X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=blobdiff_plain;f=example%2Fhost.fw;h=4d861078d8c6f8b2f6ddb69a668d7cae08a5226b;hp=5ecca3d330e3b4afde91ea8753e5b0b4b3107a1c;hb=e74a87f5ce727e5e3e87869d6bd5f578eaef6a29;hpb=1ec3e3d0ee5278c192a12dbaf0f95cbe1668093d

diff --git a/example/host.fw b/example/host.fw
index 5ecca3d..4d86107 100644
--- a/example/host.fw
+++ b/example/host.fw
@@ -7,8 +7,27 @@ tcp_flags_log_level: info
 smurf_log_level: nolog
 log_level_in: info
 log_level_out: info
+
+# default policy
+policy_in: DROP
+policy_out: ACCEPT
+
+# allow more connections (default is 65536)
 nf_conntrack_max: 196608
 
+# Enable firewall when bridges contains IP address.
+# The firewall is not fully functional in that case, so
+# you need to enable that explicitly
+allow_bridge_route: 1
+
+# disable SMURFS filter
+nosmurfs: 0
+
+# filter illegal combinations of TCP flags
+tcpflags: 1
+
+# rules processing speed optimizations 
+optimize : 1
 
 [RULES]