1 # /etc/pve/local/host.fw
6 tcp_flags_log_level: info
11 # allow more connections (default is 65536)
12 nf_conntrack_max: 196608
14 # reduce conntrack established timeout (default is 432000 - 5days)
15 nf_conntrack_tcp_timeout_established: 7875
17 # Enable firewall when bridges contains IP address.
18 # The firewall is not fully functional in that case, so
19 # you need to enable that explicitly
22 # disable SMURFS filter
25 # filter illegal combinations of TCP flags
28 # rules processing speed optimizations