mshillam
/
OPNSense-ramanet-router-core-backup
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
OPNSense-ramanet-router-cor.../config.xml

1483 lines
50 KiB
XML
Raw Permalink Blame History

<?xml version="1.0"?>
<opnsense>
<theme>cicada</theme>
<sysctl>
<item>
<descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
<tunable>vfs.read_max</tunable>
<value>default</value>
</item>
<item>
<descr>Set the ephemeral port range to be lower.</descr>
<tunable>net.inet.ip.portrange.first</tunable>
<value>default</value>
</item>
<item>
<descr>Drop packets to closed TCP ports without returning a RST</descr>
<tunable>net.inet.tcp.blackhole</tunable>
<value>default</value>
</item>
<item>
<descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
<tunable>net.inet.udp.blackhole</tunable>
<value>default</value>
</item>
<item>
<descr>Randomize the ID field in IP packets</descr>
<tunable>net.inet.ip.random_id</tunable>
<value>default</value>
</item>
<item>
<descr>
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.
</descr>
<tunable>net.inet.ip.sourceroute</tunable>
<value>default</value>
</item>
<item>
<descr>
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.
</descr>
<tunable>net.inet.ip.accept_sourceroute</tunable>
<value>default</value>
</item>
<item>
<descr>
This option turns off the logging of redirect packets because there is no limit and this could fill
up your logs consuming your whole hard drive.
</descr>
<tunable>net.inet.icmp.log_redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
<tunable>net.inet.tcp.drop_synfin</tunable>
<value>default</value>
</item>
<item>
<descr>Enable sending IPv6 redirects</descr>
<tunable>net.inet6.ip6.redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
<tunable>net.inet6.ip6.use_tempaddr</tunable>
<value>default</value>
</item>
<item>
<descr>Prefer privacy addresses and use them over the normal addresses</descr>
<tunable>net.inet6.ip6.prefer_tempaddr</tunable>
<value>default</value>
</item>
<item>
<descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
<tunable>net.inet.tcp.syncookies</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
<tunable>net.inet.tcp.recvspace</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
<tunable>net.inet.tcp.sendspace</tunable>
<value>default</value>
</item>
<item>
<descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
<tunable>net.inet.tcp.delayed_ack</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum outgoing UDP datagram size</descr>
<tunable>net.inet.udp.maxdgram</tunable>
<value>default</value>
</item>
<item>
<descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
<tunable>net.link.bridge.pfil_onlyip</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
<tunable>net.link.bridge.pfil_local_phys</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
<tunable>net.link.bridge.pfil_member</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 1 to enable filtering on the bridge interface</descr>
<tunable>net.link.bridge.pfil_bridge</tunable>
<value>default</value>
</item>
<item>
<descr>Allow unprivileged access to tap(4) device nodes</descr>
<tunable>net.link.tap.user_open</tunable>
<value>default</value>
</item>
<item>
<descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
<tunable>kern.randompid</tunable>
<value>default</value>
</item>
<item>
<descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
<tunable>hw.syscons.kbd_reboot</tunable>
<value>default</value>
</item>
<item>
<descr>Enable TCP extended debugging</descr>
<tunable>net.inet.tcp.log_debug</tunable>
<value>default</value>
</item>
<item>
<descr>Set ICMP Limits</descr>
<tunable>net.inet.icmp.icmplim</tunable>
<value>default</value>
</item>
<item>
<descr>TCP Offload Engine</descr>
<tunable>net.inet.tcp.tso</tunable>
<value>default</value>
</item>
<item>
<descr>UDP Checksums</descr>
<tunable>net.inet.udp.checksum</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum socket buffer size</descr>
<tunable>kern.ipc.maxsockbuf</tunable>
<value>default</value>
</item>
<item>
<descr>Page Table Isolation (Meltdown mitigation, requires reboot.)</descr>
<tunable>vm.pmap.pti</tunable>
<value>default</value>
</item>
<item>
<descr>Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)</descr>
<tunable>hw.ibrs_disable</tunable>
<value>default</value>
</item>
<item>
<descr>Hide processes running as other groups</descr>
<tunable>security.bsd.see_other_gids</tunable>
<value>default</value>
</item>
<item>
<descr>Hide processes running as other users</descr>
<tunable>security.bsd.see_other_uids</tunable>
<value>default</value>
</item>
<item>
<descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
and for the sender directly reachable, route and next hop is known.
</descr>
<tunable>net.inet.ip.redirect</tunable>
<value>default</value>
</item>
<item>
<descr>
Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects
to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect
packets without returning a response.
</descr>
<tunable>net.inet.icmp.drop_redirect</tunable>
<value>1</value>
</item>
<item>
<descr>Maximum outgoing UDP datagram size</descr>
<tunable>net.local.dgram.maxdgram</tunable>
<value>default</value>
</item>
</sysctl>
<system>
<optimization>normal</optimization>
<hostname>hellfire</hostname>
<domain>ramanet.al</domain>
<group>
<name>admins</name>
<description>System Administrators</description>
<scope>system</scope>
<gid>1999</gid>
<member>0</member>
<member>2000</member>
<priv>page-all</priv>
</group>
<user>
<name>root</name>
<descr>System Administrator</descr>
<scope>system</scope>
<groupname>admins</groupname>
<password>$2y$11$uEpk0P3slRkzHHlUMJOAFe05tpUeppr1Fbz9HnSr39QE14uSB9um6</password>
<uid>0</uid>
<expires/>
<authorizedkeys/>
<otp_seed/>
<disabled>1</disabled>
</user>
<user>
<password>$2y$11$k3VIrWrzhadZph33ruwc5uAzQrApkzoY5wfFWPAFUOXwKWh4cMybG</password>
<scope>user</scope>
<name>mshillam</name>
<descr>Matthew Shillam</descr>
<expires/>
<authorizedkeys>c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUFFNWFtWS9Fa3ZkVVM5c0Jrc2hEc3B6UExlY0FPc052S0xWU0Rod2h0QmMgbWF0dGhld0BzaGlsbGFtLm1lLnVr</authorizedkeys>
<otp_seed/>
<email>matthew@shillam.me.uk</email>
<uid>2000</uid>
<shell>/bin/sh</shell>
</user>
<nextuid>2001</nextuid>
<nextgid>2000</nextgid>
<timezone>Europe/Amsterdam</timezone>
<timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
<webgui>
<protocol>https</protocol>
<ssl-certref>6626b18379cdc</ssl-certref>
<port/>
<ssl-ciphers/>
<interfaces>lan,opt1</interfaces>
<compression/>
<ssl-hsts>1</ssl-hsts>
<authmode>Local Database</authmode>
</webgui>
<usevirtualterminal>1</usevirtualterminal>
<disableconsolemenu>1</disableconsolemenu>
<disablevlanhwfilter>1</disablevlanhwfilter>
<disablechecksumoffloading>1</disablechecksumoffloading>
<disablesegmentationoffloading>1</disablesegmentationoffloading>
<disablelargereceiveoffloading>1</disablelargereceiveoffloading>
<powerd_ac_mode>hadp</powerd_ac_mode>
<powerd_battery_mode>hadp</powerd_battery_mode>
<powerd_normal_mode>hadp</powerd_normal_mode>
<bogons>
<interval>monthly</interval>
</bogons>
<pf_share_forward>1</pf_share_forward>
<lb_use_sticky>1</lb_use_sticky>
<ssh>
<group>admins</group>
<noauto>1</noauto>
<interfaces>lan</interfaces>
<kex/>
<ciphers/>
<macs/>
<keys/>
<keysig/>
<enabled>enabled</enabled>
<permitrootlogin>1</permitrootlogin>
</ssh>
<rrdbackup>-1</rrdbackup>
<netflowbackup>-1</netflowbackup>
<firmware version="1.0.1">
<mirror/>
<flavour/>
<plugins>os-git-backup,os-qemu-guest-agent,os-theme-cicada,os-theme-rebellion</plugins>
<type/>
<subscription/>
<reboot/>
</firmware>
<language>en_US</language>
<dnsserver/>
<dns1gw>none</dns1gw>
<dns2gw>none</dns2gw>
<dns3gw>none</dns3gw>
<dns4gw>none</dns4gw>
<dns5gw>none</dns5gw>
<dns6gw>none</dns6gw>
<dns7gw>none</dns7gw>
<dns8gw>none</dns8gw>
<prefer_ipv4>1</prefer_ipv4>
<backup>
<git version="1.0.0">
<enabled>1</enabled>
<url>https://gitea.shillam.me.uk/mshillam/OPNSense-ramanet-router-core-backup.git</url>
<branch>master</branch>
<privkey/>
<user>mshillam</user>
<password>TWi7mE9rrxzXam</password>
</git>
</backup>
<backupcount>5</backupcount>
<serialspeed>115200</serialspeed>
<primaryconsole>video</primaryconsole>
<sudo_allow_wheel>1</sudo_allow_wheel>
<maximumstates/>
<maximumfrags/>
<aliasesresolveinterval/>
<maximumtableentries/>
<pfdebug>urgent</pfdebug>
<disablenatreflection>yes</disablenatreflection>
</system>
<interfaces>
<wan>
<if>vtnet0</if>
<descr>WAN</descr>
<enable>1</enable>
<lock>1</lock>
<spoofmac/>
<ipaddr>dhcp</ipaddr>
<dhcphostname/>
<alias-address/>
<alias-subnet>32</alias-subnet>
<dhcprejectfrom/>
<adv_dhcp_pt_timeout/>
<adv_dhcp_pt_retry/>
<adv_dhcp_pt_select_timeout/>
<adv_dhcp_pt_reboot/>
<adv_dhcp_pt_backoff_cutoff/>
<adv_dhcp_pt_initial_interval/>
<adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
<adv_dhcp_send_options/>
<adv_dhcp_request_options/>
<adv_dhcp_required_options/>
<adv_dhcp_option_modifiers/>
<adv_dhcp_config_advanced/>
<adv_dhcp_config_file_override/>
<adv_dhcp_config_file_override_path/>
</wan>
<lan>
<if>vtnet1</if>
<descr>LAN</descr>
<enable>1</enable>
<lock>1</lock>
<spoofmac/>
<ipaddr>10.10.10.1</ipaddr>
<subnet>24</subnet>
</lan>
<lo0>
<internal_dynamic>1</internal_dynamic>
<descr>Loopback</descr>
<enable>1</enable>
<if>lo0</if>
<ipaddr>127.0.0.1</ipaddr>
<ipaddrv6>::1</ipaddrv6>
<subnet>8</subnet>
<subnetv6>128</subnetv6>
<type>none</type>
<virtual>1</virtual>
</lo0>
<opt1>
<if>vtnet2</if>
<descr>LINK</descr>
<enable>1</enable>
<lock>1</lock>
<spoofmac/>
<ipaddr>172.16.0.1</ipaddr>
<subnet>24</subnet>
</opt1>
</interfaces>
<dhcpd>
<lan>
<enable>1</enable>
<ddnsdomainalgorithm>hmac-md5</ddnsdomainalgorithm>
<numberoptions>
<item/>
</numberoptions>
<range>
<from>10.10.10.201</from>
<to>10.10.10.250</to>
</range>
<winsserver/>
<dnsserver/>
<ntpserver/>
<staticmap>
<mac>88:66:5a:15:8a:9a</mac>
