commit 1169733f8ca5121cece36c1a6171142616119068 Author: System Administrator Date: Mon Apr 8 20:44:48 2024 +0100 /diag_backup.php made changes @ 2024-04-08T20:44:48.552300 (root@192.168.1.10) diff --git a/config.xml b/config.xml new file mode 100644 index 0000000..219b0be --- /dev/null +++ b/config.xml @@ -0,0 +1,998 @@ + + + cicada + + + Increase UFS read-ahead speeds to match the state of hard drives and NCQ. + vfs.read_max + default + + + Set the ephemeral port range to be lower. + net.inet.ip.portrange.first + default + + + Drop packets to closed TCP ports without returning a RST + net.inet.tcp.blackhole + default + + + Do not send ICMP port unreachable messages for closed UDP ports + net.inet.udp.blackhole + default + + + Randomize the ID field in IP packets + net.inet.ip.random_id + default + + + + Source routing is another way for an attacker to try to reach non-routable addresses behind your box. + It can also be used to probe for information about your internal networks. These functions come enabled + as part of the standard FreeBSD core system. + + net.inet.ip.sourceroute + default + + + + Source routing is another way for an attacker to try to reach non-routable addresses behind your box. + It can also be used to probe for information about your internal networks. These functions come enabled + as part of the standard FreeBSD core system. + + net.inet.ip.accept_sourceroute + default + + + + This option turns off the logging of redirect packets because there is no limit and this could fill + up your logs consuming your whole hard drive. + + net.inet.icmp.log_redirect + default + + + Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway) + net.inet.tcp.drop_synfin + default + + + Enable sending IPv6 redirects + net.inet6.ip6.redirect + default + + + Enable privacy settings for IPv6 (RFC 4941) + net.inet6.ip6.use_tempaddr + default + + + Prefer privacy addresses and use them over the normal addresses + net.inet6.ip6.prefer_tempaddr + default + + + Generate SYN cookies for outbound SYN-ACK packets + net.inet.tcp.syncookies + default + + + Maximum incoming/outgoing TCP datagram size (receive) + net.inet.tcp.recvspace + default + + + Maximum incoming/outgoing TCP datagram size (send) + net.inet.tcp.sendspace + default + + + Do not delay ACK to try and piggyback it onto a data packet + net.inet.tcp.delayed_ack + default + + + Maximum