X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=blobdiff_plain;f=example%2Fhost.fw;h=a8ae5682cbdade55714ccd360f3821447655170e;hp=663d2d7f05b5d0506cfaa449a3036fd5b078b565;hb=63324b09bb05ab3e23e2c168534118e6017c7fe1;hpb=4ac863a6076f6d6d83efe940c4e52c75b450771b

diff --git a/example/host.fw b/example/host.fw
index 663d2d7..a8ae568 100644
--- a/example/host.fw
+++ b/example/host.fw
@@ -8,13 +8,12 @@ smurf_log_level: nolog
 log_level_in: info
 log_level_out: info
 
-# default policy
-policy_in: DROP
-policy_out: ACCEPT
-
 # allow more connections (default is 65536)
 nf_conntrack_max: 196608
 
+# reduce conntrack established timeout (default is 432000 - 5days)
+nf_conntrack_tcp_timeout_established: 7875
+
 # Enable firewall when bridges contains IP address.
 # The firewall is not fully functional in that case, so
 # you need to enable that explicitly
@@ -26,6 +25,9 @@ nosmurfs: 0
 # filter illegal combinations of TCP flags
 tcpflags: 1
 
+# rules processing speed optimizations 
+optimize : 1
+
 [RULES]
 
 IN  SSH(ACCEPT) net0