mshillam
/
OPNSense-ramanet-router-core-backup
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: mshillam:39eabe7b020c4996816b05a916f222ffe96c9ec6
Branches Tags
mshillam:master
..
compare: mshillam:ea062a770c480a075e344325b7820a69207f8305
Branches Tags
mshillam:master

No commits in common. "39eabe7b020c4996816b05a916f222ffe96c9ec6" and "ea062a770c480a075e344325b7820a69207f8305" have entirely different histories.
39eabe7b02 ... ea062a770c

1 changed files with 47 additions and 344 deletions
Show Stats Expand all files Collapse all files

391
config.xml
View File

@ -246,11 +246,12 @@
<ssl-certref>6626b18379cdc</ssl-certref>
<port/>
<ssl-ciphers/>
<interfaces>lan,opt1</interfaces>
<interfaces>lan</interfaces>
<compression/>
<ssl-hsts>1</ssl-hsts>
<authmode>Local Database</authmode>
</webgui>
<disablenatreflection>yes</disablenatreflection>
<usevirtualterminal>1</usevirtualterminal>
<disableconsolemenu>1</disableconsolemenu>
<disablevlanhwfilter>1</disablevlanhwfilter>
@ -288,9 +289,10 @@
<reboot/>
</firmware>
<language>en_US</language>
<dnsserver/>
<dns1gw>none</dns1gw>
<dns2gw>none</dns2gw>
<dnsserver>8.8.8.8</dnsserver>
<dnsserver>8.8.4.4</dnsserver>
<dns1gw>WAN_GW</dns1gw>
<dns2gw>WAN_GW</dns2gw>
<dns3gw>none</dns3gw>
<dns4gw>none</dns4gw>
<dns5gw>none</dns5gw>
@ -317,7 +319,6 @@
<aliasesresolveinterval/>
<maximumtableentries/>
<pfdebug>urgent</pfdebug>
<disablenatreflection>yes</disablenatreflection>
</system>
<interfaces>
<wan>
@ -352,7 +353,7 @@
<enable>1</enable>
<lock>1</lock>
<spoofmac/>
<ipaddr>10.10.10.1</ipaddr>
<ipaddr>192.168.1.1</ipaddr>
<subnet>24</subnet>
</lan>
<lo0>
@ -379,36 +380,17 @@
</interfaces>
<dhcpd>
<lan>
<enable>1</enable>
<ddnsdomainalgorithm>hmac-md5</ddnsdomainalgorithm>
<numberoptions>
<item/>
</numberoptions>
<range>
<from>10.10.10.201</from>
<to>10.10.10.250</to>
<from>192.168.1.10</from>
<to>192.168.1.245</to>
</range>
<winsserver/>
<dnsserver/>
<ntpserver/>
<staticmap>
<mac>88:66:5a:15:8a:9a</mac>
<ipaddr>10.10.10.20</ipaddr>
<hostname>mats-macbook-wifi</hostname>
<descr>Mats MacBook Pro Wifi.</descr>
<winsserver/>
<dnsserver/>
<ntpserver/>
</staticmap>
<staticmap>
<mac>00:e0:4c:63:23:d8</mac>
<ipaddr>10.10.10.21</ipaddr>
<hostname>mats-macbook-eth</hostname>
<descr>Mats MacBook Pro Eth.</descr>
<winsserver/>
<dnsserver/>
<ntpserver/>
</staticmap>
</lan>
<opt1>
<enable>1</enable>
@ -433,16 +415,6 @@
<ntpserver/>
</staticmap>
</opt1>
<wan>
<staticmap>
<mac>88:66:5a:15:8a:9a</mac>
<hostname>mats-macbook-wifi</hostname>
<descr>Mats MacBook Pro Wifi.</descr>
<winsserver/>
<dnsserver/>
<ntpserver/>
</staticmap>
</wan>
</dhcpd>
<snmpd>
<syslocation/>
@ -467,77 +439,23 @@
<poolopts/>
<poolopts_sourcehashkey/>
<ipprotocol>inet</ipprotocol>
<target/>
<targetip_subnet>0</targetip_subnet>
<sourceport/>
<updated>
<username>mshillam@192.168.1.10</username>
<time>1713866135.8783</time>
<description>/firewall_nat_out_edit.php made changes</description>
</updated>
<created>
<username>mshillam@192.168.1.10</username>
<time>1713866135.8783</time>
<description>/firewall_nat_out_edit.php made changes</description>
</created>
<target/>
<targetip_subnet>0</targetip_subnet>
<sourceport/>
<log>1</log>
<updated>
<username>mshillam@10.10.10.20</username>
<time>1713984851.1045</time>
<description>/firewall_nat_out_edit.php made changes</description>
</updated>
</rule>
</outbound>
<rule>
<protocol>tcp</protocol>
<interface>wan</interface>
<category/>
<ipprotocol>inet</ipprotocol>
<descr>Forward all external web traffic to docker-landlab npm</descr>
<tag/>
<tagged/>
<poolopts/>
<associated-rule-id>nat_66294aceae18a9.36912048</associated-rule-id>
<log>1</log>
<target>docker_landlab</target>
<local-port>_web_ports</local-port>
<source>
<any>1</any>
</source>
<destination>
<network>wanip</network>
<port>_web_ports</port>
</destination>
<updated>