<ipaddr>10.10.10.20</ipaddr>
<hostname>mats-macbook-wifi</hostname>
<descr>Mats MacBook Pro Wifi.</descr>
<winsserver/>
<dnsserver/>
<ntpserver/>
</staticmap>
<staticmap>
<mac>00:e0:4c:63:23:d8</mac>
<ipaddr>10.10.10.21</ipaddr>
<hostname>mats-macbook-eth</hostname>
<descr>Mats MacBook Pro Eth.</descr>
<winsserver/>
<dnsserver/>
<ntpserver/>
</staticmap>
</lan>
<opt1>
<enable>1</enable>
<gateway>172.16.0.1</gateway>
<ddnsdomainalgorithm>hmac-md5</ddnsdomainalgorithm>
<numberoptions>
<item/>
</numberoptions>
<range>
<from>172.16.0.200</from>
<to>172.16.0.250</to>
</range>
<winsserver/>
<dnsserver/>
<ntpserver/>
<staticmap>
<mac>bc:24:11:e2:1d:29</mac>
<ipaddr>172.16.0.254</ipaddr>
<hostname>router-edge</hostname>
<winsserver/>
<dnsserver/>
<ntpserver/>
</staticmap>
</opt1>
<wan>
<staticmap>
<mac>88:66:5a:15:8a:9a</mac>
<hostname>mats-macbook-wifi</hostname>
<descr>Mats MacBook Pro Wifi.</descr>
<winsserver/>
<dnsserver/>
<ntpserver/>
</staticmap>
</wan>
</dhcpd>
<snmpd>
<syslocation/>
<syscontact/>
<rocommunity>public</rocommunity>
</snmpd>
<nat>
<outbound>
<mode>hybrid</mode>
<rule>
<source>
<network>LANDLAB</network>
</source>
<destination>
<any>1</any>
</destination>
<descr/>
<category/>
<interface>wan</interface>
<tag/>
<tagged/>
<poolopts/>
<poolopts_sourcehashkey/>
<ipprotocol>inet</ipprotocol>
<created>
<username>mshillam@192.168.1.10</username>
<time>1713866135.8783</time>
<description>/firewall_nat_out_edit.php made changes</description>
</created>
<target/>
<targetip_subnet>0</targetip_subnet>
<sourceport/>
<log>1</log>
<updated>
<username>mshillam@10.10.10.20</username>
<time>1713984851.1045</time>
<description>/firewall_nat_out_edit.php made changes</description>
</updated>
</rule>
</outbound>
<rule>
<protocol>tcp</protocol>
<interface>wan</interface>
<category/>
<ipprotocol>inet</ipprotocol>
<descr>Forward all external web traffic to docker-landlab npm</descr>
<tag/>
<tagged/>
<poolopts/>
<associated-rule-id>nat_66294aceae18a9.36912048</associated-rule-id>
<log>1</log>
<target>docker_landlab</target>
<local-port>_web_ports</local-port>
<source>
<any>1</any>
</source>
<destination>
<network>wanip</network>
<port>_web_ports</port>
</destination>
<updated>
<username>mshillam@10.10.10.20</username>
<time>1713988301.7819</time>
<description>/firewall_nat_edit.php made changes</description>
</updated>
<created>
<username>mshillam@10.10.10.20</username>
<time>1713982158.7133</time>
<description>/firewall_nat_edit.php made changes</description>
</created>
</rule>
</nat>
<filter>
<rule uuid="e035ffc3-9d74-4939-a91c-b3610dcd8507">
<associated-rule-id>nat_66294aceae18a9.36912048</associated-rule-id>
<source>
<any>1</any>
</source>
<interface>wan</interface>
<statetype>keep state</statetype>
<protocol>tcp</protocol>
<ipprotocol>inet</ipprotocol>
<destination>
<address>docker_landlab</address>
<port>_web_ports</port>
</destination>
<descr>Forward all external web traffic to docker-landlab npm</descr>
<category/>
<created>
<username>mshillam@10.10.10.20</username>
<time>1713982158.7131</time>
<description>/firewall_nat_edit.php made changes</description>
</created>
<log>1</log>
</rule>
<rule uuid="d95bec34-aceb-43d7-8a9d-65edc759f106">
<type>pass</type>
<ipprotocol>inet</ipprotocol>
<descr>Default allow LAN to any rule</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
<rule uuid="146f8cd9-2063-4b25-afac-72317d7d1c3b">
<type>pass</type>
<ipprotocol>inet6</ipprotocol>
<descr>Default allow LAN IPv6 to any rule</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
<rule uuid="1c2b2f1c-ed74-40ea-87ed-2841dcd41504">
<type>pass</type>
<interface>opt1</interface>
<ipprotocol>inet46</ipprotocol>
<statetype>keep state</statetype>
<descr>Allow access from LandLab router LAN to the Internet and block access to everything else</descr>
<direction>in</direction>
<log>1</log>
<quick>1</quick>
<protocol>tcp/udp</protocol>
<source>
<address>LANDLAB</address>
</source>
<destination>
<address>PrivateNetworks</address>
<not>1</not>
</destination>
<updated>
<username>mshillam@192.168.1.10</username>
<time>1713877658.01</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>mshillam@192.168.1.10</username>
<time>1713877658.01</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="a2247d3e-5333-40be-991f-4e97bb039f10">
<type>pass</type>
<interface>opt1</interface>
<ipprotocol>inet46</ipprotocol>
<statetype>keep state</statetype>
<descr>Allow access from LandLab router LAN to the Internet and block access to everything else</descr>
<direction>in</direction>
<log>1</log>
<quick>1</quick>
<protocol>icmp</protocol>
<source>
<address>LANDLAB</address>
</source>
<destination>
<any>1</any>
</destination>
<updated>
<username>mshillam@10.10.10.20</username>
<time>1713995053.9418</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>mshillam@10.10.10.20</username>
<time>1713995053.9418</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="1533a82e-b6aa-4162-8b16-5e71b46c1a48">
