| services.firewalld.settings.CleanupOnExit | Whether to clean up firewall rules when firewalld stops.
|
| services.firewalld.settings.CleanupModulesOnExit | Whether to unload all firewall-related kernel modules when firewalld stops.
|
| services.firewalld.settings.FirewallBackend | The firewall backend implementation
|
| services.firewalld.settings.IndividualCalls | Whether to use individual -restore calls to apply changes to the firewall
|
| services.firewalld.settings.RFC3964_IPv4 | Whether to filter IPv6 traffic with 6to4 destination addresses that correspond to IPv4 addresses that should not be routed over the public internet.
|
| services.firewalld.settings.DefaultZone | Default zone for connections.
|
| services.firewalld.settings.ReloadPolicy | The policy during reload.
|
| services.firewalld.settings.FlushAllOnReload | Whether to flush all runtime rules on a reload.
|
| services.firewalld.settings.LogDenied | Add logging rules right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones for the configured link-layer packet type.
|
| services.firewalld.settings.NftablesCounters | Whether to add a counter to every nftables rule.
|
| services.firewalld.settings.NftablesTableOwner | If enabled, the generated nftables rule set will be owned exclusively by firewalld
|
| services.firewalld.settings.StrictForwardPorts | If enabled, the generated destination NAT (DNAT) rules will NOT accept traffic that was DNAT'd by other entities, e.g. docker
|
| services.firewalld.settings.NftablesFlowtable | This may improve forwarded traffic throughput by enabling nftables flowtable
|
| services.firewalld.settings.IPv6_rpfilter | Performs reverse path filtering (RPF) on IPv6 packets as per RFC 3704
|