<username>mshillam@10.10.10.20</username>
<time>1713988301.7819</time>
<description>/firewall_nat_edit.php made changes</description>
</updated>
<created>
<username>mshillam@10.10.10.20</username>
<time>1713982158.7133</time>
<description>/firewall_nat_edit.php made changes</description>
</created>
</rule>
</nat>
<filter>
<rule uuid="e035ffc3-9d74-4939-a91c-b3610dcd8507">
<associated-rule-id>nat_66294aceae18a9.36912048</associated-rule-id>
<source>
<any>1</any>
</source>
<interface>wan</interface>
<statetype>keep state</statetype>
<protocol>tcp</protocol>
<ipprotocol>inet</ipprotocol>
<destination>
<address>docker_landlab</address>
<port>_web_ports</port>
</destination>
<descr>Forward all external web traffic to docker-landlab npm</descr>
<category/>
<created>
<username>mshillam@10.10.10.20</username>
<time>1713982158.7131</time>
<description>/firewall_nat_edit.php made changes</description>
</created>
<log>1</log>
</rule>
<rule uuid="d95bec34-aceb-43d7-8a9d-65edc759f106">
<type>pass</type>
<ipprotocol>inet</ipprotocol>
@ -562,6 +480,32 @@
<any/>
</destination>
</rule>
<rule uuid="8e3560e6-a404-4871-8d95-bd3109598b54">
<type>pass</type>
<interface>opt1</interface>
<ipprotocol>inet46</ipprotocol>
<statetype>keep state</statetype>
<descr>Allow access from LINK to any</descr>
<direction>in</direction>
<log>1</log>
<quick>1</quick>
<source>
<network>opt1</network>
</source>
<destination>
<any>1</any>
</destination>
<updated>
<username>mshillam@192.168.1.10</username>
<time>1713878326.7675</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>mshillam@192.168.1.10</username>
<time>1713867523.4808</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="1c2b2f1c-ed74-40ea-87ed-2841dcd41504">
<type>pass</type>
<interface>opt1</interface>
@ -590,33 +534,6 @@
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="a2247d3e-5333-40be-991f-4e97bb039f10">
<type>pass</type>
<interface>opt1</interface>
<ipprotocol>inet46</ipprotocol>
<statetype>keep state</statetype>
<descr>Allow access from LandLab router LAN to the Internet and block access to everything else</descr>
<direction>in</direction>
<log>1</log>
<quick>1</quick>
<protocol>icmp</protocol>
<source>
<address>LANDLAB</address>
</source>
<destination>
<any>1</any>
</destination>
<updated>
<username>mshillam@10.10.10.20</username>
<time>1713995053.9418</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>mshillam@10.10.10.20</username>
<time>1713995053.9418</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="1533a82e-b6aa-4162-8b16-5e71b46c1a48">
<type>pass</type>
<interface>opt1</interface>
@ -642,86 +559,6 @@
<time>1713878682.7779</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
<log>1</log>
</rule>
<rule uuid="86b19155-11ce-421a-bc0c-aa868041a9c7">
<type>pass</type>
<interface>opt1</interface>
<ipprotocol>inet46</ipprotocol>
<statetype>keep state</statetype>
<descr>Allow admin devices access to LANDLAB router LAN</descr>
<direction>in</direction>
<quick>1</quick>
<protocol>tcp/udp</protocol>
<source>
<address>admin_devices</address>
</source>
<destination>
<address>LANDLAB</address>
</destination>
<updated>
<username>mshillam@10.10.10.20</username>
<time>1713979808.5062</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>mshillam@10.10.10.20</username>
<time>1713979762.8332</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
<disabled>1</disabled>
</rule>
<rule uuid="ee54ff6d-d74a-49d5-af1f-6ec2b7bb65b6">
<type>pass</type>
<interface>opt1</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<descr>Allow ICMP to LINK Gateway from LAN</descr>
<direction>in</direction>
<quick>1</quick>
<protocol>icmp</protocol>
<source>
<network>lan</network>
</source>
<destination>
<address>172.16.0.254/24</address>
</destination>
<updated>
<username>mshillam@192.168.1.201</username>
