log_level_in: info
log_level_out: info
-# default policy
-policy_in: DROP
-policy_out: ACCEPT
-
# allow more connections (default is 65536)
nf_conntrack_max: 196608
+# reduce conntrack established timeout (default is 432000 - 5days)
+nf_conntrack_tcp_timeout_established: 7875
+
# Enable firewall when bridges contains IP address.
# The firewall is not fully functional in that case, so
# you need to enable that explicitly
allow_bridge_route: 1
+# disable SMURFS filter
+nosmurfs: 0
+
# filter illegal combinations of TCP flags
tcpflags: 1
+# rules processing speed optimizations
+optimize : 1
+
[RULES]
IN SSH(ACCEPT) net0
projects / pve-firewall.git / blobdiff