example/host.fw

   1 # /etc/pve/local/host.fw
   2
   3 [OPTIONS]
   4
   5 enable: 0
   6 tcp_flags_log_level: info
   7 smurf_log_level: nolog
   8 log_level_in: info
   9 log_level_out: info
  10
  11 # default policy
  12 policy_in: DROP
  13 policy_out: ACCEPT
  14
  15 # allow more connections (default is 65536)
  16 nf_conntrack_max: 196608
  17
  18 # Enable firewall when bridges contains IP address.
  19 # The firewall is not fully functional in that case, so
  20 # you need to enable that explicitly
  21 allow_bridge_route: 1
  22
  23 # filter illegal combinations of TCP flags
  24 tcpflags: 1
  25
  26 [RULES]
  27
  28 IN  SSH(ACCEPT) net0
  29 OUT SSH(ACCEPT) net0