# /etc/pve/local/host.fw [OPTIONS] enable: 0 tcp_flags_log_level: info smurf_log_level: nolog log_level_in: info log_level_out: info # allow more connections (default is 65536) nf_conntrack_max: 196608 # reduce conntrack established timeout (default is 432000 - 5days) nf_conntrack_tcp_timeout_established: 7875 # Enable firewall when bridges contains IP address. # The firewall is not fully functional in that case, so # you need to enable that explicitly allow_bridge_route: 1 # disable SMURFS filter nosmurfs: 0 # filter illegal combinations of TCP flags tcpflags: 1 # rules processing speed optimizations optimize : 1 [RULES] IN SSH(ACCEPT) net0 OUT SSH(ACCEPT) net0