X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=blobdiff_plain;f=debian%2Fexample%2Fhost.fw;fp=debian%2Fexample%2Fhost.fw;h=a8ae5682cbdade55714ccd360f3821447655170e;hp=0000000000000000000000000000000000000000;hb=bce209cf6ad43f656a90c395ae07659625781026;hpb=36166ca9df2a5d21f11cdbc3ce752ddbd2298d04

diff --git a/debian/example/host.fw b/debian/example/host.fw
new file mode 100644
index 0000000..a8ae568
--- /dev/null
+++ b/debian/example/host.fw
@@ -0,0 +1,34 @@
+# /etc/pve/local/host.fw
+
+[OPTIONS]
+
+enable: 0
+tcp_flags_log_level: info
+smurf_log_level: nolog
+log_level_in: info
+log_level_out: info
+
+# allow more connections (default is 65536)
+nf_conntrack_max: 196608
+
+# reduce conntrack established timeout (default is 432000 - 5days)
+nf_conntrack_tcp_timeout_established: 7875
+
+# Enable firewall when bridges contains IP address.
+# The firewall is not fully functional in that case, so
+# you need to enable that explicitly
+allow_bridge_route: 1
+
+# disable SMURFS filter
+nosmurfs: 0
+
+# filter illegal combinations of TCP flags
+tcpflags: 1
+
+# rules processing speed optimizations 
+optimize : 1
+
+[RULES]
+
+IN  SSH(ACCEPT) net0
+OUT SSH(ACCEPT) net0