<type>pass</type>
<interface>opt1</interface>
<ipprotocol>inet46</ipprotocol>
<statetype>keep state</statetype>
<descr>Allow access to all devices on the LANDLAB router LAN</descr>
<direction>in</direction>
<quick>1</quick>
<protocol>tcp/udp</protocol>
<source>
<network>lan</network>
</source>
<destination>
<address>LANDLAB</address>
</destination>
<updated>
<username>mshillam@192.168.1.10</username>
<time>1713878682.7779</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>mshillam@192.168.1.10</username>
<time>1713878682.7779</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
<log>1</log>
</rule>
<rule uuid="86b19155-11ce-421a-bc0c-aa868041a9c7">
<type>pass</type>
<interface>opt1</interface>
<ipprotocol>inet46</ipprotocol>
<statetype>keep state</statetype>
<descr>Allow admin devices access to LANDLAB router LAN</descr>
<direction>in</direction>
<quick>1</quick>
<protocol>tcp/udp</protocol>
<source>
<address>admin_devices</address>
</source>
<destination>
<address>LANDLAB</address>
</destination>
<updated>
<username>mshillam@10.10.10.20</username>
<time>1713979808.5062</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>mshillam@10.10.10.20</username>
<time>1713979762.8332</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
<disabled>1</disabled>
</rule>
<rule uuid="ee54ff6d-d74a-49d5-af1f-6ec2b7bb65b6">
<type>pass</type>
<interface>opt1</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<descr>Allow ICMP to LINK Gateway from LAN</descr>
<direction>in</direction>
<quick>1</quick>
<protocol>icmp</protocol>
<source>
<network>lan</network>
</source>
<destination>
<address>172.16.0.254/24</address>
</destination>
<updated>
<username>mshillam@192.168.1.201</username>
<time>1713957984.0619</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>mshillam@192.168.1.201</username>
<time>1713957839.6765</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="4236aec3-494f-4b2f-876f-86b5c16e6241">
<type>pass</type>
<interface>opt1</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<descr>Allow ALL to LINK Gateway from LINK Network * TEST *</descr>
<direction>in</direction>
<log>1</log>
<quick>1</quick>
<source>
<network>opt1</network>
</source>
<destination>
<any>1</any>
</destination>
<updated>
<username>mshillam@10.10.10.20</username>
<time>1713999176.6841</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>mshillam@10.10.10.20</username>
<time>1713998127.1974</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<bypassstaticroutes>yes</bypassstaticroutes>
</filter>
<rrd>
<enable/>
</rrd>
<load_balancer>
<monitor_type>
<name>ICMP</name>
<type>icmp</type>
<descr>ICMP</descr>
<options/>
</monitor_type>
<monitor_type>
<name>TCP</name>
<type>tcp</type>
<descr>Generic TCP</descr>
<options/>
</monitor_type>
<monitor_type>
<name>HTTP</name>
<type>http</type>
<descr>Generic HTTP</descr>
<options>
<path>/</path>
<host/>
<code>200</code>
</options>
</monitor_type>
<monitor_type>
<name>HTTPS</name>
<type>https</type>
<descr>Generic HTTPS</descr>
<options>
<path>/</path>
<host/>
<code>200</code>
</options>
</monitor_type>
<monitor_type>
<name>SMTP</name>
<type>send</type>
<descr>Generic SMTP</descr>
<options>
<send/>
<expect>220 *</expect>
</options>
</monitor_type>
</load_balancer>
<ntpd>
<prefer>0.opnsense.pool.ntp.org</prefer>
</ntpd>
<widgets>
<sequence>interface_list-container:00000000-col1:show,system_information-container:00000001-col1:show,gateways-container:00000002-col2:show,traffic_graphs-container:00000003-col2:show,services_status-container:00000004-col4:show</sequence>
<column_count>2</column_count>
<gatewaysfilter>WAN_GW,LandLab</gatewaysfilter>
<gatewaysinvert>1</gatewaysinvert>
</widgets>
<revision>
<username>mshillam@10.10.10.20</username>
<time>1713999176.9212</time>
<description>/firewall_rules_edit.php made changes</description>
</revision>
<OPNsense>
<wireguard>
<client version="1.0.0">
<clients/>
</client>
<general version="0.0.1">
<enabled>0</enabled>
</general>
<server version="1.0.0">
<servers/>
</server>
</wireguard>
<IPsec version="1.0.1">
<general>
<enabled/>
</general>
<keyPairs/>
<preSharedKeys/>
</IPsec>
<Swanctl version="1.0.0">
<Connections/>
<locals/>
<remotes/>
<children/>
<Pools/>
<VTIs/>
<SPDs/>
</Swanctl>
<OpenVPNExport version="0.0.1">
<servers/>
</OpenVPNExport>
<OpenVPN version="1.0.0">
<Overwrites/>
<Instances/>
<StaticKeys/>
</OpenVPN>
<captiveportal version="1.0.1">
<zones/>
<templates/>
</captiveportal>
<cron version="1.0.4">
<jobs/>
</cron>
<Firewall>
<Lvtemplate version="0.0.1">
<templates/>
</Lvtemplate>
<Alias version="1.0.1">
<geoip>
<url>https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country-CSV&amp;license_key=bUDDilXVKtjByVCi&amp;suffix=zip</url>
</geoip>
<aliases>
<alias uuid="a902e126-8985-4dab-b2cd-76a5740884d0">
<enabled>1</enabled>
<name>LANDLAB</name>
<type>network</type>
<proto/>
