cicadaIncrease UFS read-ahead speeds to match the state of hard drives and NCQ.vfs.read_maxdefaultSet the ephemeral port range to be lower.net.inet.ip.portrange.firstdefaultDrop packets to closed TCP ports without returning a RSTnet.inet.tcp.blackholedefaultDo not send ICMP port unreachable messages for closed UDP portsnet.inet.udp.blackholedefaultRandomize the ID field in IP packetsnet.inet.ip.random_iddefault
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.
net.inet.ip.sourceroutedefault
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.
net.inet.ip.accept_sourceroutedefault
This option turns off the logging of redirect packets because there is no limit and this could fill
up your logs consuming your whole hard drive.
net.inet.icmp.log_redirectdefaultDrop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)net.inet.tcp.drop_synfindefaultEnable sending IPv6 redirectsnet.inet6.ip6.redirectdefaultEnable privacy settings for IPv6 (RFC 4941)net.inet6.ip6.use_tempaddrdefaultPrefer privacy addresses and use them over the normal addressesnet.inet6.ip6.prefer_tempaddrdefaultGenerate SYN cookies for outbound SYN-ACK packetsnet.inet.tcp.syncookiesdefaultMaximum incoming/outgoing TCP datagram size (receive)net.inet.tcp.recvspacedefaultMaximum incoming/outgoing TCP datagram size (send)net.inet.tcp.sendspacedefaultDo not delay ACK to try and piggyback it onto a data packetnet.inet.tcp.delayed_ackdefaultMaximum outgoing UDP datagram sizenet.inet.udp.maxdgramdefaultHandling of non-IP packets which are not passed to pfil (see if_bridge(4))net.link.bridge.pfil_onlyipdefaultSet to 1 to additionally filter on the physical interface for locally destined packetsnet.link.bridge.pfil_local_physdefaultSet to 0 to disable filtering on the incoming and outgoing member interfaces.net.link.bridge.pfil_memberdefaultSet to 1 to enable filtering on the bridge interfacenet.link.bridge.pfil_bridgedefaultAllow unprivileged access to tap(4) device nodesnet.link.tap.user_opendefaultRandomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())kern.randompiddefaultDisable CTRL+ALT+Delete reboot from keyboard.hw.syscons.kbd_rebootdefaultEnable TCP extended debuggingnet.inet.tcp.log_debugdefaultSet ICMP Limitsnet.inet.icmp.icmplimdefaultTCP Offload Enginenet.inet.tcp.tsodefaultUDP Checksumsnet.inet.udp.checksumdefaultMaximum socket buffer sizekern.ipc.maxsockbufdefaultPage Table Isolation (Meltdown mitigation, requires reboot.)vm.pmap.ptidefaultDisable Indirect Branch Restricted Speculation (Spectre V2 mitigation)hw.ibrs_disabledefaultHide processes running as other groupssecurity.bsd.see_other_gidsdefaultHide processes running as other userssecurity.bsd.see_other_uidsdefaultEnable/disable sending of ICMP redirects in response to IP packets for which a better,
and for the sender directly reachable, route and next hop is known.
net.inet.ip.redirectdefault
Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects
to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect
packets without returning a response.