outgoing UDP datagram size + net.inet.udp.maxdgram + default + + + Handling of non-IP packets which are not passed to pfil (see if_bridge(4)) + net.link.bridge.pfil_onlyip + default + + + Set to 1 to additionally filter on the physical interface for locally destined packets + net.link.bridge.pfil_local_phys + default + + + Set to 0 to disable filtering on the incoming and outgoing member interfaces. + net.link.bridge.pfil_member + default + + + Set to 1 to enable filtering on the bridge interface + net.link.bridge.pfil_bridge + default + + + Allow unprivileged access to tap(4) device nodes + net.link.tap.user_open + default + + + Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid()) + kern.randompid + default + + + Disable CTRL+ALT+Delete reboot from keyboard. + hw.syscons.kbd_reboot + default + + + Enable TCP extended debugging + net.inet.tcp.log_debug + default + + + Set ICMP Limits + net.inet.icmp.icmplim + default + + + TCP Offload Engine + net.inet.tcp.tso + default + + + UDP Checksums + net.inet.udp.checksum + default + + + Maximum socket buffer size + kern.ipc.maxsockbuf + default + + + Page Table Isolation (Meltdown mitigation, requires reboot.) + vm.pmap.pti + default + + + Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation) + hw.ibrs_disable + default + + + Hide processes running as other groups + security.bsd.see_other_gids + default + + + Hide processes running as other users + security.bsd.see_other_uids + default + + + Enable/disable sending of ICMP redirects in response to IP packets for which a better, + and for the sender directly reachable, route and next hop is known. + + net.inet.ip.redirect + default + + + + Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects + to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect + packets without returning a response. + + net.inet.icmp.drop_redirect + 1 + + + Maximum outgoing UDP datagram size + net.local.dgram.maxdgram + default + + + + normal + OPNsense + ramanet + + admins + System Administrators + system + 1999 + 0 + page-all + + + root + System Administrator + system + admins + $2y$10$YRVoF4SgskIsrXOvOQjGieB9XqHPRra9R7d80B3BZdbY/j21TwBfS + 0 + + 2000 + 2000 + Europe/London + 0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org + + https + 66140e2f5c134 + + yes + 1 + + 1 + 1 + 1 + 1 + hadp + hadp + hadp + + monthly + + 1 + 1 + + admins + + -1 + -1 + + + + os-git-backup,os-nextcloud-backup,os-qemu-guest-agent,os-theme-cicada,os-theme-rebellion + + + + + en_US + 192.168.0.1 + 1 + none + none + none + none + none + none + none + none + + + + + urgent + 1 + + + 1 + https://gitea.shillam.me.uk/mshillam/OPNSense-ramanet-router-edge-backup.git + master + + mshillam + TWi7mE9rrxzXam + + + 0 + + + + + OPNsense-Backup + + + + 113759209639241836928 + 1NYL-nzSWTNRNlgv7pHuPMjoKlWjt9tC7 + on + 60 + Syfhcefh1 + on + MIIJqwIBAzCCCWQGCSqGSIb3DQEHAaCCCVUEgglRMIIJTTCCBXEGCSqGSIb3DQEHAaCCBWIEggVeMIIFWjCCBVYGCyqGSIb3DQEMCgECoIIE+zCCBPcwKQYKKoZIhvcNAQwBAzAbBBStgTWu5ptsbJmgVXjjQcMmvW832wIDAMNQBIIEyMg3AaY/tqTKKI+IBs850yddXWEoM6Yb0rrLv1rP8fB0a2ZUfq9R5f/GUbmCmoal/5PrvnhGNMZ/qhIdL/cUymZ3wRRq+9LdSsyDjvPcJ/eYZcKOkwEQ+q13I7sZKJpxUmvHBIKeJwTLbyj1y/fhOjh9b80ZcI1+Mu+ZR3WUll/U1deZ8Wz8Nt2zb0z9hDTWcfiQTUN1b6fG33Glj/aro6LJU9pIV8eL0K2xwH9xVJayM9+03zj7+3vPHXJN2rYNX6nMIDbK5dvIxX9BxHEZkXkvPSQgJyVFUqHbGSmnTUlDu1ZruIc3jQ0u109/aYIPGyg8aszRfyrk5rPdkr+ATg1653zgqoIxPnOV6iMOYV92VPIofnvwevx3inGykbYqSP0aeFhovEKCwJVjtLzQaiqnIJHyHLKN2NPrAWXsLhOu5iM1KK1HQqG74rTsY5kkv/wgdpItwfGfz4IWkQ1Q1+aVpC6P47Rrs9lMCiF3rgczxB4NJUK65NT0QWVBbejN8UPaZWZk6RE8u3m/URGNa2xgp1irEgvOrWaidPzY/xjtR2i1fqJgIqeUL/vK4WZr0T5OtAq9ehkvEm3GxWnbCDLCxKyk2cW45ShcOumcwdvua0tyIYgRkXboLqvmmlUm5jivqxZ4naGK4BJSvGepiuqdF4sWiuHMmFq/rw85uBbZOWAkfQjYSUUyTiEG7PBgXvSe0CCUTJrklBfjKjuvYgb4XuAU3x/Vrl9QDa2EJRhEr86kIgwneQvBSIN0uI1e9AY5rY8AUAzaybGVww09dPu1ghm0bJ+hQWs1w2WiiWrvi/AY1stIMg1cn7/9X5TG8PSMLPyIYCNfPrDxamCp5xBiuySZOhcADa9FURzrwFSxuDjNUTtbN78PVVDiKkvjOlZN2Hl80eGg27SjPWmmPgEYyT6pJUFrp65r4iVY1Aqg9wcsCEI61T8Y12ETPe5g43BK3FwSKSZVvLqJ9K4q22bpj/0RZYQusQrao0xPug5MVJ57dXpIcVNc9Fs1WdkohCwSSlkWBuuWBkN94U1qtDOy6fP5nzxuca8hpkdw5pt4sKHVN40BcygLuy7VojBhYTaWbfL2nVN/N3/buT3piA4kxwaP+sFMG0YMHIwOyIsppitZoBVD7cnXdSeIVO6Rzz/4R9AyBFrWoE85JDL2PGNUtp0zF3FT1SMPKsS8pa/w4QPgebIf+OM+TZEBo4+8NXVjG4koqF2CxOixH6tLECJ3ppZTDIL+A7K/7dFxqzVn472kpNb+EdYKF21f4lTOqV/kULkKJUiW48jJR0c8oHMIPJ6oJJcNnmOcevw3aKtP6fg30kyPVecl1np2ngDoxXbBYIqJvXjYMFvWGJrZtJ8ij3D36NqgzP2oHuiDNHStadIq/4gGR54qdY6dq2arMgkBNc7DCV2ZmWecTnlGV4pAPz6d9o3RNhDkjYQceCq8mCJz9LOcR6jj+S6TY55JRq7RuY+KjEkQx/LSALN+gyLf9aNCH5AY/nYz83M8mYbfwhuwfa/k143F5AwWTNKtVk60UJweVtLTgTutAWI1Ktyv5+bmnwYD1fuMsdY9cuk7lYBiT0iPLgLV6gxAKFbQzIl6N4/AQnBxZXDnYws6RkqSW9tU3mwgqzFIMCMGCSqGSIb3DQEJFDEWHhQAcAByAGkAdgBhAHQAZQBrAGUAeTAhBgkqhkiG9w0BCRUxFAQSVGltZSAxNzEyNjA0ODk3NzAyMIID1AYJKoZIhvcNAQcGoIIDxTCCA8ECAQAwggO6BgkqhkiG9w0BBwEwKQYKKoZIhvcNAQwBBjAbBBSFz4/dS0Q7F7nh6GQmyShGIpfYbwIDAMNQgIIDgM2DK+pM55K6AzcCzAi458SYJzo83lYMHtK6i3ml3Gcknpi4T/raNJDcdQ3HokdEim8wztUM6etGt5YRYeZconShSzZeWJver9mr2AQjbwSDtOeeG7eWwK/9qx6eoFfXQZ2XKqXdu/LPUDgSTxrnYhfoh/aybZLy5GQo0aw4mRlfg3falbSIxOrdzD9FWazQ/eKLSkJumLrxwD3r5Hrf2b1lDz/YMRFmKd97fqNjLg2+dlWAr1ybLXbrkaGz3TvJe0lKOgNqWHZ1MPA6QGqodMLgQ2wypUHj1M3yhcweQM07KQF8Tgodx5whiHVMcdz93sdyB2i54S16/SVd2BJ3ik+SDDtKfXldLPFTdpyGaDB/6jtG4E8SP2QFWwE5WSI+nnjRaUQhsyWTI5gtV0KYocRgfWrKUR2FFSGFnBwL+LEUL/K0YNieK+Ibo6pDyBZc/4iIO/J47ueNl3VUqnwH3xUDOSyy4yD2AjrpZSgyUqUSym1c28SDL2uHFlWXZMxN0AbrY5aT0e8BwM4VcO1Gm9T+78vPLFhObMO3j53dHUjSKUhJO4Th5rppRiY+9PVbO2zep2NxSvccB+0HUBjfVbnVQQiIxvUWA8u8VMRArXK8CpZgsGbh+m9htrHSO/olMVXMdb4E/nPWfm7NQz8hsX2AKcaYYidsbhDMT/BdbaPQW0YJ6mPm14gCa/N6fVPBHePLqQTVgTkcAfoULMCU8aFT6d6wDQbsZ2IeAfX7NXb0GAK8yE3w0yE8K6OL5Z621qOrz6iTfGuO0r92UBsGyuuy60jbr72v3Vv94DNZ0sFekDp6P08NvWCC4PIBNMphgPExEIYE+czHAj18tQviKJGtExqyqVcBKqnI9/6tp28oBL8iLvAZ2dANuHCE1xIxrcwbAqT6adnRMfj1PwiOYzrhc6x9ir/VRYvUntxBtu4fpwp0Rd101hFCf2fLqQGjPhFLLm638yRVb5q+vyPCDOjQrd8cbRG2pWT02MIJFEROGMQUN8AzhV0dS+jHl+nvjer8tzrh80h2dNRCxI8hMZiD520fPV5aV6r34pJDWCEsp4Rw4IasGTfzmj70CZnesoaZw9huCL/oX3DFCgctJVXNdMMrZhWZqn7lPxYrVV6fFOJxMPSLXAOPLDArAOFQS4/XYJDEg78Ncbf8HRSuNMc45zU7PdzG9IrKlkH8LMWHMD4wITAJBgUrDgMCGgUABBQTCLj66qTly8+l2Id+AnJWkgKDagQUlLtzywwe5mgBy+vpXWhR31nbvCYCAwGGoA== + + + + + vtnet0 + + 1 + + dhcp + + + 32 + + + + + + + + SavedCfg + + + + + + + + + + 1 + vtnet1 + 10.100.0.1 + 24 + track6 + 64 + + + wan + 0 + + + 1 + Loopback + 1 + lo0 + 127.0.0.1 + ::1 + 8 + 128 + none + 1 + + + + + + + 10.100.0.10 + 10.100.0.245 + + + + + + + public + + + + disabled + + + + + + pass + wan + inet + keep state + Allow traffic from the primary router to WAN interface + in + 1 + +
192.168.0.0/16
+ + + lan + + + root@10.100.0.10 + + /firewall_rules_edit.php made changes + + + root@10.100.0.10 + + /firewall_rules_edit.php made changes + + + + pass + wan + inet + keep state + Allow ICMP on Wan Interface + in + 1 + icmp + +
192.168.0.1