<interface/>
<counters>0</counters>
<updatefreq/>
<content>10.100.0.0/24</content>
<categories/>
<description>LandLab Network</description>
</alias>
<alias uuid="512a6200-f733-44d8-b1f3-dc729608c5e9">
<enabled>1</enabled>
<name>PrivateNetworks</name>
<type>networkgroup</type>
<proto/>
<interface/>
<counters>0</counters>
<updatefreq/>
<content>LANDLAB
__lan_network
__opt1_network</content>
<categories/>
<description>All Private Networks</description>
</alias>
<alias uuid="7baa7290-9eba-4834-ae44-3bbea51b8cc8">
<enabled>1</enabled>
<name>mats_macbook_wifi</name>
<type>host</type>
<proto/>
<interface/>
<counters>0</counters>
<updatefreq/>
<content>10.10.10.20
10.100.0.20</content>
<categories/>
<description>Mats MacBook Pro Wifi.</description>
</alias>
<alias uuid="5f5daa79-751f-44c2-b721-8d2790568fc1">
<enabled>1</enabled>
<name>mats_macbook_eth</name>
<type>host</type>
<proto/>
<interface/>
<counters>0</counters>
<updatefreq/>
<content>10.10.10.21
10.100.0.21</content>
<categories/>
<description>Mats MacBook Pro Eth.</description>
</alias>
<alias uuid="a5d17e1b-fc02-4710-b8fa-0d8d39c8ecc0">
<enabled>1</enabled>
<name>mats_devices</name>
<type>host</type>
<proto/>
<interface/>
<counters>0</counters>
<updatefreq/>
<content>mats_macbook_wifi
mats_macbook_eth</content>
<categories/>
<description>Mats Devices</description>
</alias>
<alias uuid="edbe89fd-4583-4fb8-beb9-76ec989b72e7">
<enabled>1</enabled>
<name>admin_devices</name>
<type>host</type>
<proto/>
<interface/>
<counters>0</counters>
<updatefreq/>
<content>mats_devices</content>
<categories/>
<description>Admin devices with escalated network access.</description>
</alias>
<alias uuid="293f7769-0ca7-44c0-add9-585726e27545">
<enabled>1</enabled>
<name>allowed_countries</name>
<type>geoip</type>
<proto/>
<interface/>
<counters>0</counters>
<updatefreq/>
<content>CA
US
AU
AD
AL
AT
AX
BA
BE
BG
CH
CZ
DE
DK
EE
ES
FI
FR
GB
GG
GI
GR
HR
HU
IE
IM
IT
JE
LU
LV
MC
MD
ME
MK
MT
NL
NO
PL
PT
RO
SE
SI
SK
SM
TR
UA
VA</content>
<categories/>
<description>Countries to allow access to External facing WAN</description>
</alias>
<alias uuid="c5340fa9-59af-4a30-b417-2b0c42b6bda9">
<enabled>1</enabled>
<name>docker_landlab</name>
<type>host</type>
<proto/>
<interface/>
<counters>0</counters>
<updatefreq/>
<content>10.100.0.10</content>
<categories/>
<description>Docker System on LandLab Network</description>
</alias>
<alias uuid="c5797301-451c-43c1-8abd-c81138990b90">
<enabled>1</enabled>
<name>_web_ports</name>
<type>port</type>
<proto/>
<interface/>
<counters>0</counters>
<updatefreq/>
<content>80
443</content>
<categories/>
<description>Web ports</description>
</alias>
</aliases>
</Alias>
<Category version="1.0.0">
<categories/>
</Category>
<Filter version="1.0.3">
<rules/>
<snatrules/>
<npt/>
</Filter>
</Firewall>
<Netflow version="1.0.1">
<capture>
<interfaces/>
<egress_only/>
<version>v9</version>
<targets/>
</capture>
<collect>
<enable>0</enable>
</collect>
<activeTimeout>1800</activeTimeout>
<inactiveTimeout>15</inactiveTimeout>
</Netflow>
<IDS version="1.0.9">
<rules/>
<policies/>
<userDefinedRules/>
<files/>
<fileTags/>
<general>
<enabled>0</enabled>
<ips>0</ips>
<promisc>0</promisc>
<interfaces>wan</interfaces>
<homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
<defaultPacketSize/>
<UpdateCron/>
<AlertLogrotate>W0D23</AlertLogrotate>
<AlertSaveLogs>4</AlertSaveLogs>
<MPMAlgo/>
<detect>
<Profile/>
<toclient_groups/>
<toserver_groups/>
</detect>
<syslog>0</syslog>
<syslog_eve>0</syslog_eve>
<LogPayload>0</LogPayload>
<verbosity/>
</general>
</IDS>
<Interfaces>
<loopbacks version="1.0.0"/>
<neighbors version="1.0.0"/>
<vxlans version="1.0.2"/>
</Interfaces>
<Kea>
<ctrl_agent version="0.0.1">
<general>
<enabled>0</enabled>
<http_host>127.0.0.1</http_host>
<http_port>8000</http_port>
</general>
</ctrl_agent>
<dhcp4 version="1.0.0">
<general>
<enabled>0</enabled>
<interfaces/>
<valid_lifetime>4000</valid_lifetime>
<fwrules>1</fwrules>
</general>
<ha>
<enabled>0</enabled>
<this_server_name/>
</ha>
<subnets/>
<reservations/>
<ha_peers/>
</dhcp4>
</Kea>
<monit version="1.0.12">
<general>
<enabled>0</enabled>
<interval>120</interval>
<startdelay>120</startdelay>
<mailserver>127.0.0.1</mailserver>
<port>25</port>
<username/>
<password/>
<ssl>0</ssl>
<sslversion>auto</sslversion>
<sslverify>1</sslverify>
<logfile/>
<statefile/>
<eventqueuePath/>
<eventqueueSlots/>
<httpdEnabled>0</httpdEnabled>
<httpdUsername>root</httpdUsername>
<httpdPassword>wHvLJw9sTchiJSjl9mtclfwI6dr4PAt</httpdPassword>
<httpdPort>2812</httpdPort>
<httpdAllow/>
<mmonitUrl/>
<mmonitTimeout>5</mmonitTimeout>
<mmonitRegisterCredentials>1</mmonitRegisterCredentials>
</general>
<alert uuid="8f4d2cb5-d962-4966-8386-eeefccf4c291">
<enabled>0</enabled>
<recipient>root@localhost.local</recipient>
<noton>0</noton>
<events/>
<format/>
<reminder/>
<description/>
</alert>
<service uuid="49523ad1-848c-44b7-8c07-8df6b25f7985">
