You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

65 lines
1.6KB

  1. `enable`: `<boolean>` ::
  2. Enable host firewall rules.
  3. `log_level_in`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` ::
  4. Log level for incoming traffic.
  5. `log_level_out`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` ::
  6. Log level for outgoing traffic.
  7. `log_nf_conntrack`: `<boolean>` ('default =' `0`)::
  8. Enable logging of conntrack information.
  9. `ndp`: `<boolean>` ('default =' `0`)::
  10. Enable NDP (Neighbor Discovery Protocol).
  11. `nf_conntrack_allow_invalid`: `<boolean>` ('default =' `0`)::
  12. Allow invalid packets on connection tracking.
  13. `nf_conntrack_max`: `<integer> (32768 - N)` ('default =' `262144`)::
  14. Maximum number of tracked connections.
  15. `nf_conntrack_tcp_timeout_established`: `<integer> (7875 - N)` ('default =' `432000`)::
  16. Conntrack established timeout.
  17. `nf_conntrack_tcp_timeout_syn_recv`: `<integer> (30 - 60)` ('default =' `60`)::
  18. Conntrack syn recv timeout.
  19. `nosmurfs`: `<boolean>` ::
  20. Enable SMURFS filter.
  21. `protection_synflood`: `<boolean>` ('default =' `0`)::
  22. Enable synflood protection
  23. `protection_synflood_burst`: `<integer>` ('default =' `1000`)::
  24. Synflood protection rate burst by ip src.
  25. `protection_synflood_rate`: `<integer>` ('default =' `200`)::
  26. Synflood protection rate syn/sec by ip src.
  27. `smurf_log_level`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` ::
  28. Log level for SMURFS filter.
  29. `tcp_flags_log_level`: `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` ::
  30. Log level for illegal tcp flags filter.
  31. `tcpflags`: `<boolean>` ('default =' `0`)::
  32. Filter illegal combinations of TCP flags.