+ + + wanip + + + root@10.100.0.10 + + /firewall_rules_edit.php made changes + + + root@10.100.0.10 + + /firewall_rules_edit.php made changes + + + + pass + inet + Default allow LAN to any rule + lan + + lan + + + + + + + pass + inet6 + Default allow LAN IPv6 to any rule + lan + + lan + + + + + + + + + + + + ICMP + icmp + ICMP + + + + TCP + tcp + Generic TCP + + + + HTTP + http + Generic HTTP + + / + + 200 + + + + HTTPS + https + Generic HTTPS + + / + + 200 + + + + SMTP + send + Generic SMTP + + + 220 * + + + + + 0.opnsense.pool.ntp.org + + + system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show + 2 + dhcpd6 + + + root@192.168.1.10 + /diag_backup.php made changes + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 1 + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + v9 + + + + 0 + + 1800 + 15 + + + + 0 + 120 + 120 + 127.0.0.1 + 25 + + + 0 + auto + 1 + + + + + 0 + root + Gco2QHPETB3p0OYrAqm4qjLYnCXtR5b + 2812 + + + 5 + 1 + + + 0 + root@localhost.local + 0 + + + + + + + 1 + $HOST + + system + + + + 300 + 30 +
+ + + + bab99c6e-5310-4a0e-bb28-ae4bd88aa578,f7041eef-b012-4813-86cd-7f391b664f73,d029d431-7d9e-4c77-aeda-866020b133e2,a0f551a1-e94d-4a6e-9390-9c554b00e972 + + + + + 1 + RootFs + + filesystem + + + / + 300 + 30 +
+ + + + 311da6a1-b35b-4137-b52d-c114b000cdb1 + + + + + 0 + carp_status_change + + custom + + + /usr/local/opnsense/scripts/OPNsense/Monit/carp_status + 300 + 30 +
+ + + + 4ef02271-56c6-4334-b756-a441b0d6b934 + + + + + 0 + gateway_alert + + custom + + + /usr/local/opnsense/scripts/OPNsense/Monit/gateway_alert + 300 + 30 +
+ + + + 6489b90f-5a20-40de-b182-0afa5124726c + + + + + Ping + NetworkPing + failed ping + alert + + + + NetworkLink + NetworkInterface + failed link + alert + + + + NetworkSaturation + NetworkInterface + saturation is greater than 75% + alert + + + + MemoryUsage + SystemResource + memory usage is greater than 75% + alert + + + + CPUUsage + SystemResource + cpu usage is greater than 75% + alert + + + + LoadAvg1 + SystemResource + loadavg (1min) is greater than 8 + alert + + + + LoadAvg5 + SystemResource + loadavg (5min) is greater than 6 + alert + + + + LoadAvg15 + SystemResource + loadavg (15min) is greater than 4 + alert + + + + SpaceUsage + SpaceUsage + space usage is greater than 75% + alert + + + + ChangedStatus + ProgramStatus + changed status + alert + + + + NonZeroStatus + ProgramStatus + status != 0 + alert + + + + + + 1 + 1 + 31 + + + + + + + 0 + 53 + + + 0 + 0 + + 0 + 0 + + 0 + 0 + 0 + 0 + 0 + transparent + + 0 + + + + + + + + 1 + + + + + + + + + + + + + 1 + 0 + + 0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10 + + + + + + + + + + + + + + + + + + allow + + + 0 + + + + + + +
+ + + + 1 + + + + + + + + + + + + + + + + + 0 + + + + + + + + + + + + + + + + + + 0 + 0 + 0 + wan + 192.168.0.0/16,10.0.0.0/8,172.16.0.0/12 + + + W0D23 + 4 + + + + + + + 0 + 0 + 0 + + + + + + + + + + 0 + WAN_GW + WAN Gateway + wan + inet + + 1 + 0 + 0 + 0 + + 0 + 255 + 1 + + + + + + + + + + + + + + 0 + 127.0.0.1 + 8000 + + + + + 0 + + 4000 + 1 + + + 0 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 66140e2f5c134 + Web GUI TLS certificate + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVRzlsbm5ibEY1b0o2NUlYSDU4eXp1RGpVekIwd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5EQTBNRGd4TlRNek1EUmFGdzB5TlRBMU1UQXhOVE16TURSYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURmaWV5ZXJmeHo5VVdsdmFTZ1RhdS9FWWVtVElaaDc3dE9BcnhoVGVmQVNZNHVCUlV2CiszUEhCVGhvbjRpdjVYZlFXTTlVUThXRW5NN1JpTGlYa2ExeTYvMTFTTWwxVExaT3pPOEQxTnhTSHFUU25ES2cKUTBBdGNzYm9NRHFzajNPZnJxUk1YV1RWMHRDd0lTcVNSdzhNRUtnL01DVzY2WEtzTVNOUytvbEgzU2I5MnppYQoxaEM1eEV6K3YyTzdTd0pCZEVxTHdiSldwYTRHUlVGbWRxOVpVTWd2ZTVkSUFTVWVWTUVvNXA3b3hGYnhjcGhZCmlGNlZYY3VHTjMvaG4xSkNUSlV1Snc1Q0lpY29hRGlNRkEyeGI0eUwzUUxVQTUzcU9BNkVoTkw2aUpNdnVoVnoKcGdoejFwK3A2V1drKzdaYzlKYVVDODJBUks3eHJYL21RS21IM2JlMWlWTUY1eDFlSzZBSmppQzhNbVJ2cWlvbgoybnFwMStYZTlvK0xLUkZEeGZGT2hxYUJxYWQ4TkM3bWlITnRzVmxkOU1RSkZPcHdiVDNpbitrcFVnb3RGZlNCCnBraWVTVXVFQ0VaN0tGd0Z5eWlmc0JPWUhIV1U2R3dyQ3FheXJCZy9NcUF3NkxCaGphVVg4R2lLSTZOc1RDWWUKN0xyVk9aZFZUZnlVYTRPRjViNCtTWSt4QUJKWWg2UGgvUS9uZWZobUNNMUt0Ym1CK2F5RmJidGluK3o5aUpoUQpPREkzTmE1TVlYS1QvelVHVHEwVXZJRTBpR1lhM1RHdXc4TmZEWnFTcDZYWXV4Yy9DTk4zdHFhVDRtV21ncVZuClpTRHRHSjVEWDBnVG9jSkxXUllZUW53eVJMNHZwQlNnR2FYcVAxMmdESTNrWmhXNHJzeldWVTJGSVFJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRk1teXlmVURMRzRsZUlvdTQxMzdPcGtDKzVBY01JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVUc5bG4KbmJsRjVvSjY1SVhINTh5enVEalV6QjB3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQXBDUGxuUFpncHc2L2VSaWtSRDlaeVE4My9kZVNWelIxU3ZQSnl6MmQKTTkyaEk0bXU0Z1RKdmczQzg5KzZMRVNjeW51K2tIeTE2dG1SSTlwU0loZUlTK1RQRmt6Mk85dUJoUWc3RnVLQwp4NGJpU1VvcmxYQVMybFBIczBwU0lVRlJRL0Y1UlVxUytTZlpwZWJHSEtNTWFDNU1WV3NuZlgyTmJ3bnJkUmgvClJqczdKRFRia2drWHZSYUtQRDNwOXo5Vi9tT2tQTkIyOXFYUnhhMDlWSWhhU2sxMkdaaC9NWTNZMlpYUjJqOFgKZloxQVdyL1JJSFNpbHNzdlVFTEpLcm44Y1NjbVZvY00vdXdHNy9NaEg2cER1bXVrd2s5Q2dVQklnVUhnZjB1eAp0bFBGUWxmc2tHQU9DcW5OYXVvdkhHREVlWTBNeDRwaUVVUklpc2pEK1JlV2E1Vit3a2EwQ3FjY0hUOUk1c0hpCkYvZTQ3MkxFVGh2RjlYdzBJQVgzNUNxNStCTTRiTk5FSFlhL1ZOb1g5MVlFeEwwNFJoV3NzYlExREpGZ0xQbXgKb1MrenV5TmNKNDRJaFdwTERwNUZnaStFSEtwVWg2R1Q4TXVZaGEzSUJXeHV1N0V4dnh5U1pmRUMyRVNpSnN1RQpSZlJscHlPZmZKREdXYytaZHk2aVpFb3VqM3FiMUpxbXJ4ZWtoWHhzVmg2U1d1bFpmY3IwcytYL0NzMUEvQWRECjNPVGpkbjVhaFlybnF1STJ6VzBkQ0tlbFJNUnNpOXdwakFlakRQRE1JQnJBK3l0ajRoQmVYMGxtdUtCbGF4b3YKc213d3JFSXZxTElSK1YwdjdCSFl4Q2tvNi9lOEVKUERLdFRnYk0xRHlzS0krOTdkQmRqMk4rekxjcS83dFBvTQpFSUU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRUUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Nzd2dna25BZ0VBQW9JQ0FRRGZpZXllcmZ4ejlVV2wKdmFTZ1RhdS9FWWVtVElaaDc3dE9BcnhoVGVmQVNZNHVCUlV2KzNQSEJUaG9uNGl2NVhmUVdNOVVROFdFbk03UgppTGlYa2ExeTYvMTFTTWwxVExaT3pPOEQxTnhTSHFUU25ES2dRMEF0Y3Nib01EcXNqM09mcnFSTVhXVFYwdEN3CklTcVNSdzhNRUtnL01DVzY2WEtzTVNOUytvbEgzU2I5MnppYTFoQzV4RXordjJPN1N3SkJkRXFMd2JKV3BhNEcKUlVGbWRxOVpVTWd2ZTVkSUFTVWVWTUVvNXA3b3hGYnhjcGhZaUY2VlhjdUdOMy9objFKQ1RKVXVKdzVDSWljbwphRGlNRkEyeGI0eUwzUUxVQTUzcU9BNkVoTkw2aUpNdnVoVnpwZ2h6MXArcDZXV2srN1pjOUphVUM4MkFSSzd4CnJYL21RS21IM2JlMWlWTUY1eDFlSzZBSmppQzhNbVJ2cWlvbjJucXAxK1hlOW8rTEtSRkR4ZkZPaHFhQnFhZDgKTkM3bWlITnRzVmxkOU1RSkZPcHdiVDNpbitrcFVnb3RGZlNCcGtpZVNVdUVDRVo3S0Z3Rnl5aWZzQk9ZSEhXVQo2R3dyQ3FheXJCZy9NcUF3NkxCaGphVVg4R2lLSTZOc1RDWWU3THJWT1pkVlRmeVVhNE9GNWI0K1NZK3hBQkpZCmg2UGgvUS9uZWZobUNNMUt0Ym1CK2F5RmJidGluK3o5aUpoUU9ESTNOYTVNWVhLVC96VUdUcTBVdklFMGlHWWEKM1RHdXc4TmZEWnFTcDZYWXV4Yy9DTk4zdHFhVDRtV21ncVZuWlNEdEdKNURYMGdUb2NKTFdSWVlRbnd5Ukw0dgpwQlNnR2FYcVAxMmdESTNrWmhXNHJzeldWVTJGSVFJREFRQUJBb0lDQUFYTU1qaWdXeFNYMXkxWUNKSEd5ZTVMCjhsaDRFaUV1b2sxQTZXbGRwNlhYVW9wemc4dnBpZVJ1eUhxQUxyK2ZKRGNoWW9rMU04Vi9lcWE1Rk02TGp2UFUKMW85STZyNngxV1dnVDQrcUlPZTVWejJHSXhNQWc0VGFQZm51TEV0bThoRUJhczMzT3lNSGszV0orcXh1RHVBWgplMytlREZCM2R3dXJ2NWFLbkc1aWVEMHJ4eUZPN1lLZjZuNU44UFI5MnNwZlRZS243S3Z1SXFBVGdrRjUwUXp3Ck9TendGK21jYS8zSUpYVmQyOSsrSGVJbnZuZEhYQ3FrRXVBQmh2M1BUOGNiN04rVVVEeWJYYWdnNGR5U05aTzEKU0xBazlJcVNxSEVYY0pyenhmUU5BRUpENFlRTkdabUZoc0VWcGxiNzEwdzhaTDVrdXZqNWJ3OGlHSmZjYy9rZgpkdTRqT3RpbkgwRitoUFl0cmhDbDZ5QzlCckJiRmoxNUVYN01yM2xBMFdhSTFmdTVvdk1EZHpMZFY0a1NVQzhKCkR1VkhjS0s1UXpQN2xIc1ZXN2V2OVlQQlhYaFFXdWRwWEw0cmc4ZWF2eUhmTVdRakVUWFcraUFYZk0zMldBMWYKRUJBSHVWMHFLa0F1bUNYcXZTdXEzRXpBZkY4bWlmblA3MVRWQXdwVWJlNFM5ZDZUQVQrSW5hSlNpUU0waEtmUQpack44SFB2OEF2ME8xZHdvaGI3ZEVYZFdlNFZxcFJ3WGw0WG9CL2o1MHRObE12T1hKUHdxT1RhelVSR0RSWEFwClkwaWV4VUdvQVIxbzhad1dSU29pK3U3VDdjSnNzNXB0VHgwaGp5MHowcXVRRFVkYS8wOHdLUlRxMmRINVU0OTMKUHQvTENXSWNvWFIwZC9CQngwUzFBb0lCQVFEM0V6WWRTamtBcjN6UFlSMlo1dERQNUtmeHNLWlNoTWg5MkhhMworY0NFNkxheHd2NWFZYmNYcXFyU1dydjJmZ3FLc0p6a1Brb3dEaUNUZjJ0N2orRGRzd2p3TjNJWkd6UzVDZzVwCjlZc1pEbm9xd0tRRnd0akIyNEdWYndLY1Z3SE1tVWt5V2cyZVM5bmk0QncyZDJ0dnIwcVlVK1g4ZFNIUUZXUFoKYzZwV25YT3V5Mmw3dEpORFI5cThxcDVkcFBsR0JpZ05Va1dBNlk0ejJqeHQ0dnZMM29KelFBMnpqUEgwWWJrdQp5cHQzTytldVZ3RHFORU9NeWJHTmgyWWcyejQzNldLVmNqRWY5UC9hQUliMnl1SExPNHF4RGFqbGZLQTNVYStMCjlsZWlDZEY5S2hpeHYvYndPejdTaTNEWnF4TVpQOGp0V1V6NEorZnFlOFg2ZW14OUFvSUJBUURublJDV0dFRncKalgyd3EyZ2NadzJkQzRYaGM1ekFBcitiTWphMFB2bFMvbkNuTml4aWlaaitudm05VnZKZ3E2WVBscXJ6RjBrMQpFbGdYYktqSzEwTUJnZGc0WVZtSEMzd2ZzRmRyZmlQNmp1NGRURUk3aHQ1R3NGci9hbTd1amNrSFY2TThNZmtLClB0TTR0U3JpWjcxZHhaTjdzMEJlbk8wNDZnTXM4RlVPcFp3QWd1d3E3QmQ0VURSKzA4MGdHUHh0VTVkY0k3QnoKYnNLcG9jb2d1d01kV3FxSWk1aDBPWitxanZUdms5TmNjRjYrdFJHcExDeTB4RjlLZ1FFb2dXd05uVTVWNjNLegoxS2hnRzdmZjNOYmE4by8xelNoWWplQ3VBcGxmT2tabzhPODU5dHN3WlNhcDFFdlZ3VHp1OGovUWptcHVxZHRqCjUwQkVpaS9ERkxCMUFvSUJBRnRmcW5xb2tXNDBlRGNGbG5udFI3b3F1UVdFSys2R2x0TWJzOFFVUkdPaTRMWGIKQkZBT3BUVEdkRWc1TUJ4WHZyUk4zcWYyZFY5U1NpL2lSckM2cEJHNWZZdkJKWnd0V0pFNks5eDU1NGhMdDFpSwpSOTZ0a1pZWUJOTnI2NDVBQ3pWTVZ5cWM3VDVtbE56M3Z0ZFIwTlRNQWcxVnNjOXN6aVZ6VTZyK3dMY3BvYmU2CkdIZWNiMzNKWEJhOERyZFpKS3NGNmRnTFhoTHZ6UnhXRUZVZlJibSt2NFc1NFpkT2Y4aStQMHNUdU8wZXBXN3YKVkRKSlE5WVVYV3FXOFdralM5NUhuS0xpU1ZLbE85MjJwak10RXRZalhnWmVvK0RDOTBtZUZ3cnUvcmU1WTlVagpOV0MvT3FiYmNqOVJQRm56ajZ1ZDBFUWU2MzAyM09qMS8yREQxODBDZ2dFQVpNUjM3K1Z6cXlWVDl1Wk1NSGRCCmUvOEVhM2NpVG9Pam0wRDRmZWtjRGxpMjZIandUSnF5M3F5SjJTK1gyaWt6NFhwYXU5SjR2a2RSM2pjZkpNa00KMVA0SjlWV2RYdHpIVHY0b3VwS3gwcFFXMHRaWHhwQkI2cDFWcWVSRGlUUlVyd1lZOWRxRUVFb1BHWS93clhvVwo4RkpDZlVJYWtrOVNBajRGemFwdVJ5WVVQa0Mzd1dEZ1FTOGI5OFhzYTdlVE0zbDMwOVdQTWxtUkJiNW5NMkJKCjFaNlpyVGlXeHBJL2ZqUWVLcEcxRm5XcE11MlNWbmpxcG1iOVVtdlg5aWlBdTFlaU9rMXFwUVN6a01UZWRkNGQKK0RvcUdmWDlSTEhOZThlVHROT2t5SWx5ZTFTRVBvVHprbFhUL0piTERPYUdqeFUzQnhpTlkrUzdtRlpLdTJRbgo5UUtDQVFBeElTa1NrdjgrYTQrclh1TWVBMFFOL2xQMms4R0Y1dlJEYnc2QStjeVJicTlEdG1Lb285M0h2V3ZiClpXRjREdTVVNGdZam1WbkZZVDZaL1hJMUs2NUQvVzV1ejZlcFJtcGQ5T1VwbDZJczRHbDhqUXNESG5obkFWeVEKSmNydXMxRDIwdTA2NnB6U2VlQkFYSTN1elkxeThCeHJxQjYyRSs3ZlFSR1hjZ01BOU16blVhc01EemVEdkRVSQpyd2J2OUIvcEw5endWSzRPZGJ5ZHZHcnU1YU95cEZRaUtCcHhqWVVQMXZQM2UxZnFBWUowZzRNR1Mrb3Fwd0h6CmNXZUZxYVllQ2ZkYXhUNUg4WEhzMHlvQXU4d0JmVTVDcEs0S2JUUFVMR3RCYU43LzRib20rZk1jTmp3NGd4ODMKWG5Zd0s3YjdJT3pkQXlNTDZwWlBpeHR5NlNiUwotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg== + + + 1 + 1 + +