]>
Commit | Line | Data |
---|---|---|
1 | # /etc/pve/local/host.fw | |
2 | ||
3 | [OPTIONS] | |
4 | ||
5 | enable: 0 | |
6 | tcp_flags_log_level: info | |
7 | smurf_log_level: nolog | |
8 | log_level_in: info | |
9 | log_level_out: info | |
10 | ||
11 | # default policy | |
12 | policy_in: DROP | |
13 | policy_out: ACCEPT | |
14 | ||
15 | # allow more connections (default is 65536) | |
16 | nf_conntrack_max: 196608 | |
17 | ||
18 | # Enable firewall when bridges contains IP address. | |
19 | # The firewall is not fully functional in that case, so | |
20 | # you need to enable that explicitly | |
21 | allow_bridge_route: 1 | |
22 | ||
23 | # disable SMURFS filter | |
24 | nosmurfs: 0 | |
25 | ||
26 | # filter illegal combinations of TCP flags | |
27 | tcpflags: 1 | |
28 | ||
29 | # rules processing speed optimizations | |
30 | optimize : 1 | |
31 | ||
32 | [RULES] | |
33 | ||
34 | IN SSH(ACCEPT) net0 | |
35 | OUT SSH(ACCEPT) net0 |