[pve-firewall.git] / debian / example / host.fw

# /etc/pve/local/host.fw

[OPTIONS]

enable: 0
tcp_flags_log_level: info
smurf_log_level: nolog
log_level_in: info
log_level_out: info

# allow more connections (default is 65536)
nf_conntrack_max: 196608

# reduce conntrack established timeout (default is 432000 - 5days)
nf_conntrack_tcp_timeout_established: 7875

# disable SMURFS filter
nosmurfs: 0

# filter illegal combinations of TCP flags
tcpflags: 1

[RULES]

IN  SSH(ACCEPT) net0
OUT SSH(ACCEPT) net0
Commit	Line	Data
	1	# /etc/pve/local/host.fw
	2
	3	[OPTIONS]
	4
	5	enable: 0
	6	tcp_flags_log_level: info
	7	smurf_log_level: nolog
	8	log_level_in: info
	9	log_level_out: info
	10
	11	# allow more connections (default is 65536)
	12	nf_conntrack_max: 196608
	13
	14	# reduce conntrack established timeout (default is 432000 - 5days)
	15	nf_conntrack_tcp_timeout_established: 7875
	16
	17	# disable SMURFS filter
	18	nosmurfs: 0
	19
	20	# filter illegal combinations of TCP flags
	21	tcpflags: 1
	22
	23	[RULES]
	24
	25	IN SSH(ACCEPT) net0
	26	OUT SSH(ACCEPT) net0