<enabled>1</enabled>
<name>$HOST</name>
<description/>
<type>system</type>
<pidfile/>
<match/>
<path/>
<timeout>300</timeout>
<starttimeout>30</starttimeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>d154a552-cf23-45b4-8547-b8413dcc1d73,9e6aa406-ed77-4743-9869-8bb4489214f8,203ec5f2-5fbc-4874-b803-5fc2a40e0188,921cb3eb-3e54-472f-9d24-7bf20d7704f9</tests>
<depends/>
<polltime/>
</service>
<service uuid="8f359d8b-c48d-4f7b-bbef-39e650ca096f">
<enabled>1</enabled>
<name>RootFs</name>
<description/>
<type>filesystem</type>
<pidfile/>
<match/>
<path>/</path>
<timeout>300</timeout>
<starttimeout>30</starttimeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>e1175c29-6370-46ad-bf39-18328561b9d4</tests>
<depends/>
<polltime/>
</service>
<service uuid="f25a36f4-d1ca-4803-afb3-6dce46a81fcc">
<enabled>0</enabled>
<name>carp_status_change</name>
<description/>
<type>custom</type>
<pidfile/>
<match/>
<path>/usr/local/opnsense/scripts/OPNsense/Monit/carp_status</path>
<timeout>300</timeout>
<starttimeout>30</starttimeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>5aed87b3-eaa7-46cd-9242-71131b4e82f0</tests>
<depends/>
<polltime/>
</service>
<service uuid="b0797e72-5149-4238-b012-dece30961867">
<enabled>0</enabled>
<name>gateway_alert</name>
<description/>
<type>custom</type>
<pidfile/>
<match/>
<path>/usr/local/opnsense/scripts/OPNsense/Monit/gateway_alert</path>
<timeout>300</timeout>
<starttimeout>30</starttimeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>b4e15ae9-5709-4885-835f-74acc95630d1</tests>
<depends/>
<polltime/>
</service>
<test uuid="7fc4968a-3728-498e-836e-f4e4dd76b2df">
<name>Ping</name>
<type>NetworkPing</type>
<condition>failed ping</condition>
<action>alert</action>
<path/>
</test>
<test uuid="2d3a1e76-1eea-45d1-ab65-45d60889a96e">
<name>NetworkLink</name>
<type>NetworkInterface</type>
<condition>failed link</condition>
<action>alert</action>
<path/>
</test>
<test uuid="5b4cad5d-d606-44e9-966b-9b1b1c7d34a7">
<name>NetworkSaturation</name>
<type>NetworkInterface</type>
<condition>saturation is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="d154a552-cf23-45b4-8547-b8413dcc1d73">
<name>MemoryUsage</name>
<type>SystemResource</type>
<condition>memory usage is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="9e6aa406-ed77-4743-9869-8bb4489214f8">
<name>CPUUsage</name>
<type>SystemResource</type>
<condition>cpu usage is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="203ec5f2-5fbc-4874-b803-5fc2a40e0188">
<name>LoadAvg1</name>
<type>SystemResource</type>
<condition>loadavg (1min) is greater than 8</condition>
<action>alert</action>
<path/>
</test>
<test uuid="921cb3eb-3e54-472f-9d24-7bf20d7704f9">
<name>LoadAvg5</name>
<type>SystemResource</type>
<condition>loadavg (5min) is greater than 6</condition>
<action>alert</action>
<path/>
</test>
<test uuid="532e4207-478a-4dee-b80e-dc30e029c324">
<name>LoadAvg15</name>
<type>SystemResource</type>
<condition>loadavg (15min) is greater than 4</condition>
<action>alert</action>
<path/>
</test>
<test uuid="e1175c29-6370-46ad-bf39-18328561b9d4">
<name>SpaceUsage</name>
<type>SpaceUsage</type>
<condition>space usage is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="5aed87b3-eaa7-46cd-9242-71131b4e82f0">
<name>ChangedStatus</name>
<type>ProgramStatus</type>
<condition>changed status</condition>
<action>alert</action>
<path/>
</test>
<test uuid="b4e15ae9-5709-4885-835f-74acc95630d1">
<name>NonZeroStatus</name>
<type>ProgramStatus</type>
<condition>status != 0</condition>
<action>alert</action>
<path/>
</test>
</monit>
<Gateways version="1.0.0">
<gateway_item uuid="ff205a7a-7fd1-4457-a92f-7e19ff2675ef">
<disabled>0</disabled>
<name>WAN_GW</name>
<descr>WAN Gateway</descr>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<gateway/>
<defaultgw>1</defaultgw>
<fargw>0</fargw>
<monitor_disable>0</monitor_disable>
<monitor_noroute>0</monitor_noroute>
<monitor/>
<force_down>0</force_down>
<priority>255</priority>
<weight>1</weight>
<latencylow/>
<latencyhigh/>
<losslow/>
<losshigh/>
<interval/>
<time_period/>
<loss_interval/>
<data_length/>
</gateway_item>
<gateway_item uuid="94528dc3-b901-4800-867d-fbc2139671b7">
<disabled>0</disabled>
<name>LandLab</name>
<descr>LandLab router gateway</descr>
<interface>opt1</interface>
<ipprotocol>inet</ipprotocol>
<gateway>172.16.0.254</gateway>
<defaultgw>0</defaultgw>
<fargw>0</fargw>
<monitor_disable>0</monitor_disable>
<monitor_noroute>0</monitor_noroute>
<monitor/>
<force_down>0</force_down>
<priority>255</priority>
<weight>1</weight>
<latencylow/>
<latencyhigh/>
<losslow/>
<losshigh/>
<interval/>
<time_period/>
<loss_interval/>
<data_length/>
</gateway_item>
</Gateways>
<Syslog version="1.0.2">
<general>
<enabled>1</enabled>
<loglocal>1</loglocal>
<maxpreserve>31</maxpreserve>
<maxfilesize/>
</general>
<destinations/>
</Syslog>
<TrafficShaper version="1.0.3">
<pipes/>
<queues/>
