1041 lines
38 KiB
XML
1041 lines
38 KiB
XML
<?xml version="1.0"?>
|
|
<opnsense>
|
|
<theme>opnsense</theme>
|
|
<sysctl>
|
|
<item>
|
|
<descr>Disable the pf ftp proxy handler.</descr>
|
|
<tunable>debug.pfftpproxy</tunable>
|
|
<value>default</value>
|
|
</item>
|
|
<item>
|
|
<descr>Increase UFS read-ahead speeds to match current state of hard drives and NCQ. More information here: http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html</descr>
|
|
<tunable>vfs.read_max</tunable>
|
|
<value>default</value>
|
|
</item>
|
|
<item>
|
|
<descr>Set the ephemeral port range to be lower.</descr>
|
|
<tunable>net.inet.ip.portrange.first</tunable>
|
|
<value>default</value>
|
|
</item>
|
|
<item>
|
|
<descr>Drop packets to closed TCP ports without returning a RST</descr>
|
|
<tunable>net.inet.tcp.blackhole</tunable>
|
|
<value>default</value>
|
|
</item>
|
|
<item>
|
|
<descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
|
|
<tunable>net.inet.udp.blackhole</tunable>
|
|
<value>default</value>
|
|
</item>
|
|
<item>
|
|
<descr>Randomize the ID field in IP packets (default is 0: sequential IP IDs)</descr>
|
|
<tunable>net.inet.ip.random_id</tunable>
|
|
<value>default</value>
|
|
</item>
|
|
<item>
|
|
<descr>
|
|
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
|
|
It can also be used to probe for information about your internal networks. These functions come enabled
|
|
as part of the standard FreeBSD core system.
|
|
</descr>
|
|
<tunable>net.inet.ip.sourceroute</tunable>
|
|
<value>default</value>
|
|
</item>
|
|
<item>
|
|
<descr>
|
|
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
|
|
It can also be used to probe for information about your internal networks. These functions come enabled
|
|
as part of the standard FreeBSD core system.
|
|
</descr>
|
|
<tunable>net.inet.ip.accept_sourceroute</tunable>
|
|
<value>default</value>
|
|
</item>
|
|
<item>
|
|
<descr>
|
|
Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects
|
|
to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect
|
|
packets without returning a response.
|
|
</descr>
|
|
<tunable>net.inet.icmp.drop_redirect</tunable>
|
|
<value>default</value>
|
|
</item>
|
|
<item>
|
|
<descr>
|
|
This option turns off the logging of redirect packets because there is no limit and this could fill
|
|
up your logs consuming your whole hard drive.
|
|
</descr>
|
|
<tunable>net.inet.icmp.log_redirect</tunable>
|
|
<value>default</value>
|
|
</item>
|
|
<item>
|
|
<descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
|
|
<tunable>net.inet.tcp.drop_synfin</tunable>
|
|
<value>default</value>
|
|
</item>
|
|
<item>
|
|
<descr>Enable sending IPv4 redirects</descr>
|
|
<tunable>net.inet.ip.redirect</tunable>
|
|
<value>default</value>
|
|
</item>
|
|
<item>
|
|
<descr>Enable sending IPv6 redirects</descr>
|
|
<tunable>net.inet6.ip6.redirect</tunable>
|
|
<value>default</value>
|
|
</item>
|
|
<item>
|
|
<descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
|
|
<tunable>net.inet6.ip6.use_tempaddr</tunable>
|
|
<value>default</value>
|
|
</item>
|
|
<item>
|
|
<descr>Prefer privacy addresses and use them over the normal addresses</descr>
|
|
<tunable>net.inet6.ip6.prefer_tempaddr</tunable>
|
|
<value>default</value>
|
|
</item>
|
|
<item>
|
|
<descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
|
|
<tunable>net.inet.tcp.syncookies</tunable>
|
|
<value>default</value>
|
|
</item>
|
|
<item>
|
|
<descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
|
|
<tunable>net.inet.tcp.recvspace</tunable>
|
|
<value>default</value>
|
|
</item>
|
|
<item>
|
|
<descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
|
|
<tunable>net.inet.tcp.sendspace</tunable>
|
|
<value>default</value>
|
|
</item>
|
|
<item>
|
|
<descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
|
|
<tunable>net.inet.tcp.delayed_ack</tunable>
|
|
<value>default</value>
|
|
</item>
|
|
<item>
|
|
<descr>Maximum outgoing UDP datagram size</descr>
|
|
<tunable>net.inet.udp.maxdgram</tunable>
|
|
<value>default</value>
|
|
</item>
|
|
<item>
|
|
<descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
|
|
<tunable>net.link.bridge.pfil_onlyip</tunable>
|
|
<value>default</value>
|
|
</item>
|
|
<item>
|
|
<descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
|
|
<tunable>net.link.bridge.pfil_member</tunable>
|
|
<value>default</value>
|
|
</item>
|
|
<item>
|
|
<descr>Set to 1 to enable filtering on the bridge interface</descr>
|
|
<tunable>net.link.bridge.pfil_bridge</tunable>
|
|
<value>default</value>
|
|
</item>
|
|
<item>
|
|
<descr>Allow unprivileged access to tap(4) device nodes</descr>
|
|
<tunable>net.link.tap.user_open</tunable>
|
|
<value>default</value>
|
|
</item>
|
|
<item>
|
|
<descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
|
|
<tunable>kern.randompid</tunable>
|
|
<value>default</value>
|
|
</item>
|
|
<item>
|
|
<descr>Maximum size of the IP input queue</descr>
|
|
<tunable>net.inet.ip.intr_queue_maxlen</tunable>
|
|
<value>default</value>
|
|
</item>
|
|
<item>
|
|
<descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
|
|
<tunable>hw.syscons.kbd_reboot</tunable>
|
|
<value>default</value>
|
|
</item>
|
|
<item>
|
|
<descr>Enable TCP extended debugging</descr>
|
|
<tunable>net.inet.tcp.log_debug</tunable>
|
|
<value>default</value>
|
|
</item>
|
|
<item>
|
|
<descr>Set ICMP Limits</descr>
|
|
<tunable>net.inet.icmp.icmplim</tunable>
|
|
<value>default</value>
|
|
</item>
|
|
<item>
|
|
<descr>TCP Offload Engine</descr>
|
|
<tunable>net.inet.tcp.tso</tunable>
|
|
<value>default</value>
|
|
</item>
|
|
<item>
|
|
<descr>UDP Checksums</descr>
|
|
<tunable>net.inet.udp.checksum</tunable>
|
|
<value>default</value>
|
|
</item>
|
|
<item>
|
|
<descr>Maximum socket buffer size</descr>
|
|
<tunable>kern.ipc.maxsockbuf</tunable>
|
|
<value>default</value>
|
|
</item>
|
|
</sysctl>
|
|
<system>
|
|
<optimization>normal</optimization>
|
|
<hostname>pfv-core-rtr01</hostname>
|
|
<domain>pfv.turnsys.net</domain>
|
|
<group>
|
|
<name>admins</name>
|
|
<description>System Administrators</description>
|
|
<scope>system</scope>
|
|
<gid>1999</gid>
|
|
<member>0</member>
|
|
<priv>user-shell-access</priv>
|
|
<priv>page-all</priv>
|
|
</group>
|
|
<user>
|
|
<name>root</name>
|
|
<descr>System Administrator</descr>
|
|
<scope>system</scope>
|
|
<groupname>admins</groupname>
|
|
<password>$2b$10$aGhrQyAdjqqWt4Rz/2nzi.EVhxDEgehnX5uVUbmC87.DGogM0Op6O</password>
|
|
<uid>0</uid>
|
|
<expires/>
|
|
<authorizedkeys>c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFDbzVUMEZFVUtvWWF4Umhqczl5V3pLdEV5WHVLSnZUV29scnlEMzk1ZXF5QkoweE94YmtYSis4RU13S3RXTTZOVzVxYXFXYlQySkovVnpPSWNvWW14QXUrK3F3U1dPZXNrVnIrRnhQcjJ5cGFXRDk4bkp5K0NwWjlSTjZQdzZLaWtIYWt5cXpTVVdLWGRvdldpVHBkenFSTytqMExtSm1nVWlUM05zaDQyZXlidnQvVDdKTWtWRzRXK2pvUlgrRENTNFVJUlJRZ01SRDRUcUJRL2pyOW03VnMwYUpuMWxmbGdzcHJzYWNnb2crc0hsRXppdHd3Y1JxTU5wcDVKbTBEZmhqNlBxQXZzZ0tKWVdPT01GVm93dkdzcW5ROXdxSm81QWxsbGJUR1YxUkhlSUJPM2ZSUlU4VWQ5VFBBM0FmeDE2L2FwZjFua0xoVjhRWDltSXhFV3ANCnNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQy9MWUhqNE04dlBiZ3JpQ2l4Z0VwYjBRcHVKTU9meXNvVThHNlNWcllENm9taGFhZGptSE1GNWErUTU3WEVVMkFPL05TUFpyNkxUa3UzblJWOGp1eThYVUtVODM2K0VYWjJISUJwTDVVZkt6bXdqcjBET3RhTE54L2tJRWtWRC9tQnhoRkg0QVhpVVV2ZGZqQmQ2TnZTT3BiVVpZaHBaOERkRU03QnhWaU92M1dBcWY3eUNRSWRnMTViOG1HZG5nbnpjcytpelVpZSsrcy9PSDFKcWdtTFVIUDNBeFRxNFlFUktOOWsyQnlOdFI3TzZQR2crR3ZUdWtVN2dubWxNWm1xS293RVlFRTJERGRkbVNrdmVaalJHZW00WlRxRXU5MDRwRE1kdnF0TzVTYmVDTHUrNmlBbFMvYTk4YVZQYmljMGlPdE1wRXd2OXZ6VGlwVG1hNTRs</authorizedkeys>
|
|
<ipsecpsk/>
|
|
<otp_seed/>
|
|
</user>
|
|
<nextuid>2000</nextuid>
|
|
<nextgid>2000</nextgid>
|
|
<timezone>America/Chicago</timezone>
|
|
<time-update-interval>300</time-update-interval>
|
|
<timeservers>0.nl.pool.ntp.org</timeservers>
|
|
<webgui>
|
|
<protocol>https</protocol>
|
|
<ssl-certref>5a16ea4a3fdf7</ssl-certref>
|
|
<port/>
|
|
<ssl-ciphers/>
|
|
<compression/>
|
|
</webgui>
|
|
<disablenatreflection>yes</disablenatreflection>
|
|
<usevirtualterminal>1</usevirtualterminal>
|
|
<disableconsolemenu>1</disableconsolemenu>
|
|
<disablechecksumoffloading>1</disablechecksumoffloading>
|
|
<disablesegmentationoffloading>1</disablesegmentationoffloading>