net.inet.icmp.drop_redirect1Maximum outgoing UDP datagram sizenet.local.dgram.maxdgramdefaultnormalrouter-edgeramanetadminsSystem Administratorssystem1999020002001page-allrootSystem Administratorsystemadmins$2y$11$NgVcMFyIYgviLLTVCws4S.C3kNyY12q25vsZq/1omlBhtb.1OH.i20$2y$11$uqL6Ib2tOES9z4QDdESq6OQKQGVGBgtFeXZ9AotNTv/JfGvM/CtEOusermshillamMatthew Shillamc3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUFFNWFtWS9Fa3ZkVVM5c0Jrc2hEc3B6UExlY0FPc052S0xWU0Rod2h0QmMgbWF0dGhld0BzaGlsbGFtLm1lLnVrmatthew@shillam.me.uk2000/bin/sh$2y$11$TZZEuzrrPXSXPpKe5s1q5./eEn0cUazwnXCjhpEKnSMvEyBme/z2Wuserhomeassistant2001O74j4p/Sor7nIhnsXlxV2DSPXpXn1K3nXnxcqrfBUr8+HNUAzrpzOL+ubPJm0GT+GeX8RTeH+cFcGxL8$6$$By21ccLB5.0K1bXHBnNuijsd7zZYE1YRKVsomkunElAONlpGUXhioo.VWcBrz/A.vMTWXZpaUw3YnAmbUrnvl020022000Europe/London0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.orghttps66140e2f5c134rama-router-edge.shillam.me.ukyes111111hadphadphadpmonthly11admins1enabled-1-1os-git-backup,os-homeassistant-maxit,os-nextcloud-backup,os-qemu-guest-agent,os-theme-cicada,os-theme-rebellion,os-upnpen_US172.16.0.11urgent11https://gitea.shillam.me.uk/mshillam/OPNSense-ramanet-router-edge-backup.gitmastermshillamTWi7mE9rrxzXam0OPNsense-Backup1137592096392418369281q9-7dHcH-Uarlj_oD-RPzQ7QKrPlL6cqon60Syfhcefh1onMIIJqwIBAzCCCWQGCSqGSIb3DQEHAaCCCVUEgglRMIIJTTCCBXEGCSqGSIb3DQEHAaCCBWIEggVeMIIFWjCCBVYGCyqGSIb3DQEMCgECoIIE+zCCBPcwKQYKKoZIhvcNAQwBAzAbBBStgTWu5ptsbJmgVXjjQcMmvW832wIDAMNQBIIEyMg3AaY/tqTKKI+IBs850yddXWEoM6Yb0rrLv1rP8fB0a2ZUfq9R5f/GUbmCmoal/5PrvnhGNMZ/qhIdL/cUymZ3wRRq+9LdSsyDjvPcJ/eYZcKOkwEQ+q13I7sZKJpxUmvHBIKeJwTLbyj1y/fhOjh9b80ZcI1+Mu+ZR3WUll/U1deZ8Wz8Nt2zb0z9hDTWcfiQTUN1b6fG33Glj/aro6LJU9pIV8eL0K2xwH9xVJayM9+03zj7+3vPHXJN2rYNX6nMIDbK5dvIxX9BxHEZkXkvPSQgJyVFUqHbGSmnTUlDu1ZruIc3jQ0u109/aYIPGyg8aszRfyrk5rPdkr+ATg1653zgqoIxPnOV6iMOYV92VPIofnvwevx3inGykbYqSP0aeFhovEKCwJVjtLzQaiqnIJHyHLKN2NPrAWXsLhOu5iM1KK1HQqG74rTsY5kkv/wgdpItwfGfz4IWkQ1Q1+aVpC6P47Rrs9lMCiF3rgczxB4NJUK65NT0QWVBbejN8UPaZWZk6RE8u3m/URGNa2xgp1irEgvOrWaidPzY/xjtR2i1fqJgIqeUL/vK4WZr0T5OtAq9ehkvEm3GxWnbCDLCxKyk2cW45ShcOumcwdvua0tyIYgRkXboLqvmmlUm5jivqxZ4naGK4BJSvGepiuqdF4sWiuHMmFq/rw85uBbZOWAkfQjYSUUyTiEG7PBgXvSe0CCUTJrklBfjKjuvYgb4XuAU3x/Vrl9QDa2EJRhEr86kIgwneQvBSIN0uI1e9AY5rY8AUAzaybGVww09dPu1ghm0bJ+hQWs1w2WiiWrvi/AY1stIMg1cn7/9X5TG8PSMLPyIYCNfPrDxamCp5xBiuySZOhcADa9FURzrwFSxuDjNUTtbN78PVVDiKkvjOlZN2Hl80eGg27SjPWmmPgEYyT6pJUFrp65r4iVY1Aqg9wcsCEI61T8Y12ETPe5g43BK3FwSKSZVvLqJ9K4q22bpj/0RZYQusQrao0xPug5MVJ57dXpIcVNc9Fs1WdkohCwSSlkWBuuWBkN94U1qtDOy6fP5nzxuca8hpkdw5pt4sKHVN40BcygLuy7VojBhYTaWbfL2nVN/N3/buT3piA4kxwaP+sFMG0YMHIwOyIsppitZoBVD7cnXdSeIVO6Rzz/4R9AyBFrWoE85JDL2PGNUtp0zF3FT1SMPKsS8pa/w4QPgebIf+OM+TZEBo4+8NXVjG4koqF2CxOixH6tLECJ3ppZTDIL+A7K/7dFxqzVn472kpNb+EdYKF21f4lTOqV/kULkKJUiW48jJR0c8oHMIPJ6oJJcNnmOcevw3aKtP6fg30kyPVecl1np2ngDoxXbBYIqJvXjYMFvWGJrZtJ8ij3D36NqgzP2oHuiDNHStadIq/4gGR54qdY6dq2arMgkBNc7DCV2ZmWecTnlGV4pAPz6d9o3RNhDkjYQceCq8mCJz9LOcR6jj+S6TY55JRq7RuY+KjEkQx/LSALN+gyLf9aNCH5AY/nYz83M8mYbfwhuwfa/k143F5AwWTNKtVk60UJweVtLTgTutAWI1Ktyv5+bmnwYD1fuMsdY9cuk7lYBiT0iPLgLV6gxAKFbQzIl6N4/AQnBxZXDnYws6RkqSW9tU3mwgqzFIMCMGCSqGSIb3DQEJFDEWHhQAcAByAGkAdgBhAHQAZQBrAGUAeTAhBgkqhkiG9w0BCRUxFAQSVGltZSAxNzEyNjA0ODk3NzAyMIID1AYJKoZIhvcNAQcGoIIDxTCCA8ECAQAwggO6BgkqhkiG9w0BBwEwKQYKKoZIhvcNAQwBBjAbBBSFz4/dS0Q7F7nh6GQmyShGIpfYbwIDAMNQgIIDgM2DK+pM55K6AzcCzAi458SYJzo83lYMHtK6i3ml3Gcknpi4T/raNJDcdQ3HokdEim8wztUM6etGt5YRYeZconShSzZeWJver9mr2AQjbwSDtOeeG7eWwK/9qx6eoFfXQZ2XKqXdu/LPUDgSTxrnYhfoh/aybZLy5GQo0aw4mRlfg3falbSIxOrdzD9FWazQ/eKLSkJumLrxwD3r5Hrf2b1lDz/YMRFmKd97fqNjLg2+dlWAr1ybLXbrkaGz3TvJe0lKOgNqWHZ1MPA6QGqodMLgQ2wypUHj1M3yhcweQM07KQF8Tgodx5whiHVMcdz93sdyB2i54S16/SVd2BJ3ik+SDDtKfXldLPFTdpyGaDB/6jtG4E8SP2QFWwE5WSI+nnjRaUQhsyWTI5gtV0KYocRgfWrKUR2FFSGFnBwL+LEUL/K0YNieK+Ibo6pDyBZc/4iIO/J47ueNl3VUqnwH3xUDOSyy4yD2AjrpZSgyUqUSym1c28SDL2uHFlWXZMxN0AbrY5aT0e8BwM4VcO1Gm9T+78vPLFhObMO3j53dHUjSKUhJO4Th5rppRiY+9PVbO2zep2NxSvccB+0HUBjfVbnVQQiIxvUWA8u8VMRArXK8CpZgsGbh+m9htrHSO/olMVXMdb4E/nPWfm7NQz8hsX2AKcaYYidsbhDMT/BdbaPQW0YJ6mPm14gCa/N6fVPBHePLqQTVgTkcAfoULMCU8aFT6d6wDQbsZ2IeAfX7NXb0GAK8yE3w0yE8K6OL5Z621qOrz6iTfGuO0r92UBsGyuuy60jbr72v3Vv94DNZ0sFekDp6P08NvWCC4PIBNMphgPExEIYE+czHAj18tQviKJGtExqyqVcBKqnI9/6tp28oBL8iLvAZ2dANuHCE1xIxrcwbAqT6adnRMfj1PwiOYzrhc6x9ir/VRYvUntxBtu4fpwp0Rd101hFCf2fLqQGjPhFLLm638yRVb5q+vyPCDOjQrd8cbRG2pWT02MIJFEROGMQUN8AzhV0dS+jHl+nvjer8tzrh80h2dNRCxI8hMZiD520fPV5aV6r34pJDWCEsp4Rw4IasGTfzmj70CZnesoaZw9huCL/oX3DFCgctJVXNdMMrZhWZqn7lPxYrVV6fFOJxMPSLXAOPLDArAOFQS4/XYJDEg78Ncbf8HRSuNMc45zU7PdzG9IrKlkH8LMWHMD4wITAJBgUrDgMCGgUABBQTCLj66qTly8+l2Id+AnJWkgKDagQUlLtzywwe5mgBy+vpXWhR31nbvCYCAwGGoA==115200video1001adminsvtnet011dhcp32SavedCfgvtnet11110.100.0.124track601Loopback1lo0127.0.0.1::18128none11hmac-md510.100.0.22110.100.0.250ac:15:a2:02:b4:a110.100.0.2sw-tp-core-homeSwitch - TP-Link TL-SG108E - Core Homebc:24:11:4e:cf:c010.100.0.10docker-landlabDocker on Proxmox - Landlabbc:24:11:3d:31:5a10.100.0.11nasNas - Landlab88:66:5a:15:8a:9a10.100.0.20mats-macbook-wifiMats MacBook Pro Wifi.00:e0:4c:63:23:d810.100.0.21mats-macbook-ethMats MacBook Pro Eth.02:e8:8c:90:b9:c810.100.0.50haHome Assistantec:71:db:b3:c1:0a10.100.0.101sera1-cam1Sera1 - Cam1 - Reolink CX410ec:71:db:4a:75:9510.100.0.102sera1-cam2Sera1 - Cam2 - Reolink CX410ec:71:db:a5:ce:f410.100.0.103sera1-cam3Sera1 - Cam3 - Reolink CX410ec:71:db:d4:fa:1b10.100.0.104sera1-cam4Sera1 - Cam4 - Reolink CX410ec:71:db:eb:62:3b10.100.0.105sera1-cam5Sera1 - Cam5 - Reolink CX410ec:71:db:b7:cf:0b10.100.0.106sera1-cam6Sera1 - Cam6 - Reolink CX410b4:fb:e4:4c:5d:7e10.100.0.151ub-ap-sera1-northUnifi UAC Pro - AP - Sera1 Northfc:ec:da:10:73:b510.100.0.152ub-ap-sera1-southUnifi UAC Pro - AP - Sera1 Southpublicdisabledpasswaninetkeep stateAllow traffic from the primary router to WAN interfacein1
10.10.10.0/24
lanmshillam@192.168.1.203/firewall_rules_edit.php made changesroot@10.100.0.10/firewall_rules_edit.php made changes1passwaninetkeep stateAllow ICMP on Wan Interfacein11icmpwanwanipmshillam@192.168.1.201/firewall_rules_edit.php made changesroot@10.100.0.10/firewall_rules_edit.php made changespasswaninetkeep stateAllow Web ports through WAN interfacein11tcp/udp1
10.100.0.10
_web_portsmshillam@10.10.10.20/firewall_rules_edit.php made changesmshillam@10.10.10.20/firewall_rules_edit.php made changespassinetDefault allow LAN to any rulelanlanpassinet6Default allow LAN IPv6 to any rulelanlanICMPicmpICMPTCPtcpGeneric TCPHTTPhttpGeneric HTTP/200HTTPShttpsGeneric HTTPS/200SMTPsendGeneric SMTP220 *0.opnsense.pool.ntp.orgsystem_information-container:00000000-col3:show,gateways-container:00000001-col4:show,traffic_graphs-container:00000002-col4:show,interface_list-container:00000003-col4:show,services_status-container:00000004-col4:show2dhcpd6lan,wanmshillam@10.10.10.20/firewall_rules.php made changes101mats_macbook_wifihost010.10.10.20
10.100.0.20Mats MacBook Pro Wifi.1mats_macbook_ethhost010.10.10.21
10.100.0.21Mats MacBook Pro Eth.1mats_deviceshost0mats_macbook_wifi
mats_macbook_ethMats Devices1admin_deviceshost0mats_devicesAdmin devices with escalated network access.1_web_portsport080
443Web Portsv901800150120120127.0.0.1250auto10rootGco2QHPETB3p0OYrAqm4qjLYnCXtR5b2812510root@localhost.local01$HOSTsystem30030bab99c6e-5310-4a0e-bb28-ae4bd88aa578,f7041eef-b012-4813-86cd-7f391b664f73,d029d431-7d9e-4c77-aeda-866020b133e2,a0f551a1-e94d-4a6e-9390-9c554b00e9721RootFsfilesystem/30030311da6a1-b35b-4137-b52d-c114b000cdb10carp_status_changecustom/usr/local/opnsense/scripts/OPNsense/Monit/carp_status300304ef02271-56c6-4334-b756-a441b0d6b9340gateway_alertcustom/usr/local/opnsense/scripts/OPNsense/Monit/gateway_alert300306489b90f-5a20-40de-b182-0afa5124726cPingNetworkPingfailed pingalertNetworkLinkNetworkInterfacefailed linkalertNetworkSaturationNetworkInterfacesaturation is greater than 75%alertMemoryUsageSystemResourcememory usage is greater than 75%alertCPUUsageSystemResourcecpu usage is greater than 75%alertLoadAvg1SystemResourceloadavg (1min) is greater than 8alertLoadAvg5SystemResourceloadavg (5min) is greater than 6alertLoadAvg15SystemResourceloadavg (15min) is greater than 4alertSpaceUsageSpaceUsagespace usage is greater than 75%alertChangedStatusProgramStatuschanged statusalertNonZeroStatusProgramStatusstatus != 0alert1131053000000000transparent01100.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10allow010000wan192.168.0.0/16,10.0.0.0/8,172.16.0.0/12W0D2340000WAN_GWWAN Gatewaywaninet0000025510127.0.0.18000040001066140e2f5c134Web GUI TLS certificateLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVRzlsbm5ibEY1b0o2NUlYSDU4eXp1RGpVekIwd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5EQTBNRGd4TlRNek1EUmFGdzB5TlRBMU1UQXhOVE16TURSYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURmaWV5ZXJmeHo5VVdsdmFTZ1RhdS9FWWVtVElaaDc3dE9BcnhoVGVmQVNZNHVCUlV2CiszUEhCVGhvbjRpdjVYZlFXTTlVUThXRW5NN1JpTGlYa2ExeTYvMTFTTWwxVExaT3pPOEQxTnhTSHFUU25ES2cKUTBBdGNzYm9NRHFzajNPZnJxUk1YV1RWMHRDd0lTcVNSdzhNRUtnL01DVzY2WEtzTVNOUytvbEgzU2I5MnppYQoxaEM1eEV6K3YyTzdTd0pCZEVxTHdiSldwYTRHUlVGbWRxOVpVTWd2ZTVkSUFTVWVWTUVvNXA3b3hGYnhjcGhZCmlGNlZYY3VHTjMvaG4xSkNUSlV1Snc1Q0lpY29hRGlNRkEyeGI0eUwzUUxVQTUzcU9BNkVoTkw2aUpNdnVoVnoKcGdoejFwK3A2V1drKzdaYzlKYVVDODJBUks3eHJYL21RS21IM2JlMWlWTUY1eDFlSzZBSmppQzhNbVJ2cWlvbgoybnFwMStYZTlvK0xLUkZEeGZGT2hxYUJxYWQ4TkM3bWlITnRzVmxkOU1RSkZPcHdiVDNpbitrcFVnb3RGZlNCCnBraWVTVXVFQ0VaN0tGd0Z5eWlmc0JPWUhIV1U2R3dyQ3FheXJCZy9NcUF3NkxCaGphVVg4R2lLSTZOc1RDWWUKN0xyVk9aZFZUZnlVYTRPRjViNCtTWSt4QUJKWWg2UGgvUS9uZWZobUNNMUt0Ym1CK2F5RmJidGluK3o5aUpoUQpPREkzTmE1TVlYS1QvelVHVHEwVXZJRTBpR1lhM1RHdXc4TmZEWnFTcDZYWXV4Yy9DTk4zdHFhVDRtV21ncVZuClpTRHRHSjVEWDBnVG9jSkxXUllZUW53eVJMNHZwQlNnR2FYcVAxMmdESTNrWmhXNHJzeldWVTJGSVFJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRk1teXlmVURMRzRsZUlvdTQxMzdPcGtDKzVBY01JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVUc5bG4KbmJsRjVvSjY1SVhINTh5enVEalV6QjB3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQXBDUGxuUFpncHc2L2VSaWtSRDlaeVE4My9kZVNWelIxU3ZQSnl6MmQKTTkyaEk0bXU0Z1RKdmczQzg5KzZMRVNjeW51K2tIeTE2dG1SSTlwU0loZUlTK1RQRmt6Mk85dUJoUWc3RnVLQwp4NGJpU1VvcmxYQVMybFBIczBwU0lVRlJRL0Y1UlVxUytTZlpwZWJHSEtNTWFDNU1WV3NuZlgyTmJ3bnJkUmgvClJqczdKRFRia2drWHZSYUtQRDNwOXo5Vi9tT2tQTkIyOXFYUnhhMDlWSWhhU2sxMkdaaC9NWTNZMlpYUjJqOFgKZloxQVdyL1JJSFNpbHNzdlVFTEpLcm44Y1NjbVZvY00vdXdHNy9NaEg2cER1bXVrd2s5Q2dVQklnVUhnZjB1eAp0bFBGUWxmc2tHQU9DcW5OYXVvdkhHREVlWTBNeDRwaUVVUklpc2pEK1JlV2E1Vit3a2EwQ3FjY0hUOUk1c0hpCkYvZTQ3MkxFVGh2RjlYdzBJQVgzNUNxNStCTTRiTk5FSFlhL1ZOb1g5MVlFeEwwNFJoV3NzYlExREpGZ0xQbXgKb1MrenV5TmNKNDRJaFdwTERwNUZnaStFSEtwVWg2R1Q4TXVZaGEzSUJXeHV1N0V4dnh5U1pmRUMyRVNpSnN1RQpSZlJscHlPZmZKREdXYytaZHk2aVpFb3VqM3FiMUpxbXJ4ZWtoWHhzVmg2U1d1bFpmY3IwcytYL0NzMUEvQWRECjNPVGpkbjVhaFlybnF1STJ6VzBkQ0tlbFJNUnNpOXdwakFlakRQRE1JQnJBK3l0ajRoQmVYMGxtdUtCbGF4b3YKc213d3JFSXZxTElSK1YwdjdCSFl4Q2tvNi9lOEVKUERLdFRnYk0xRHlzS0krOTdkQmRqMk4rekxjcS83dFBvTQpFSUU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRUUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Nzd2dna25BZ0VBQW9JQ0FRRGZpZXllcmZ4ejlVV2wKdmFTZ1RhdS9FWWVtVElaaDc3dE9BcnhoVGVmQVNZNHVCUlV2KzNQSEJUaG9uNGl2NVhmUVdNOVVROFdFbk03UgppTGlYa2ExeTYvMTFTTWwxVExaT3pPOEQxTnhTSHFUU25ES2dRMEF0Y3Nib01EcXNqM09mcnFSTVhXVFYwdEN3CklTcVNSdzhNRUtnL01DVzY2WEtzTVNOUytvbEgzU2I5MnppYTFoQzV4RXordjJPN1N3SkJkRXFMd2JKV3BhNEcKUlVGbWRxOVpVTWd2ZTVkSUFTVWVWTUVvNXA3b3hGYnhjcGhZaUY2VlhjdUdOMy9objFKQ1RKVXVKdzVDSWljbwphRGlNRkEyeGI0eUwzUUxVQTUzcU9BNkVoTkw2aUpNdnVoVnpwZ2h6MXArcDZXV2srN1pjOUphVUM4MkFSSzd4CnJYL21RS21IM2JlMWlWTUY1eDFlSzZBSmppQzhNbVJ2cWlvbjJucXAxK1hlOW8rTEtSRkR4ZkZPaHFhQnFhZDgKTkM3bWlITnRzVmxkOU1RSkZPcHdiVDNpbitrcFVnb3RGZlNCcGtpZVNVdUVDRVo3S0Z3Rnl5aWZzQk9ZSEhXVQo2R3dyQ3FheXJCZy9NcUF3NkxCaGphVVg4R2lLSTZOc1RDWWU3THJWT1pkVlRmeVVhNE9GNWI0K1NZK3hBQkpZCmg2UGgvUS9uZWZobUNNMUt0Ym1CK2F5RmJidGluK3o5aUpoUU9ESTNOYTVNWVhLVC96VUdUcTBVdklFMGlHWWEKM1RHdXc4TmZEWnFTcDZYWXV4Yy9DTk4zdHFhVDRtV21ncVZuWlNEdEdKNURYMGdUb2NKTFdSWVlRbnd5Ukw0dgpwQlNnR2FYcVAxMmdESTNrWmhXNHJzeldWVTJGSVFJREFRQUJBb0lDQUFYTU1qaWdXeFNYMXkxWUNKSEd5ZTVMCjhsaDRFaUV1b2sxQTZXbGRwNlhYVW9wemc4dnBpZVJ1eUhxQUxyK2ZKRGNoWW9rMU04Vi9lcWE1Rk02TGp2UFUKMW85STZyNngxV1dnVDQrcUlPZTVWejJHSXhNQWc0VGFQZm51TEV0bThoRUJhczMzT3lNSGszV0orcXh1RHVBWgplMytlREZCM2R3dXJ2NWFLbkc1aWVEMHJ4eUZPN1lLZjZuNU44UFI5MnNwZlRZS243S3Z1SXFBVGdrRjUwUXp3Ck9TendGK21jYS8zSUpYVmQyOSsrSGVJbnZuZEhYQ3FrRXVBQmh2M1BUOGNiN04rVVVEeWJYYWdnNGR5U05aTzEKU0xBazlJcVNxSEVYY0pyenhmUU5BRUpENFlRTkdabUZoc0VWcGxiNzEwdzhaTDVrdXZqNWJ3OGlHSmZjYy9rZgpkdTRqT3RpbkgwRitoUFl0cmhDbDZ5QzlCckJiRmoxNUVYN01yM2xBMFdhSTFmdTVvdk1EZHpMZFY0a1NVQzhKCkR1VkhjS0s1UXpQN2xIc1ZXN2V2OVlQQlhYaFFXdWRwWEw0cmc4ZWF2eUhmTVdRakVUWFcraUFYZk0zMldBMWYKRUJBSHVWMHFLa0F1bUNYcXZTdXEzRXpBZkY4bWlmblA3MVRWQXdwVWJlNFM5ZDZUQVQrSW5hSlNpUU0waEtmUQpack44SFB2OEF2ME8xZHdvaGI3ZEVYZFdlNFZxcFJ3WGw0WG9CL2o1MHRObE12T1hKUHdxT1RhelVSR0RSWEFwClkwaWV4VUdvQVIxbzhad1dSU29pK3U3VDdjSnNzNXB0VHgwaGp5MHowcXVRRFVkYS8wOHdLUlRxMmRINVU0OTMKUHQvTENXSWNvWFIwZC9CQngwUzFBb0lCQVFEM0V6WWRTamtBcjN6UFlSMlo1dERQNUtmeHNLWlNoTWg5MkhhMworY0NFNkxheHd2NWFZYmNYcXFyU1dydjJmZ3FLc0p6a1Brb3dEaUNUZjJ0N2orRGRzd2p3TjNJWkd6UzVDZzVwCjlZc1pEbm9xd0tRRnd0akIyNEdWYndLY1Z3SE1tVWt5V2cyZVM5bmk0QncyZDJ0dnIwcVlVK1g4ZFNIUUZXUFoKYzZwV25YT3V