security group API: protect against concurrent updates

[pve-firewall.git] / example / host.fw

diff --git a/example/host.fw b/example/host.fw
index 32311b4b55be163893291dbbed71b6f4088978ae..4d861078d8c6f8b2f6ddb69a668d7cae08a5226b 100644 (file)
--- a/example/host.fw
+++ b/example/host.fw
@@ -12,8 +12,22 @@ log_level_out: info
 policy_in: DROP
 policy_out: ACCEPT
 
+# allow more connections (default is 65536)
 nf_conntrack_max: 196608
 
+# Enable firewall when bridges contains IP address.
+# The firewall is not fully functional in that case, so
+# you need to enable that explicitly
+allow_bridge_route: 1
+
+# disable SMURFS filter
+nosmurfs: 0
+
+# filter illegal combinations of TCP flags
+tcpflags: 1
+
+# rules processing speed optimizations 
+optimize : 1
 
 [RULES]