X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=blobdiff_plain;f=example%2Fhost.fw;h=4d861078d8c6f8b2f6ddb69a668d7cae08a5226b;hp=32311b4b55be163893291dbbed71b6f4088978ae;hb=2ba5e893e34ce03c60d60950308edecdd034173d;hpb=72f63fde6e68abfa9b1b4e35d63f4788086d2c1c

diff --git a/example/host.fw b/example/host.fw
index 32311b4..4d86107 100644
--- a/example/host.fw
+++ b/example/host.fw
@@ -12,8 +12,22 @@ log_level_out: info
 policy_in: DROP
 policy_out: ACCEPT
 
+# allow more connections (default is 65536)
 nf_conntrack_max: 196608
 
+# Enable firewall when bridges contains IP address.
+# The firewall is not fully functional in that case, so
+# you need to enable that explicitly
+allow_bridge_route: 1
+
+# disable SMURFS filter
+nosmurfs: 0
+
+# filter illegal combinations of TCP flags
+tcpflags: 1
+
+# rules processing speed optimizations 
+optimize : 1
 
 [RULES]