|
|
<disablelargereceiveoffloading>1</disablelargereceiveoffloading>
|
|
<ipv6allow/>
|
|
<powerd_ac_mode>hadp</powerd_ac_mode>
|
|
<powerd_battery_mode>hadp</powerd_battery_mode>
|
|
<powerd_normal_mode>hadp</powerd_normal_mode>
|
|
<bogons>
|
|
<interval>monthly</interval>
|
|
</bogons>
|
|
<kill_states/>
|
|
<backupcount>60</backupcount>
|
|
<crypto_hardware>aesni</crypto_hardware>
|
|
<language>en_US</language>
|
|
<dnsserver>8.8.8.8</dnsserver>
|
|
<sudo_allow_wheel>2</sudo_allow_wheel>
|
|
<serialspeed>115200</serialspeed>
|
|
<primaryconsole>video</primaryconsole>
|
|
<ssh>
|
|
<noauto>1</noauto>
|
|
<enabled>enabled</enabled>
|
|
<passwordauth>1</passwordauth>
|
|
<permitrootlogin>1</permitrootlogin>
|
|
</ssh>
|
|
<dns1gw>none</dns1gw>
|
|
<dns2gw>none</dns2gw>
|
|
<dns3gw>none</dns3gw>
|
|
<dns4gw>none</dns4gw>
|
|
<dns5gw>none</dns5gw>
|
|
<dns6gw>none</dns6gw>
|
|
<dns7gw>none</dns7gw>
|
|
<dns8gw>none</dns8gw>
|
|
</system>
|
|
<interfaces>
|
|
<lan>
|
|
<if>em0_vlan30</if>
|
|
<descr>ProductionManagement</descr>
|
|
<enable>1</enable>
|
|
<spoofmac/>
|
|
<ipaddr>10.251.30.252</ipaddr>
|
|
<subnet>24</subnet>
|
|
</lan>
|
|
<wan>
|
|
<if>ue0</if>
|
|
<enable>1</enable>
|
|
<ipaddr>dhcp</ipaddr>
|
|
<ipaddrv6>dhcp6</ipaddrv6>
|
|
<blockbogons>on</blockbogons>
|
|
<subnet>32</subnet>
|
|
</wan>
|
|
<opt2>
|
|
<if>em0_vlan200</if>
|
|
<descr>Nerdbone</descr>
|
|
<enable>1</enable>
|
|
<spoofmac/>
|
|
<ipaddr>10.251.200.252</ipaddr>
|
|
<subnet>24</subnet>
|
|
</opt2>
|
|
<opt1>
|
|
<if>em0_vlan100</if>
|
|
<descr>TheNerdery</descr>
|
|
<enable>1</enable>
|
|
<spoofmac/>
|
|
<ipaddr>10.251.100.252</ipaddr>
|
|
<subnet>24</subnet>
|
|
</opt1>
|
|
<openvpn>
|
|
<internal_dynamic>1</internal_dynamic>
|
|
<enable>1</enable>
|
|
<if>openvpn</if>
|
|
<descr>OpenVPN</descr>
|
|
<type>group</type>
|
|
<virtual>1</virtual>
|
|
</openvpn>
|
|
<opt3>
|
|
<if>em0_vlan22</if>
|
|
<descr>LabManagement</descr>
|
|
<enable>1</enable>
|
|
<spoofmac/>
|
|
<ipaddr>10.251.22.252</ipaddr>
|
|
<subnet>24</subnet>
|
|
</opt3>
|
|
<opt4>
|
|
<if>em0_vlan3</if>
|
|
<descr>RRAP</descr>
|
|
<enable>1</enable>
|
|
<spoofmac/>
|
|
<ipaddr>10.251.3.252</ipaddr>
|
|
<subnet>24</subnet>
|
|
</opt4>
|
|
<opt5>
|
|
<if>em0_vlan4</if>
|
|
<descr>RRSW</descr>
|
|
<enable>1</enable>
|
|
<spoofmac/>
|
|
<ipaddr>10.251.4.252</ipaddr>
|
|
<subnet>24</subnet>
|
|
</opt5>
|
|
<opt6>
|
|
<if>em0_vlan5</if>
|
|
<descr>RRVOIP</descr>
|
|
<enable>1</enable>
|
|
<spoofmac/>
|
|
<ipaddr>10.251.5.252</ipaddr>
|
|
<subnet>24</subnet>
|
|
</opt6>
|
|
<opt7>
|
|
<if>em0_vlan6</if>
|
|
<descr>RRRTRLan</descr>
|
|
<enable>1</enable>
|
|
<spoofmac/>
|
|
<ipaddr>10.251.6.252</ipaddr>
|
|
<subnet>24</subnet>
|
|
</opt7>
|
|
<opt8>
|
|
<if>em0_vlan7</if>
|
|
<descr>RRIPTV</descr>
|
|
<enable>1</enable>
|
|
<spoofmac/>
|
|
<ipaddr>10.251.7.252</ipaddr>
|
|
<subnet>24</subnet>
|
|
</opt8>
|
|
</interfaces>
|
|
<dhcpd>
|
|
<lan>
|
|
<enable>1</enable>
|
|
<range>
|
|
<from>10.251.30.10</from>
|
|
<to>10.251.30.245</to>
|
|
</range>
|
|
</lan>
|
|
<opt1>
|
|
<enable>1</enable>
|
|
<numberoptions/>
|
|
<range>
|
|
<from>10.251.100.100</from>
|
|
<to>10.251.100.200</to>
|
|
</range>
|
|
<dnsserver>10.251.30.71</dnsserver>
|
|
</opt1>
|
|
</dhcpd>
|
|
<unbound>
|
|
<enable>1</enable>
|
|
<dnssec>1</dnssec>
|
|
<dnssecstripped>1</dnssecstripped>
|
|
</unbound>
|
|
<snmpd>
|
|
<modules>
|
|
<mibii>1</mibii>
|
|
<netgraph>1</netgraph>
|
|
<pf>1</pf>
|
|
<hostres>1</hostres>
|
|
</modules>
|
|
<enable>1</enable>
|
|
<rocommunity>kn3lmgmt</rocommunity>
|
|
<pollport>161</pollport>
|
|
<syslocation>PFV</syslocation>
|
|
<syscontact/>
|
|
<trapserver/>
|
|
<trapserverport>162</trapserverport>
|
|
<trapstring/>
|
|
<bindip>lan</bindip>
|
|
</snmpd>
|
|
<syslog>
|
|
<reverse>1</reverse>
|
|
<nentries>50</nentries>
|
|
<remoteserver>10.253.3.99</remoteserver>
|
|
<remoteserver2/>
|
|
<remoteserver3/>
|
|
<sourceip/>
|
|
<ipproto>ipv4</ipproto>
|
|
<logall>1</logall>
|
|
<enable>1</enable>
|
|
</syslog>
|
|
<nat>
|
|
<outbound>
|
|
<mode>automatic</mode>
|
|
</outbound>
|
|
