List of IP subnets attached to this zone. Only supported by the Firewall v2, version 58 and above not supported by 12.09 default installation List of raw network device names attached to this zone, e.g. Limits the amount of log messages per interval. Protocol family ( ipv4, ipv6 or any) to generate iptables rules for.Ĭreate log rules for rejected and dropped traffic in this zone. Negation is possible by prefixing the subnet with ! multiple subnets are allowed.įorce connection tracking for this zone (see Note on connection tracking)Įnable MSS clamping for outgoing zone trafficĭefault policy ( ACCEPT, REJECT, DROP) for incoming zone trafficĭefault policy ( ACCEPT, REJECT, DROP) for forwarded zone trafficĭefault policy ( ACCEPT, REJECT, DROP) for outgoing zone traffic Limit masquerading to the given destination subnets. Negation is possible by prefixing the subnet with ! multiple subnets are allowed. Limit masquerading to the given source subnets. Specifies whether outgoing zone traffic should be masqueraded - this is typically enabled on the wan zone If omitted and neither extra* options, subnets or devices are given, the value of name is used by default. List of interfaces attached to this zone. Set burst limit for SYN packets above which the traffic is considered a flood if it exceeds the allowed rate. Set rate limit (packets/second) for SYN packets above which the traffic is considered a flood. not matching any active connection).Įnable SYN flood protection (obsoleted by synflood_protect setting). ![]() Set policy for the FORWARD chain of the filter table.ĭrop invalid packets (e.g. Set policy for the OUTPUT chain of the filter table. Set policy for the INPUT chain of the filter table.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |