,7 +58,7 @@ Log level for SMURFS filter.
 
 Log level for illegal tcp flags filter.
 
-`tcpflags`: `<boolean>` ::
+`tcpflags`: `<boolean>` ('default =' `0`)::
 
 Filter illegal combinations of TCP flags.