</nat>
|
|
<filter>
|
|
<rule>
|
|
<type>pass</type>
|
|
<interface>opt1</interface>
|
|
<ipprotocol>inet</ipprotocol>
|
|
<statetype>keep state</statetype>
|
|
<descr>Allow TheNerdery full access</descr>
|
|
<direction>out</direction>
|
|
<quick>yes</quick>
|
|
<floating>yes</floating>
|
|
<source>
|
|
<network>opt1</network>
|
|
</source>
|
|
<destination>
|
|
<any>1</any>
|
|
</destination>
|
|
<updated>
|
|
<username>root@10.251.100.101</username>
|
|
<time>1512005312.2896</time>
|
|
<description>/firewall_rules_edit.php made changes</description>
|
|
</updated>
|
|
<created>
|
|
<username>root@10.251.100.101</username>
|
|
<time>1512005312.2896</time>
|
|
<description>/firewall_rules_edit.php made changes</description>
|
|
</created>
|
|
</rule>
|
|
<rule>
|
|
<type>pass</type>
|
|
<ipprotocol>inet</ipprotocol>
|
|
<descr>Default allow LAN to any rule</descr>
|
|
<interface>lan</interface>
|
|
<source>
|
|
<network>lan</network>
|
|
</source>
|
|
<destination>
|
|
<any/>
|
|
</destination>
|
|
</rule>
|
|
<rule>
|
|
<type>pass</type>
|
|
<ipprotocol>inet6</ipprotocol>
|
|
<descr>Default allow LAN IPv6 to any rule</descr>
|
|
<interface>lan</interface>
|
|
<source>
|
|
<network>lan</network>
|
|
</source>
|
|
<destination>
|
|
<any/>
|
|
</destination>
|
|
</rule>
|
|
<rule>
|
|
<type>pass</type>
|
|
<interface>openvpn</interface>
|
|
<ipprotocol>inet</ipprotocol>
|
|
<statetype>keep state</statetype>
|
|
<protocol>tcp</protocol>
|
|
<source>
|
|
<address>192.168.198.1/30</address>
|
|
</source>
|
|
<destination>
|
|
<address>192.168.198.2/30</address>
|
|
<port>179</port>
|
|
</destination>
|
|
<updated>
|
|
<username>root@10.251.100.100</username>
|
|
<time>1511636936.8881</time>
|
|
<description>/firewall_rules_edit.php made changes</description>
|
|
</updated>
|
|
<created>
|
|
<username>root@10.251.100.100</username>
|
|
<time>1511636643.7199</time>
|
|
<description>/firewall_rules_edit.php made changes</description>
|
|
</created>
|
|
</rule>
|
|
<rule>
|
|
<type>pass</type>
|
|
<interface>openvpn</interface>
|
|
<ipprotocol>inet</ipprotocol>
|
|
<statetype>keep state</statetype>
|
|
<descr>allow road warrior full access pass</descr>
|
|
<source>
|
|
<address>172.16.80.0/24</address>
|
|
</source>
|
|
<destination>
|
|
<any>1</any>
|
|
</destination>
|
|
<updated>
|
|
<username>root@10.251.100.101</username>
|
|
<time>1512005158.8433</time>
|
|
<description>/firewall_rules_edit.php made changes</description>
|
|
</updated>
|
|
<created>
|
|
<username>root@10.251.100.101</username>
|
|
<time>1512005158.8433</time>
|
|
<description>/firewall_rules_edit.php made changes</description>
|
|
</created>
|
|
</rule>
|
|
<rule>
|
|
<type>pass</type>
|
|
<interface>openvpn</interface>
|
|
<ipprotocol>inet</ipprotocol>
|
|
<statetype>keep state</statetype>
|
|
<descr>allow toolbox full access (librenms etc)</descr>
|
|
<source>
|
|
<address>10.253.3.99</address>
|
|
</source>
|
|
<destination>
|
|
<any>1</any>
|
|
</destination>
|
|
<updated>
|
|
<username>root@10.251.100.101</username>
|
|
<time>1512227140.3773</time>
|
|
<description>/firewall_rules_edit.php made changes</description>
|
|
</updated>
|
|
<created>
|
|
<username>root@10.251.100.101</username>
|
|
<time>1512227140.3773</time>
|
|
<description>/firewall_rules_edit.php made changes</description>
|
|
</created>
|
|
</rule>
|
|
<rule>
|
|
<type>pass</type>
|
|
<interface>openvpn</interface>
|
|
<ipprotocol>inet</ipprotocol>
|
|
<statetype>keep state</statetype>
|
|
<descr>allow satx workstation net access</descr>
|
|
<source>
|
|
<address>10.40.50.0/24</address>
|
|
</source>
|
|
<destination>
|
|
<any>1</any>
|
|
</destination>
|
|
<updated>
|
|
<username>root@10.251.100.101</username>
|
|
<time>1512227203.5376</time>
|
|
<description>/firewall_rules_edit.php made changes</description>
|
|
</updated>
|
|
<created>
|
|
<username>root@10.251.100.101</username>
|
|
<time>1512227203.5376</time>
|
|
<description>/firewall_rules_edit.php made changes</description>
|
|
</created>
|
|
</rule>
|
|
<rule>
|
|
<type>pass</type>
|
|
<interface>opt1</interface>
|
|