<rules/>
</TrafficShaper>
<unboundplus version="1.0.9">
<general>
<enabled>1</enabled>
<port>53</port>
<stats/>
<active_interface/>
<dnssec>1</dnssec>
<dns64>0</dns64>
<dns64prefix/>
<noarecords>0</noarecords>
<regdhcp>1</regdhcp>
<regdhcpdomain/>
<regdhcpstatic>1</regdhcpstatic>
<noreglladdr6>0</noreglladdr6>
<noregrecords>0</noregrecords>
<txtsupport>0</txtsupport>
<cacheflush>1</cacheflush>
<local_zone_type>transparent</local_zone_type>
<outgoing_interface/>
<enable_wpad>0</enable_wpad>
</general>
<advanced>
<hideidentity>0</hideidentity>
<hideversion>0</hideversion>
<prefetch>0</prefetch>
<prefetchkey>0</prefetchkey>
<dnssecstripped>0</dnssecstripped>
<aggressivensec>1</aggressivensec>
<serveexpired>0</serveexpired>
<serveexpiredreplyttl/>
<serveexpiredttl/>
<serveexpiredttlreset>0</serveexpiredttlreset>
<serveexpiredclienttimeout/>
<qnameminstrict>0</qnameminstrict>
<extendedstatistics>0</extendedstatistics>
<logqueries>1</logqueries>
<logreplies>0</logreplies>
<logtagqueryreply>0</logtagqueryreply>
<logservfail>0</logservfail>
<loglocalactions>0</loglocalactions>
<logverbosity>2</logverbosity>
<valloglevel>0</valloglevel>
<privatedomain/>
<privateaddress>0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10</privateaddress>
<insecuredomain/>
<msgcachesize/>
<rrsetcachesize/>
<outgoingnumtcp/>
<incomingnumtcp/>
<numqueriesperthread/>
<outgoingrange/>
<jostletimeout/>
<cachemaxttl/>
<cachemaxnegativettl/>
<cacheminttl/>
<infrahostttl/>
<infrakeepprobing>0</infrakeepprobing>
<infracachenumhosts/>
<unwantedreplythreshold/>
</advanced>
<acls>
<default_action>allow</default_action>
</acls>
<dnsbl>
<enabled>0</enabled>
<safesearch/>
<type/>
<lists/>
<whitelists/>
<blocklists/>
<wildcards/>
<address/>
<nxdomain/>
</dnsbl>
<forwarding>
<enabled/>
</forwarding>
<dots>
<dot uuid="c06973c4-b0cd-4412-81f0-48deb593317d">
<enabled>1</enabled>
<type>dot</type>
<domain/>
<server>1.1.1.1</server>
<port>853</port>
<verify>cloudflare-dns.com</verify>
</dot>
<dot uuid="4dc76dd8-b0c7-4024-9b15-261b448a4262">
<enabled>1</enabled>
<type>dot</type>
<domain/>
<server>1.0.0.1</server>
<port>853</port>
<verify>cloudflare-dns.com</verify>
</dot>
</dots>
<hosts/>
<aliases/>
<domains/>
</unboundplus>
<DHCRelay version="1.0.1"/>
<QemuGuestAgent version="1.0.0">
<general>
<Enabled>1</Enabled>
<LogDebug>0</LogDebug>
<DisabledRPCs/>
</general>
</QemuGuestAgent>
</OPNsense>
<openvpn/>
<ifgroups version="1.0.0"/>
<laggs version="1.0.0">
<lagg/>
</laggs>
<virtualip version="1.0.0">
<vip/>
</virtualip>
<vlans version="1.0.0">
<vlan/>
</vlans>
<staticroutes version="1.0.0">
<route uuid="bcc30439-ca94-4bd6-8365-97d980b3d335">
<network>10.100.0.0/24</network>
<gateway>LandLab</gateway>
<descr>LandLab LAN</descr>
<disabled>0</disabled>
</route>
</staticroutes>
<bridges>
<bridged/>
</bridges>
<gifs>
<gif/>
</gifs>
<gres>
<gre/>
</gres>
<ppps>
<ppp/>
</ppps>
<wireless>
<clone/>
</wireless>
<ca/>
<dhcpdv6/>
<cert>
<refid>6626b18379cdc</refid>
<descr>Web GUI TLS certificate</descr>
<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVUk9iV2UrSGliZm1JSGliZHgzMm1ZWTkzUWdvd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5EQTBNakl4T0RVd05EZGFGdzB5TlRBMU1qUXhPRFV3TkRkYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUUNhRlVZNGZzL0U5MDhROVdPMUJmNFJaa1lqZUd1akdMc3JYRlo4MEhtdFpWWlBGMi9RCkpSTm1rVWNuRjJPRzhwa29JaURvdDNVdU1NOXB0RWRHZy94VkVZNjkwdEZkeVFhbGd4cWNIVlIvb0tJNnBmbnUKYmprak0wSW9CWXdzMzZGMHpqQi9vZmFHblQ1dXhSd3BqVXhreDNzRG80R1k4SmVjRjVTamMrTW1kZFdaZU1JdgpBTjRtVVhRSkdEOUl5MkQ4SmZENWt0T2hyMmMyQWxyUzB0UHo0S1U3ZlhkNDJycWlKTUgxYU5PSVc1Q3RFZGIzCnNkRjdtMmhWK2ZHU21QSXFybitSQXhhN3VjeVNoUExlQUJUWFRPOUtKbjVGeWxmSGRra0tBT0NHbnN2TTd5Y28KRXF3K2JQNEN2OHAzQzVSRExDSERpdVFyUitWOWkrWlB6czN0M0R2YWthd0lWOU5IWHNPSFJFL29aUFp5OFQ1Uwo2Y3QyUHNRODlQK2llWXNiR2xRUWkvYTlrMkRQVEFvdERtZWxDMWV4TkZyVWVxMFg5dkpucytFUzJTTTRId2plClhvb05jMEU3bkxPQWlDOEpSaGNNZEZ5cFJSU3lQRHFYRmVzVElQL2w5b0ZBSE1RZkNzbkNJQS80RWlsNjN3WVYKUnhFNDNQbXhPWjNvWU1vN2JDRzJNRUhjL1F3NWFwOURzNXNobXJPS3FPUFJyS3VyWHRzNDZTeStJZ1YvSjR2cAowVll4YmRsNTBYWWFUOE8wTU9sUHcyZlJMZXFXWmZSQmp6ZzlFZ0RTM2dNcmp6YUlFT1RaR254NTZoVlM2YnNSCm5EeVNhQ21iYmFsS2RtbGQ0bGRoYVMxRUl5MFBueGlvS2ZDZ1NRT25iQTJrYSt6cWgyaDZWUitIcndJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRkNKekVZNngyU1hnNEx1ZExKVlFhVmMwemxLV01JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVVJPYlcKZStIaWJmbUlIaWJkeDMybVlZOTNRZ293SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQU5HcDZVWkJ4WEdIcjdxb09pcC9mZ3A1QVhidVpPN1ZlQU02RlExU1IKVGI5anYzQlNybHZydUh6R2NhOFV5a3dIWWlNL000enRlWndBNXVjWVZBQi8rbnovblVaakV6VG4zT2EvN2RJZgpxc0R1NTZ0OWdCVGNXWXJVdGp4NHFDVGlsSXdLOGIwK0xYNEV4MFRWRFFoWmJTdG1udU82ZEhPWk1mQk1lMk5uCllpbWdNMytVZUVWZkkzQlk5bDRXb1RSM082eS9EMzFjaGxRS1NHWExXay9HaXp3V3gyZXF6VC8waXhmZmxNY3MKKzQxaU5UVUpLQzh4Tlh4R3lvek9aS0xNcjc0RFB1QjJ3OEtVcTdMNlVnVlA5V3RydHE0NGlTU3E4dXpoa0N1cwpRb3ZTeTQzaFhMVVhZMFE3Qzljd21xUk5SeTJGUm5KNnkyWjNVbFV0UEJtd3d1M2c2SWsrV0VSM0Jhak1ZaGF5