<time>1713957984.0619</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>mshillam@192.168.1.201</username>
<time>1713957839.6765</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="4236aec3-494f-4b2f-876f-86b5c16e6241">
<type>pass</type>
<interface>opt1</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<descr>Allow ALL to LINK Gateway from LINK Network * TEST *</descr>
<direction>in</direction>
<log>1</log>
<quick>1</quick>
<source>
<network>opt1</network>
</source>
<destination>
<any>1</any>
</destination>
<updated>
<username>mshillam@10.10.10.20</username>
<time>1713999176.6841</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>mshillam@10.10.10.20</username>
<time>1713998127.1974</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<bypassstaticroutes>yes</bypassstaticroutes>
</filter>
@ -781,9 +618,9 @@
<gatewaysinvert>1</gatewaysinvert>
</widgets>
<revision>
<username>mshillam@10.10.10.20</username>
<time>1713999176.9212</time>
<description>/firewall_rules_edit.php made changes</description>
<username>mshillam@192.168.1.3</username>
<description>/api/unbound/settings/setDot/c06973c4-b0cd-4412-81f0-48deb593317d made changes</description>
<time>1713914655.1715</time>
</revision>
<OPNsense>
<wireguard>
@ -834,7 +671,7 @@
</Lvtemplate>
<Alias version="1.0.1">
<geoip>
<url>https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country-CSV&amp;license_key=bUDDilXVKtjByVCi&amp;suffix=zip</url>
<url/>
</geoip>
<aliases>
<alias uuid="a902e126-8985-4dab-b2cd-76a5740884d0">
@ -863,140 +700,6 @@ __opt1_network</content>
<categories/>
<description>All Private Networks</description>
</alias>
<alias uuid="7baa7290-9eba-4834-ae44-3bbea51b8cc8">
<enabled>1</enabled>
<name>mats_macbook_wifi</name>
<type>host</type>
<proto/>
<interface/>
<counters>0</counters>
<updatefreq/>
<content>10.10.10.20
10.100.0.20</content>
<categories/>
<description>Mats MacBook Pro Wifi.</description>
</alias>
<alias uuid="5f5daa79-751f-44c2-b721-8d2790568fc1">
<enabled>1</enabled>
<name>mats_macbook_eth</name>
<type>host</type>
<proto/>
<interface/>
<counters>0</counters>
<updatefreq/>
<content>10.10.10.21
10.100.0.21</content>
<categories/>
<description>Mats MacBook Pro Eth.</description>
</alias>
<alias uuid="a5d17e1b-fc02-4710-b8fa-0d8d39c8ecc0">
<enabled>1</enabled>
<name>mats_devices</name>
<type>host</type>
<proto/>
<interface/>
<counters>0</counters>
<updatefreq/>
<content>mats_macbook_wifi
mats_macbook_eth</content>
<categories/>
<description>Mats Devices</description>
</alias>
<alias uuid="edbe89fd-4583-4fb8-beb9-76ec989b72e7">
<enabled>1</enabled>
<name>admin_devices</name>
<type>host</type>
<proto/>
<interface/>
<counters>0</counters>
<updatefreq/>
<content>mats_devices</content>
<categories/>
<description>Admin devices with escalated network access.</description>
</alias>
<alias uuid="293f7769-0ca7-44c0-add9-585726e27545">
<enabled>1</enabled>
<name>allowed_countries</name>
<type>geoip</type>
<proto/>
<interface/>
<counters>0</counters>
<updatefreq/>
<content>CA
US
AU
AD
AL
AT
AX
BA
BE
BG
CH
CZ
DE
DK
EE
ES
FI
FR
GB
GG
GI
GR
HR
HU
IE
IM
IT
JE
LU
LV
MC
MD
ME
MK
MT
NL
NO
PL
PT
RO
SE
SI
SK
SM
TR
UA
VA</content>
<categories/>
<description>Countries to allow access to External facing WAN</description>
</alias>
<alias uuid="c5340fa9-59af-4a30-b417-2b0c42b6bda9">
<enabled>1</enabled>
<name>docker_landlab</name>
<type>host</type>
<proto/>
<interface/>
<counters>0</counters>
<updatefreq/>
<content>10.100.0.10</content>
<categories/>
<description>Docker System on LandLab Network</description>
</alias>
<alias uuid="c5797301-451c-43c1-8abd-c81138990b90">
<enabled>1</enabled>
<name>_web_ports</name>
<type>port</type>
<proto/>
<interface/>
<counters>0</counters>
<updatefreq/>
<content>80
443</content>
<categories/>
<description>Web ports</description>
</alias>
</aliases>
</Alias>
<Category version="1.0.0">