<ipprotocol>inet</ipprotocol>
|
|
<statetype>keep state</statetype>
|
|
<descr>Default allow LAN to any rule</descr>
|
|
<source>
|
|
<network>opt1</network>
|
|
</source>
|
|
<destination>
|
|
<any>1</any>
|
|
</destination>
|
|
<updated>
|
|
<username>root@10.251.30.10</username>
|
|
<time>1511623940.7898</time>
|
|
<description>/firewall_rules_edit.php made changes</description>
|
|
</updated>
|
|
<created>
|
|
<username>root@10.251.30.10</username>
|
|
<time>1511623940.7898</time>
|
|
<description>/firewall_rules_edit.php made changes</description>
|
|
</created>
|
|
</rule>
|
|
<rule>
|
|
<type>pass</type>
|
|
<interface>opt3</interface>
|
|
<ipprotocol>inet</ipprotocol>
|
|
<statetype>keep state</statetype>
|
|
<descr>allow pfv-consrv outbound access</descr>
|
|
<source>
|
|
<address>10.251.22.3</address>
|
|
</source>
|
|
<destination>
|
|
<any>1</any>
|
|
</destination>
|
|
<updated>
|
|
<username>root@10.251.100.101</username>
|
|
<time>1512330491.1084</time>
|
|
<description>/firewall_rules_edit.php made changes</description>
|
|
</updated>
|
|
<created>
|
|
<username>root@10.251.100.101</username>
|
|
<time>1512330491.1084</time>
|
|
<description>/firewall_rules_edit.php made changes</description>
|
|
</created>
|
|
</rule>
|
|
<rule>
|
|
<type>pass</type>
|
|
<interface>opt3</interface>
|
|
<ipprotocol>inet</ipprotocol>
|
|
<statetype>keep state</statetype>
|
|
<descr>allow pfv-octopi outbound access</descr>
|
|
<source>
|
|
<address>10.251.22.23</address>
|
|
</source>
|
|
<destination>
|
|
<any>1</any>
|
|
</destination>
|
|
<updated>
|
|
<username>root@10.251.100.101</username>
|
|
<time>1512832374.3339</time>
|
|
<description>/firewall_rules_edit.php made changes</description>
|
|
</updated>
|
|
<created>
|
|
<username>root@10.251.100.101</username>
|
|
<time>1512832374.3339</time>
|
|
<description>/firewall_rules_edit.php made changes</description>
|
|
</created>
|
|
</rule>
|
|
</filter>
|
|
<rrd>
|
|
<enable/>
|
|
</rrd>
|
|
<load_balancer>
|
|
<monitor_type>
|
|
<name>ICMP</name>
|
|
<type>icmp</type>
|
|
<descr>ICMP</descr>
|
|
<options/>
|
|
</monitor_type>
|
|
<monitor_type>
|
|
<name>TCP</name>
|
|
<type>tcp</type>
|
|
<descr>Generic TCP</descr>
|
|
<options/>
|
|
</monitor_type>
|
|
<monitor_type>
|
|
<name>HTTP</name>
|
|
<type>http</type>
|
|
<descr>Generic HTTP</descr>
|
|
<options>
|
|
<path>/</path>
|
|
<host/>
|
|
<code>200</code>
|
|
</options>
|
|
</monitor_type>
|
|
<monitor_type>
|
|
<name>HTTPS</name>
|
|
<type>https</type>
|
|
<descr>Generic HTTPS</descr>
|
|
<options>
|
|
<path>/</path>
|
|
<host/>
|
|
<code>200</code>
|
|
</options>
|
|
</monitor_type>
|
|
<monitor_type>
|
|
<name>SMTP</name>
|
|
<type>send</type>
|
|
<descr>Generic SMTP</descr>
|
|
<options>
|
|
<send/>
|
|
<expect>220 *</expect>
|
|
</options>
|
|
</monitor_type>
|
|
</load_balancer>
|
|
<widgets>
|
|
<sequence>system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show</sequence>
|
|
<column_count>2</column_count>
|
|
</widgets>
|
|
<revision>
|
|
<username>root@10.40.50.77</username>
|
|
<time>1518050271.9921</time>
|
|
<description>/system_usermanager.php made changes</description>
|
|
</revision>
|
|
<OPNsense>
|
|
<captiveportal version="1.0.0">
|
|
<zones/>
|
|
<templates/>
|
|
</captiveportal>
|
|
<cron version="1.0.0">
|
|
<jobs/>
|
|
</cron>
|
|
<IDS version="1.0.1">
|
|
<rules/>
|
|
<userDefinedRules/>
|
|
<files/>
|
|
<fileTags/>
|
|
<general>
|
|
<enabled>0</enabled>
|
|
<ips>0</ips>
|
|
<promisc>0</promisc>
|
|
<interfaces>wan</interfaces>
|
|
<homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
|
|
<defaultPacketSize/>
|
|
<UpdateCron/>
|
|
<AlertLogrotate>W0D23</AlertLogrotate>
|
|
<AlertSaveLogs>4</AlertSaveLogs>
|
|
<MPMAlgo>ac</MPMAlgo>
|
|
<syslog>0</syslog>
|
|
</general>
|
|
</IDS>
|
|
<proxy version="1.0.0">
|
|
<general>
|
|
<enabled>0</enabled>
|
|
<icpPort/>
|
|
<logging>
|
|
<enable>
|
|
<accessLog>1</accessLog>
|
|
<storeLog>1</storeLog>
|
|
</enable>
|
|
<ignoreLogACL/>
|
|
<target/>
|
|
</logging>
|
|
<alternateDNSservers/>
|
|
<dnsV4First>0</dnsV4First>
|
|
<forwardedForHandling>on</forwardedForHandling>
