X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=blobdiff_plain;f=example%2Fhost.fw;h=a8ae5682cbdade55714ccd360f3821447655170e;hp=4d861078d8c6f8b2f6ddb69a668d7cae08a5226b;hb=36166ca9df2a5d21f11cdbc3ce752ddbd2298d04;hpb=cc10e5d75c877c83451ff9a4168617deb3981f5f

diff --git a/example/host.fw b/example/host.fw
index 4d86107..a8ae568 100644
--- a/example/host.fw
+++ b/example/host.fw
@@ -8,13 +8,12 @@ smurf_log_level: nolog
 log_level_in: info
 log_level_out: info
 
-# default policy
-policy_in: DROP
-policy_out: ACCEPT
-
 # allow more connections (default is 65536)
 nf_conntrack_max: 196608
 
+# reduce conntrack established timeout (default is 432000 - 5days)
+nf_conntrack_tcp_timeout_established: 7875
+
 # Enable firewall when bridges contains IP address.
 # The firewall is not fully functional in that case, so
 # you need to enable that explicitly