implement allow_bridge_route feature

[pve-firewall.git] / example / host.fw

diff --git a/example/host.fw b/example/host.fw
index 57db272da5f9cc98c2ada97bb9ba0a54b0f3ce8b..79a59492b1aa1168086b20156493bb1bb7651d05 100644 (file)
--- a/example/host.fw
+++ b/example/host.fw
@@ -8,6 +8,17 @@ smurf_log_level: nolog
 log_level_in: info
 log_level_out: info
 
+# default policy
+policy_in: DROP
+policy_out: ACCEPT
+
+# allow more connections (default is 65536)
+nf_conntrack_max: 196608
+
+# Enable firewall when bridges contains IP address.
+# The firewall is not fully functional in that case, so
+# you need to enable that explicitly
+allow_bridge_route: 1
 
 [RULES]