|
|
<uriWhitespaceHandling>strip</uriWhitespaceHandling>
|
|
<useViaHeader>1</useViaHeader>
|
|
<suppressVersion>0</suppressVersion>
|
|
<VisibleEmail>admin@localhost.local</VisibleEmail>
|
|
<VisibleHostname>localhost</VisibleHostname>
|
|
<cache>
|
|
<local>
|
|
<enabled>0</enabled>
|
|
<directory>/var/squid/cache</directory>
|
|
<cache_mem>256</cache_mem>
|
|
<maximum_object_size/>
|
|
<size>100</size>
|
|
<l1>16</l1>
|
|
<l2>256</l2>
|
|
</local>
|
|
</cache>
|
|
<traffic>
|
|
<enabled>0</enabled>
|
|
<maxDownloadSize>2048</maxDownloadSize>
|
|
<maxUploadSize>1024</maxUploadSize>
|
|
<OverallBandwidthTrotteling>1024</OverallBandwidthTrotteling>
|
|
<perHostTrotteling>256</perHostTrotteling>
|
|
</traffic>
|
|
</general>
|
|
<forward>
|
|
<interfaces>lan</interfaces>
|
|
<port>3128</port>
|
|
<sslbumpport>3129</sslbumpport>
|
|
<sslbump>0</sslbump>
|
|
<sslurlonly>0</sslurlonly>
|
|
<sslcertificate/>
|
|
<sslnobumpsites/>
|
|
<ssl_crtd_storage_max_size>4</ssl_crtd_storage_max_size>
|
|
<sslcrtd_children>5</sslcrtd_children>
|
|
<ftpInterfaces/>
|
|
<ftpPort>2121</ftpPort>
|
|
<ftpTransparentMode>0</ftpTransparentMode>
|
|
<addACLforInterfaceSubnets>1</addACLforInterfaceSubnets>
|
|
<transparentMode>0</transparentMode>
|
|
<acl>
|
|
<allowedSubnets/>
|
|
<unrestricted/>
|
|
<bannedHosts/>
|
|
<whiteList/>
|
|
<blackList/>
|
|
<browser/>
|
|
<mimeType/>
|
|
<safePorts>80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http</safePorts>
|
|
<sslPorts>443:https</sslPorts>
|
|
<remoteACLs>
|
|
<blacklists/>
|
|
<UpdateCron/>
|
|
</remoteACLs>
|
|
</acl>
|
|
<icap>
|
|
<enable>0</enable>
|
|
<RequestURL>icap://[::1]:1344/avscan</RequestURL>
|
|
<ResponseURL>icap://[::1]:1344/avscan</ResponseURL>
|
|
<SendClientIP>1</SendClientIP>
|
|
<SendUsername>0</SendUsername>
|
|
<EncodeUsername>0</EncodeUsername>
|
|
<UsernameHeader>X-Username</UsernameHeader>
|
|
<EnablePreview>1</EnablePreview>
|
|
<PreviewSize>1024</PreviewSize>
|
|
<OptionsTTL>60</OptionsTTL>
|
|
<exclude/>
|
|
</icap>
|
|
<authentication>
|
|
<method/>
|
|
<realm>OPNsense proxy authentication</realm>
|
|
<credentialsttl>2</credentialsttl>
|
|
<children>5</children>
|
|
</authentication>
|
|
</forward>
|
|
</proxy>
|
|
<TrafficShaper version="1.0.1">
|
|
<pipes/>
|
|
<queues/>
|
|
<rules/>
|
|
</TrafficShaper>
|
|
<quagga>
|
|
<bgp version="0.0.0">
|
|
<enabled>1</enabled>
|
|
<asnumber>64524</asnumber>
|
|
<networks>10.251.0.0/16,192.168.198.0/30</networks>
|
|
<redistribute/>
|
|
<neighbors>
|
|
<neighbor uuid="0db0a9b5-23c9-4412-aa5d-180899fe5ebc">
|
|
<enabled>1</enabled>
|
|
<address>192.168.198.1</address>
|
|
<remoteas>64517</remoteas>
|
|
<updatesource>openvpn</updatesource>
|
|
<nexthopself>0</nexthopself>
|
|
<defaultoriginate>0</defaultoriginate>
|
|
<linkedPrefixlistIn/>
|
|
<linkedPrefixlistOut/>
|
|
<linkedRoutemapIn/>
|
|
<linkedRoutemapOut/>
|
|
</neighbor>
|
|
</neighbors>
|
|
<aspaths/>
|
|
<prefixlists/>
|
|
<routemaps/>
|
|
</bgp>
|
|
<general version="0.0.0">
|
|
<enabled>1</enabled>
|
|
<enablelogfile>0</enablelogfile>
|
|
<logfilelevel>debugging</logfilelevel>
|
|
<enablesyslog>0</enablesyslog>
|
|
<sysloglevel>notifications</sysloglevel>
|
|
</general>
|
|
</quagga>
|
|
<clamav>
|
|
<general version="1.0.0">
|
|
<enabled>0</enabled>
|
|
<fc_enabled>0</fc_enabled>
|
|
<enabletcp>1</enabletcp>
|
|
<maxthreads>10</maxthreads>
|
|
<maxqueue>100</maxqueue>
|
|
<idletimeout>30</idletimeout>
|
|
<maxdirrecursion>20</maxdirrecursion>
|
|
<followdirsym>0</followdirsym>
|
|
<followfilesym>0</followfilesym>
|
|
<disablecache>0</disablecache>
|
|
<scanpe>1</scanpe>
|
|
<scanelf>1</scanelf>
|
|
<detectbroken>0</detectbroken>
|
|
<scanole2>1</scanole2>
|
|
<ole2blockmarcros>0</ole2blockmarcros>
|
|
<scanpdf>1</scanpdf>
|
|
<scanswf>1</scanswf>
|
|
<scanxmldocs>1</scanxmldocs>
|
|
<scanhwp3>1</scanhwp3>
|
|
<scanmailfiles>1</scanmailfiles>
|
|
<scanhtml>1</scanhtml>
|
|
<scanarchive>1</scanarchive>
|
|
<arcblockenc>0</arcblockenc>
|
|
<maxscansize>100M</maxscansize>
|
|
<maxfilesize>25M</maxfilesize>
|
|
<maxrecursion>16</maxrecursion>
|
|