ClY0eWFGYVRtcXZGOGtRZUhUTGFWZVBNSVczV2FqbVhmc0M5NlNNVTV5b3RQT1pXb2pITXloNEtJM2NTc1laRGwKNzFnSnJmRHl0TUVWdGE0Uk9sZVZ1RVl2TGhsamRTTnFKWFd6N29DcnBKOGowOEVhRWowaGVkVk1STGZCbVcrdgppUk45NHcvTFNKTFpZRGJqUEJPWU1nbW5rWFlUV283dlp5Rm1HZWJwOHZIVGRZdGg0K3lINzRkY1d6N1l1ZkVWClZPUzBhd2s0Qk4rZVJxUWdubll0OEZRclVuM1pzd2pldUttL2QyYnc0M20rUnhzcmJFN1o2VkZ1bUlrZWRNZ1AKWDNGZTY5NXZPM3lWNlc2ejJwRkRrNTVWUXh3MG1RK2UzYWx6d3E0dDkvYWgzVGpIVzdWR1E3QWZBODg5cEczbgoweDA9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRQ2FGVVk0ZnMvRTkwOFEKOVdPMUJmNFJaa1lqZUd1akdMc3JYRlo4MEhtdFpWWlBGMi9RSlJObWtVY25GMk9HOHBrb0lpRG90M1V1TU05cAp0RWRHZy94VkVZNjkwdEZkeVFhbGd4cWNIVlIvb0tJNnBmbnViamtqTTBJb0JZd3MzNkYwempCL29mYUduVDV1CnhSd3BqVXhreDNzRG80R1k4SmVjRjVTamMrTW1kZFdaZU1JdkFONG1VWFFKR0Q5SXkyRDhKZkQ1a3RPaHIyYzIKQWxyUzB0UHo0S1U3ZlhkNDJycWlKTUgxYU5PSVc1Q3RFZGIzc2RGN20yaFYrZkdTbVBJcXJuK1JBeGE3dWN5UwpoUExlQUJUWFRPOUtKbjVGeWxmSGRra0tBT0NHbnN2TTd5Y29FcXcrYlA0Q3Y4cDNDNVJETENIRGl1UXJSK1Y5CmkrWlB6czN0M0R2YWthd0lWOU5IWHNPSFJFL29aUFp5OFQ1UzZjdDJQc1E4OVAraWVZc2JHbFFRaS9hOWsyRFAKVEFvdERtZWxDMWV4TkZyVWVxMFg5dkpucytFUzJTTTRId2plWG9vTmMwRTduTE9BaUM4SlJoY01kRnlwUlJTeQpQRHFYRmVzVElQL2w5b0ZBSE1RZkNzbkNJQS80RWlsNjN3WVZSeEU0M1BteE9aM29ZTW83YkNHMk1FSGMvUXc1CmFwOURzNXNobXJPS3FPUFJyS3VyWHRzNDZTeStJZ1YvSjR2cDBWWXhiZGw1MFhZYVQ4TzBNT2xQdzJmUkxlcVcKWmZSQmp6ZzlFZ0RTM2dNcmp6YUlFT1RaR254NTZoVlM2YnNSbkR5U2FDbWJiYWxLZG1sZDRsZGhhUzFFSXkwUApueGlvS2ZDZ1NRT25iQTJrYSt6cWgyaDZWUitIcndJREFRQUJBb0lDQUMxWkJZbXJDTXNYWGhYSG9zaXNNdEk4CkgzaGhBSXpId281SVpzdmxMMnB3NEszMlg5b0tqMk1vYnFCNnFiZ1Z2aTJwbmJYZ0NJVEhxTU9iWXo3RnFZWC8KM05yUktQMUpKTU9oaWp0WUJuNXBjRldDYzhSUWZGQjN6WWlwMlU5N29iRVczZjh5VTdQYW8zMUdWYnVFOG03Vwpwc1d6WVhqNWxpVkNhMlNQdnRLYTYzcDNwKzdkZW9RY2hPSUlXTmU3dzVkeU16SEFuTGlCUHdjT09sekIzODl1CjFqSmtBcjEyNG1iR0dxOTNZb3BIS0pWSEl0VlRhQ3ZRMlN3MG0zeGh0eVFJcDFLdWJncGg3R3RTNVllZ3pvRnYKQ3gzdnBrb3oreEdoSm0zalJERmFtdkI5a2pDaERrQnhJM0Q3c1VMSURhS1hZbmlDY0JTczNFWE8zc0d1UTd6QQpUYVNTYzJBRzE5QzZsV2pmNTFVSFZ6VlB1aFFHRWxyelZ1NVRYRGNQRDllSENKNWtDWncxYXFXenFWM00wTXFuCkFRZjdQbXhMMnlIdDRNZkdZTWdpTnJuREdVL2h2bm9WeTZBeWdBL05XYzNScEk4VzVPNWZUa0lTVXJTOXRuZjAKbjdsRjBmcFBSYVo5bGsxSSthZXNxaHZ3UmNCWTdScHNzWUtJOFlBZGRYMEQ5Z3U0MzdETHB5SjNkVzV4N2R0YgphVGxhRW5mVUxkQVdTOFAwRFNabnN0ak5IUjQwbm54KzhvQ3k5TG5vWm5UbUFGWXZIaUxaaFpDejdvTTBpdk05CjY2RFc1cjlkVEl3WVdiUG5mWEtCVjAvMlpBMVRiVDhRUnphbUEzQTFhVXlUZE9ZaXRIRVdmQ29JZFdUZ1ZkOE4KTjVvVlZ4WGQ2Y21lVlc2NFcvc0JBb0lCQVFEV1dHa3c3WlRWa1lSTkZ3K1c5WTlicThNMStoYjFVeG1BQ1AwYQo2S3RUcHN3UDVLTjIyb09qd0VEc0FDa3JrenVLd2RBUFRldW52U0E5aGZmaFQ3aHJrVlZnaFYxa0NoMFl3ak45CmcwNTFxTmFsZ3JqOGthNVVHNGdnSm9QNmlMT2lBV1g3clFudGhaSlI2S0pDODlXYnFEK1lKVWQvLzU2aTFSMXIKRzFJaUVtRS8yUzlRbXhhY0N3cmR3WmlkNkQwa3ltTEpHUjV5Y1UvaXFhM3h0SWhFbFV0NHVOd3V2dHlVaG54NApOL2N5ZVk0anZWWDdHbjBNemhndGQ4MnR4dEttWlk3bUh3cVNaeWNCSnhPY0hUL2xIZzFOYjBTTHRTaFdwM1NRClFLRHVacGJSMlZvRkhKSXJDODJCOEpzdit2b2Z4RDhRVEdXVksxSjQzcUJkRGtmeEFvSUJBUUM0QnRlZ3hXMGIKeTViZHhzRVZUT2RWeXBKVmNyRDJuWU1BSFFUa1A5QUh3RlVib20wN3AxR2dpY3JRWTlMMkVTZDJCbFpxdWNiUQo3WExoTklMWEJSdjBVOUxtTHloSEU4djd0VFhOMmRjM2RCcm5RNE5xWEdCLzFJT2NtVmZNeExvR3pYa0JLQmVXCmp0bjZiMTRZUkNmbWdFU1d6eXR5S0psYWxPMFNUam5oMTZ4ajRZbFVncWJNa041TC9jTXlORUYxRzFEUTREcTcKS1dzSi83YnRlVmlGZ1M4ZUlQSUJXUDB0cFBjZUluYy9ReTAyYUFTZXVuU2YvYXZic2ZxVkg4UWhnZ0xZcmdBRQpuWS90bEorU1VOMm9xOTNuTkxYc215RjVZQlVRUGNvQzExTFhJckZqN01HSjg1Z083NWtxQmN2cmt6RmwwNUp4ClFMS1pwWnFBcjJtZkFvSUJBUUNseUpIcnJ3WmJ2UVlvSGZzSDFudi8ralN0VGZadDNzMHRVMFo0aHBia3gzQ3oKcGpLc1hjeE5YZ2lZd0hNWGFmUTJtVHNVYXo4bWFNaEQ3WmRRcERsT3NZVG9kNTVKSHUxc1ZlQS9ac3pMZ2tBcQptWlg4ZTZ6ckRyUlZzWlNJdFN6QzAvUU9HY05BKy91MDhJcDM0R0pKMTNNQWVXejQyanZYVTZCQ1ZFcE5ZZ3ZuCnQxSzZOSW5qUFVNMVMyU0FWYnpjOU5BOUcvbUpxSXlTRW8wZ0VuTUhJTFhUOUo4UVpMejAvNlBMMC9XVkM2RmQKa1Rhc1ZjdDhtUGJvUys1QVJ6UnNVTWFheEUySCtOS1pPS0VaTVNKWFVzd1ZKVWRPQzFyYzB2MzhDSkN3YzVhWgpUbFFxK2ZNdjZod1VNWVhHTVljK0JLcUdMNkN1SkdqUVpkaUF3T2Z4QW9JQkFEVGFFamVrTzgvTnlzaHErcTBwClp3OG1uSnhaMGlVaDI2dStxZGI3MUwxRktheEVHK2NVQ01kNGkzMEtEbDZKVXJIODQvakczaWpHNlVWd2xWczMKcG0yblhWeXFrb0RIV01BenJQNHY0RFdXN05zYWNyV3JUak9vVHh3OGxoREROMElZNVBYR0UvQXptcnJvSFRnTwo2djZ5UEFDc0F5aElMTEx0THFFaFFsSndaSnhTKytQL21mUUtieTJYOWVXSFNIMWZtUGhFVGRuTzdXVHp3ZysxCjJBeVBxMzZWcTZ0amFXTWdpN0JsNmFXTG40S09vVFVOQzgyZlJ5cFRsVW9hMDNOa0tYa2RqL2ZEWU1DMC9KZEQKRGtZUkJpd080V2pRck81MC85ZW9SMHBGbVE4Y2NhSG5MeloxZFdoa3U3SnI4OEwyaFN0ZmRpRjhtVTZ6VndvNgpWclVDZ2dFQUwvdkhOa2V0dlFRZi9vZkZ5VlhtR2NKcEkzcmhpQmZjR2hMUDN0ZmNraklwRnVpVnIzMmJoZkN6Cm9hNFpaamh5VXJMbEpuQzZHc3VSUVhIMGpIU3BSS2VMclg0emlCLy9zckxGL0JFQVhCTzBwZytiYXd3YmtQNXUKT1pnNlBXeG1DZlg4NnJ1ZXAzaUJ6ZzZ5WC85ckg3WnltV3oxNEU4ZGhFNi94b2pxRHdDUVJ6ZmlJekdsaGlSKwpjc2JxOFZQTkQ1QzFUM1pxeTVsS2tpRWljNzNRV3h2RU5SaElCa0FKdEgzUE1iOWxuTXlFbHgwQWZkS1RFOVVDCmpKL1VjQ04rV3ROQk9Na3RNY25GTEY4NVU1bFBBNi9uTjMyRmdLMDFIRVNidUFWNEZvaEc3YWRLRGhiaGx5U0wKb0U5RVhCWHRMSnNuZ0ZoajlTUUJDOGR2R2RBdUNRPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
</cert>
<syslog>
<nologdefaultpass>1</nologdefaultpass>
</syslog>
</opnsense>
Reference in New Issue View Git Blame Copy Permalink