5Mmw3dEpORFI5cThxcDVkcFBsR0JpZ05Va1dBNlk0ejJqeHQ0dnZMM29KelFBMnpqUEgwWWJrdQp5cHQzTytldVZ3RHFORU9NeWJHTmgyWWcyejQzNldLVmNqRWY5UC9hQUliMnl1SExPNHF4RGFqbGZLQTNVYStMCjlsZWlDZEY5S2hpeHYvYndPejdTaTNEWnF4TVpQOGp0V1V6NEorZnFlOFg2ZW14OUFvSUJBUURublJDV0dFRncKalgyd3EyZ2NadzJkQzRYaGM1ekFBcitiTWphMFB2bFMvbkNuTml4aWlaaitudm05VnZKZ3E2WVBscXJ6RjBrMQpFbGdYYktqSzEwTUJnZGc0WVZtSEMzd2ZzRmRyZmlQNmp1NGRURUk3aHQ1R3NGci9hbTd1amNrSFY2TThNZmtLClB0TTR0U3JpWjcxZHhaTjdzMEJlbk8wNDZnTXM4RlVPcFp3QWd1d3E3QmQ0VURSKzA4MGdHUHh0VTVkY0k3QnoKYnNLcG9jb2d1d01kV3FxSWk1aDBPWitxanZUdms5TmNjRjYrdFJHcExDeTB4RjlLZ1FFb2dXd05uVTVWNjNLegoxS2hnRzdmZjNOYmE4by8xelNoWWplQ3VBcGxmT2tabzhPODU5dHN3WlNhcDFFdlZ3VHp1OGovUWptcHVxZHRqCjUwQkVpaS9ERkxCMUFvSUJBRnRmcW5xb2tXNDBlRGNGbG5udFI3b3F1UVdFSys2R2x0TWJzOFFVUkdPaTRMWGIKQkZBT3BUVEdkRWc1TUJ4WHZyUk4zcWYyZFY5U1NpL2lSckM2cEJHNWZZdkJKWnd0V0pFNks5eDU1NGhMdDFpSwpSOTZ0a1pZWUJOTnI2NDVBQ3pWTVZ5cWM3VDVtbE56M3Z0ZFIwTlRNQWcxVnNjOXN6aVZ6VTZyK3dMY3BvYmU2CkdIZWNiMzNKWEJhOERyZFpKS3NGNmRnTFhoTHZ6UnhXRUZVZlJibSt2NFc1NFpkT2Y4aStQMHNUdU8wZXBXN3YKVkRKSlE5WVVYV3FXOFdralM5NUhuS0xpU1ZLbE85MjJwak10RXRZalhnWmVvK0RDOTBtZUZ3cnUvcmU1WTlVagpOV0MvT3FiYmNqOVJQRm56ajZ1ZDBFUWU2MzAyM09qMS8yREQxODBDZ2dFQVpNUjM3K1Z6cXlWVDl1Wk1NSGRCCmUvOEVhM2NpVG9Pam0wRDRmZWtjRGxpMjZIandUSnF5M3F5SjJTK1gyaWt6NFhwYXU5SjR2a2RSM2pjZkpNa00KMVA0SjlWV2RYdHpIVHY0b3VwS3gwcFFXMHRaWHhwQkI2cDFWcWVSRGlUUlVyd1lZOWRxRUVFb1BHWS93clhvVwo4RkpDZlVJYWtrOVNBajRGemFwdVJ5WVVQa0Mzd1dEZ1FTOGI5OFhzYTdlVE0zbDMwOVdQTWxtUkJiNW5NMkJKCjFaNlpyVGlXeHBJL2ZqUWVLcEcxRm5XcE11MlNWbmpxcG1iOVVtdlg5aWlBdTFlaU9rMXFwUVN6a01UZWRkNGQKK0RvcUdmWDlSTEhOZThlVHROT2t5SWx5ZTFTRVBvVHprbFhUL0piTERPYUdqeFUzQnhpTlkrUzdtRlpLdTJRbgo5UUtDQVFBeElTa1NrdjgrYTQrclh1TWVBMFFOL2xQMms4R0Y1dlJEYnc2QStjeVJicTlEdG1Lb285M0h2V3ZiClpXRjREdTVVNGdZam1WbkZZVDZaL1hJMUs2NUQvVzV1ejZlcFJtcGQ5T1VwbDZJczRHbDhqUXNESG5obkFWeVEKSmNydXMxRDIwdTA2NnB6U2VlQkFYSTN1elkxeThCeHJxQjYyRSs3ZlFSR1hjZ01BOU16blVhc01EemVEdkRVSQpyd2J2OUIvcEw5endWSzRPZGJ5ZHZHcnU1YU95cEZRaUtCcHhqWVVQMXZQM2UxZnFBWUowZzRNR1Mrb3Fwd0h6CmNXZUZxYVllQ2ZkYXhUNUg4WEhzMHlvQXU4d0JmVTVDcEs0S2JUUFVMR3RCYU43LzRib20rZk1jTmp3NGd4ODMKWG5Zd0s3YjdJT3pkQXlNTDZwWlBpeHR5NlNiUwotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==111wanlan