split compile to compile_iptables_filter

[pve-firewall.git] / debian / example / host.fw

diff --git a/debian/example/host.fw b/debian/example/host.fw
index a8ae5682cbdade55714ccd360f3821447655170e..4e51c833a04bc07bd100193f1007ed2a5a48b50c 100644 (file)
--- a/debian/example/host.fw
+++ b/debian/example/host.fw
@@ -14,21 +14,13 @@ nf_conntrack_max: 196608
 # reduce conntrack established timeout (default is 432000 - 5days)
 nf_conntrack_tcp_timeout_established: 7875
 
-# Enable firewall when bridges contains IP address.
-# The firewall is not fully functional in that case, so
-# you need to enable that explicitly
-allow_bridge_route: 1
-
 # disable SMURFS filter
 nosmurfs: 0
 
 # filter illegal combinations of TCP flags
 tcpflags: 1
 
-# rules processing speed optimizations 
-optimize : 1
-
 [RULES]
 
-IN  SSH(ACCEPT) net0
-OUT SSH(ACCEPT) net0
+IN  SSH(ACCEPT)
+OUT SSH(ACCEPT)