man/firewall-settings.txt

   1 firewall-settings(8)
   2 ====================
   3
   4 NAME
   5 ----
   6 firewall-settings - Global firewall settings
   7
   8 SYNOPSIS
   9 --------
  10 [verse]
  11 'firewall settings'
  12 'firewall settings' KEY=VALUE ...
  13
  14 DESCRIPTION
  15 -----------
  16 This command is used to set global firewall settings.
  17 Please have a look at the individual man pages for more options.
  18
  19 COMMANDS
  20 --------
  21 If no argument is given, the configuration will be dumped to the console.
  22
  23 You may set a new value by adding the variable name and the new value to
  24 the command line.
  25
  26 SETTINGS
  27 --------
  28 === CONNTRACK_MAX_CONNECTIONS = 16384
  29 Limits the max. number of simultaneous connections.
  30
  31 Modify this if you want to handle a larger number of concurrent
  32 connections. Every connection will use approx. 16 kBytes of memory.
  33
  34 === CONNTRACK_UDP_TIMEOUT = 60
  35 Defines the timeout (in seconds) the kernel will wait until
  36 a half-assured UDP connection is fully established.
  37
  38 === FIREWALL_ACCEPT_ICMP_REDIRECTS = [true|false]
  39 Enable if you want to accept ICMP redirect messages.
  40
  41 === FIREWALL_CLAMP_PATH_MTU = [true|false]
  42 If Path MTU Discovery does not work well, enable this option.
  43
  44 It sets the MSS value of a packet so that the remote site would
  45 never send a packet bigger than the MSS value.
  46
  47 No ICMP packets are needed to make this work, so use this on
  48 networks with broken ICMP filtering.
  49
  50 === FIREWALL_DEFAULT_TTL = 64
  51 Here you can change the default TTL used for sending packets.
  52
  53 The given value must be between 10 and 255.
  54 Don't mess with this unless you know what you are doing.
  55
  56 === FIREWALL_LOG_BAD_TCP_FLAGS = [true|false]
  57 Enable this to log TCP packets with bad flags or options.
  58
  59 === FIREWALL_LOG_INVALID_ICMP = [true|false]
  60 Enable this to log INVALID ICMP packets.
  61
  62 === FIREWALL_LOG_INVALID_TCP = [true|false]
  63 Enable this to log INVALID TCP packets.
  64
  65 === FIREWALL_LOG_INVALID_UDP = [true|false]
  66 Enable this to log INVALID UDP packets.
  67
  68 === FIREWALL_LOG_MARTIANS = [true|false]
  69 Enable this to log packets with impossible addresses.
  70
  71 === FIREWALL_LOG_STEALTH_SCANS = [true|false]
  72 Enable this to log all stealth scans.
  73
  74 === FIREWALL_PMTU_DISCOVERY = [true|false]
  75 Enables Path MTU Discovery.
  76
  77 === FIREWALL_RP_FILTER = [true|false]
  78 Enable to drop connection from non-routable IPs,
  79 e.g. prevent source routing.
  80
  81 === FIREWALL_SYN_COOKIES = [true|false]
  82 Enable for SYN-flood protection.
  83
  84 === FIREWALL_USE_ECN = [true|false]
  85 Enables the ECN (Explicit Congestion Notification) TCP flag.
  86
  87 Some routers on the Internet still do not support ECN properly.
  88 When this setting is disabled, ECN is only advertised
  89 when asked for.
  90
  91 AUTHORS
  92 -------
  93 Michael Tremer
  94
  95 SEE ALSO
  96 --------
  97 link:firewall[8]