<maxfiles>10000</maxfiles>
|
|
<fc_logverbose>0</fc_logverbose>
|
|
<fc_databasemirror>database.clamav.net</fc_databasemirror>
|
|
<fc_timeout>60</fc_timeout>
|
|
</general>
|
|
</clamav>
|
|
<Netflow version="1.0.0">
|
|
<capture>
|
|
<interfaces>lan,wan,opt2,opt1,openvpn,opt3,opt4,opt5,opt6,opt7,opt8</interfaces>
|
|
<egress_only>wan</egress_only>
|
|
<version>v9</version>
|
|
<targets/>
|
|
</capture>
|
|
<collect>
|
|
<enable>0</enable>
|
|
</collect>
|
|
</Netflow>
|
|
</OPNsense>
|
|
<cert>
|
|
<refid>5a16ea4a3fdf7</refid>
|
|
<descr>Web GUI SSL certificate</descr>
|
|
<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZiekNDQTFlZ0F3SUJBZ0lKQUlMTmRkUi9XWUp6TUEwR0NTcUdTSWIzRFFFQkN3VUFNRTR4Q3pBSkJnTlYKQkFZVEFrNU1NUlV3RXdZRFZRUUlEQXhhZFdsa0xVaHZiR3hoYm1ReEZUQVRCZ05WQkFjTURFMXBaR1JsYkdoaApjbTVwY3pFUk1BOEdBMVVFQ2d3SVQxQk9jMlZ1YzJVd0hoY05NVGN4TVRJek1UVXpNek0zV2hjTk1UZ3hNVEl6Ck1UVXpNek0zV2pCT01Rc3dDUVlEVlFRR0V3Sk9UREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXcKRXdZRFZRUUhEQXhOYVdSa1pXeG9ZWEp1YVhNeEVUQVBCZ05WQkFvTUNFOVFUbk5sYm5ObE1JSUNJakFOQmdrcQpoa2lHOXcwQkFRRUZBQU9DQWc4QU1JSUNDZ0tDQWdFQXpFOXUzblNNSkkyemxuL2dVS3dRY2JmQTQ3RjlvU28wClRFbDhMQ2EyVEtuUC9QQXZScnkxMCtsYXQzOXJVNHV5MnB4MmhpNklNU1lkNnp1dG9yVkpMM2tjajU0NC9OVXEKVyszNE5LRnpBNjQ3a3RPN0pTanByRnVwTHZoMjNPc0hkTUkyalV3UDRQaVQva08wdHBOT3JCTlBkSkhpVXdmQgpCdzNVbXl6Tk1xOFZseS9MVXRoWFphVUxnbCs1U2FsWHFQaGpJdktRcTZHODJPaWZFNWRYSGdJQ1UrWFZ0OXgvCmFjQ1BDaUwveVlmUlgvR2tDdk1qSjljdDlOY3FSRURZU0hDS2FHVnNtaFMrUzlIM1J3Y0djMDAxQi9KaldaeHEKZnJRQ1RVV1RrVHVNNitTQW9ZY0xsUFpUZ3lvc0xaL0RvRHV3bHpDL1hJVG5sQ01SNnQ1Uy9sV0lYREw5Zmc4VQptMnZqRkpPK0NLWlRjc3lxaHY5TTFXT0lpbEl0a2ZlQzZzNzgvN3JMaC9GaEsxMzZGM3V6dktoTnlldEJBRXZUCnpiNDlQUC9MZG0zbU5ubkViSS91V2ttMmE2Z2hHZWhNQVA5V1ZLZGtBK2w4ZWlveVAweWNSV3R5bVExYk1sZUkKRWxGMVJlcHhLMWFkQ0xxSTJyVEJRam90T3JFeVJYSGsrbnByU1dyTWRXcHRGa3o5c0Z4TE0ySEVRbXcxTThCZgppeEVIUlhwNFhrR2MyUmhaNlZqNXB0dGJBdlFQcmEzUG1PZWhka2UzQjBsMDhTZVhiNHF3M3NHUERYRHZqYzdTCnhYWHdiMVc4RDJXVUU5b0xrcS90b2xjV3NLZHdhWlJFU2xlTDlsNEEwWkp3a3ErNEsvK0c2aVZRQ1VJSjRRdE4KOE9MT2pCT1JVdjhDQXdFQUFhTlFNRTR3SFFZRFZSME9CQllFRkswVzdoZ1l6aG1IWG15eDhUNGVxaVQ3L1FGdwpNQjhHQTFVZEl3UVlNQmFBRkswVzdoZ1l6aG1IWG15eDhUNGVxaVQ3L1FGd01Bd0dBMVVkRXdRRk1BTUJBZjh3CkRRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFGM3g0UW1LamZNbXArWm1OZXo5S3ZEb1ZSMlpnNTd0WkJha2RRdFMKcUN0V3kyRGV1M1Qya00wbWNtSzRwZ1VsaG9FT2t6dmlqVkZ5SGI5UDlQc0pHUG1pUUp5QTRjelR0Q0lmakNIbApic2RyWjRudEdnWmVWZmZEdFNiYU9LdkpubFZtZUQxcGJ0UmtNSHdKTmRCWTZtbUZFTUJkOGxMZ09IMndlNXNQCjZMZnRaLzBMTDdSdXg5aEI1d1dzaitqdjgvdWhGMnJUZ0dZRi9oMjQ1OFl1bzdyVk5wYjNZSEo4enpyZ09aOWUKeWo5bGh2Zk5YUXk4clBQaXJmNWxscWk3RFBKVStGVzdCL2Y3NmlsbmxLdkEvZDdOUHRDL3lNUlk2eDJoN3krdgptUVhtYUUzUzRUcEFtcmh5M3NabFBubWpSQ1hId1lSRHlGT3ZWZUt0UzFUbExyNDlieTYrNWdzcjJvWXlmTUwrCjVkeFdBQ2ppb280dk8xcWI4NjVOUmhjMU9lWm1GZVZtYmRRQmFOc24wNkJUWjNVczBBbU15UStVSkdIc0xxeTIKQ2I5YmlWTmJWZG10M3ZTa3lVdzN5c3N5RU1jQmdMTXdkU0NaeHo3bDVlbjZBLzhoTjBreHR1OGh0clpWRkRTNAo2dHd5WXdOc2hZUStwTFpialMrVUpOeWY1YlNrMVZQeWlaOCtiSUNqMFZPbEVNSk9acG91UFVrS0ZOa0JzY0oxCk81bG1CNGtFUVNORlUzWHJlanA2bGFncDIxUTgxWE5ZZUFYZ21yNnVmSlNRZ3Y3TXJBem0xYnIvY2dvQkM1UVkKUzNEZXhsOUdGZklIWlRHS05Ubm9ka21SaFhOemNtN2Q5QlF1ZnpRZ21QbjdqZE9FNXpGY0s2ckordk1Hb3l3cgphTnIvCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
|
|
<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRRE1UMjdlZEl3a2piT1cKZitCUXJCQnh0OERqc1gyaEtqUk1TWHdzSnJaTXFjLzg4QzlHdkxYVDZWcTNmMnRUaTdMYW5IYUdMb2d4SmgzcgpPNjJpdFVrdmVSeVBuamo4MVNwYjdmZzBvWE1Ecmp1UzA3c2xLT21zVzZrdStIYmM2d2Qwd2phTlRBL2crSlArClE3UzJrMDZzRTA5MGtlSlRCOEVIRGRTYkxNMHlyeFdYTDh0UzJGZGxwUXVDWDdsSnFWZW8rR01pOHBDcm9ielkKNko4VGwxY2VBZ0pUNWRXMzNIOXB3SThLSXYvSmg5RmY4YVFLOHlNbjF5MzAxeXBFUU5oSWNJcG9aV3lhRkw1TAowZmRIQndaelRUVUg4bU5abkdwK3RBSk5SWk9STzR6cjVJQ2hod3VVOWxPREtpd3RuOE9nTzdDWE1MOWNoT2VVCkl4SHEzbEwrVlloY012MStEeFNiYStNVWs3NElwbE55ektxRy8welZZNGlLVWkyUjk0THF6dnovdXN1SDhXRXIKWGZvWGU3TzhxRTNKNjBFQVM5UE52ajA4Lzh0MmJlWTJlY1Jzais1YVNiWnJxQ0VaNkV3QS8xWlVwMlFENlh4NgpLakkvVEp4RmEzS1pEVnN5VjRnU1VYVkY2bkVyVnAwSXVvamF0TUZDT2kwNnNUSkZjZVQ2ZW10SmFzeDFhbTBXClRQMndYRXN6WWNSQ2JEVXp3RitMRVFkRmVuaGVRWnpaR0ZucFdQbW0yMXNDOUErdHJjK1k1NkYyUjdjSFNYVHgKSjVkdmlyRGV3WThOY08rTnp0TEZkZkJ2VmJ3UFpaUVQyZ3VTcisyaVZ4YXdwM0JwbEVSS1Y0djJYZ0RSa25DUwpyN2dyLzRicUpWQUpRZ25oQzAzdzRzNk1FNUZTL3dJREFRQUJBb0lDQUFjempZN2R3TXJSQzlGME5HM2pncmpmClp6Y2ZYSFEvenBRWnl2eXJhS1dQSHJ1bG82VDBwZHdRVDVoRUwzNUVZRXVBVkZVcWNyWjR4M2t4STArbTRDdUMKTTFXRW1ER2hPZHIvcWs0QW10TTRZdlVyN1Y3RDhHaVkybi9EVmowM000NFVBbVE4bUJxdjZGZC8vM0NvQkkvZwpKbDdQZlpDN3B6d2VhcTRGaUQ0UEdjMjRhNHhCLytLZlRLYU54VFFwZWVPRXpjbS9qd1hkcjVCZHNxMjRHZVArCjRpSWU2Y2VQU0Jac0tSNk1XVU83TzlBTDdtSk1hNkxOM05yU2NyVHhMQzV4ZVE5dzg4RUNsaXFKL2hOTTFoZGUKVTA0eVp2b1RuMVZUOXZqT1NRTkhmQkljZmNRenhGNjl4L2ZKbHNFTTdwSkpTRklyNzdMTkpIUitQL1Z0WExOMgpFczZyOE9qZzR5ZlZZdzhRSmlmRFh1ZjVyQlFRZDl4OUh4NGYzNTZEVkpQNU0vNkVscHlpT01FL1drMFZpTndVClg5N1BYbjlwY0RvRWpEUzNoeEN2cjF3aTFPRmtXTDByL2VOUDNIa2lLbml5RHh2b2U4YjFVTVlDOHZ0N2lUSHkKSno3anU1ZnFZa2dxWC9iWVZKTlAxNHlVOVhhNVAzUC9idklqSXQ3Wk9DaU0yOFhZdUtLZmllVDl4QXVLWGIyKwp6RUtTeS92S2xJbVdqZjhDRmNYbG1VN214OXNoaEVCZ1VDVFduODRhbUhYdkxudk5yY3VObHlvMmc0OS9FeTgyCkgrUXU1MzdRbE5tc0Mva09LVXJocm41NmVRVW9HTGNMb1ZQeU55aHFKUUV5QW0rSVlWNmpmY0F0N2ExZlh3VlYKdU4rSkxRalpUZVhoSE51d0NtWmhBb0lCQVFEN09NelJQUUNzdjVuUzUvampJOHlZRGdtd3ROcWlHVUgwTnNzcApiQVlvVkJCSlQ1M1VGNUt5SHNrQ3JDR2ZQY1J1Q0MwejBpbVRJUFhrdU5CMXJ6MlMvRFVFcm1MaHRKc1liWFJFCjBwUU1HaDRzVTZUVGhyZnlJRHRPMVVnVXlydHNXc05YYUtwT1hIS0QyeXI1RzZMYU1RUStPdCsyMmxNU0JreFcKaFRmc090NjU1UWxGUGprRm56MmF6ZFNwMUVWOUFTV3pNRksxUWRUWjNPTmNGcnE3YUliZUhRY0VSWXhoVTQvOAo2TXNWQ2I0U2FlQTJ6UXRNTW1Sc0dheU1sTFAwMi9WaCs3M3RhQ09RRlNnc0cwNTlkZmtscGpCejFsc1h4MFFkCk80WExxa1k0WWdFZGdtQUxuWHF4VzdZUzhCRjl3QW9yVEFIV290SVdQSkhqSUhCWEFvSUJBUURRTWpocC84b1kKaFQ2Mkk1Nk1WdDArZy95cEpEOTV6VXFnV0xPR0dOVFkwSUtOcVByK1N6VEVVR2diaFZLL3B6ZXo5ZWtMOU5qeAo3RTg3QkN4S3ZuRktuamtSclN6SlFITVdXVGsraVplRldwTEFhZm9mczdCNDFLeGhXU1plK1g0Wmp2YlpXMmlRCmt0bVVaemFkbmRRK0MxVlVaMGg5RzFOMnUwSlpQQVA3UHhSVE43WEpFNFJvdkgvYW9oVU92NTNSNi9idEN6M1oKcHh6d0VFY1JxVHRyc2ZCQUkyZWI2NGJNYkdSQWNmRXVVaGp1NGJOT0lleUt6OEpuOU1pdldjQzFUZjFmY2ZXTgpPb0hocjBVbkpydXpiMjRvWHpmL21KZXFpNGxuZ2ZQUndPQ0x6NVBiL1J5S2pLV3BDekhEVWRZaVZLMkVuVW1PCnk1SXFCYzhYS2VtWkFvSUJBR3BvZWFDYTFTRldtcUlScllNUUU4WElGR1NyaGZ1bzlSMnE0OHlzdThMek1GN04KQVUzbm1qUW1CQUJFeG96N2phc0pmWlA0amJHTEFYd2FwL2xnKzVTNWpQOXBtZXArSkQ5cGhSanRsTlczYmxaYQpLM09KR1hyT0dqRGUrQVFPaHVwelcxQTN2Z01vOXp4UVpkaFQwMXZWN1RVcW5MMkhwaTM1U3ZaT3dRd25OMVhICjVIQlcxYkpDNjhZWkx0MnNVcTZMQU52d09PZ2JkVHUrYXZNRGtaNTF2TUp4eXhvTkYxUFdJQ1FBdXB3em56V1AKY08vbFU4YTNoWCtnTkV6clkzbndmUFErdkFqRjFtSmVBOEVDNC9FU09qQ3ZQdENoMTcydm9uTTdWZ1daSHRzYwo3OW4rOGcyWmEzR2FKZm5KZzY4ZTIyL1JadW54MTBpaDZTMHAvVXNDZ2dFQWV0L1k2YjU4Y1NKYTA3YU1BWG5XCjArbWorZE9aM3ZJcGhCODF2UVAwd3cyMHI1UzJwZFNQRFBvRHA1SjFOd1dpMjRSY0NhRjFWTHJLUENPSFhJbXYKWllHaVh1dGREbDRLVG50VVRMTjZDTXRlNTA3a3YwY1c5UWxYdjVDVkUrS2Q2TW0ycUt2Sk4rSmpwYkdReTA5MgpEelF6SlVCYnlQS1N2UFZpQURacWh5TkFoS2pSa2g0QnZLcmJycGFRWlFiMFJ3dkR6VDBnUU0vZlJWUG1EZWRhCldZSklNQ0oxS05IRjJlcHk5SklLN1BLcEludDBqcjE0MUtndnJaa0x4R250VVZQNUlSYXAvTE0yS3BOOTlkQm4KWVV4M3NENGFWN0NnZXBnbC9ULzJQYXBmSEVUam1DZDNhOUg4aDV0Q3dHc1JQV3ZLaVFVbmY2NW4wb05oS09PawpxUUtDQVFFQXFGY1B0SXNraGdRb3MvNlI1MW41MzVld1k0QTRGTnhWTjh1NUtMT25vbGo1RW4zWTNWTEV2c2NCCnF6a2VTNlJSckU5aTNtZVYvd0xWUTVRWFFFY2VnMUtJNlhjc2toRXUvT0phUnM2ODVwWlk3SjgwcCs1SXg0VW8KZ2lmaFBhWDZ0NllFR3hLSnYvV0JuS3dUbTdiQkVDeUV6d3JJQ1RNaEdManFBdlAvMXVveUJkeGFjc1lWd1FSUwo3eHhsUjdWa0k1SGtHMTFiSWRpL1RtK0gzRy9aZVlvTkN6ME9ZSmZ2d2R3ZlRDZFBXSjc1S3M2VW9MWDdQYW9sClhFRldWQndjbklwUHZCa0lmS3l4cjVhY21SeTFLazdrTEZMTTg4WUVGbVB6UEhXbEtFSFdOS0JWbDl0VEhLaXkKZ3l0ekxEYXpDQjdYbjErYjZBa0lNcmpabHg5SVdBPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
|
|
</cert>
|
|
<vlans>
|
|
<vlan>
|
|
<if>em0</if>
|
|
<tag>30</tag>
|
|
<pcp>0</pcp>
|
|
<descr>Production Management</descr>
|
|
<vlanif>em0_vlan30</vlanif>
|
|
</vlan>
|
|
<vlan>
|
|
<if>em0</if>
|
|
<tag>100</tag>
|
|
<pcp>0</pcp>
|
|
<descr>TheNerdery</descr>
|
|
<vlanif>em0_vlan100</vlanif>
|
|
</vlan>
|
|
<vlan>
|
|
<if>em0</if>
|
|
<tag>22</tag>
|
|
<pcp>0</pcp>
|
|
<descr>Lab Management</descr>
|
|
<vlanif>em0_vlan22</vlanif>
|
|
</vlan>
|
|
<vlan>
|
|
<if>em0</if>
|
|
<tag>200</tag>
|
|
<pcp>0</pcp>
|
|
<descr>Nerdbone</descr>
|
|
<vlanif>em0_vlan200</vlanif>
|
|
</vlan>
|
|
<vlan>
|
|
<if>em0</if>
|
|
<tag>3</tag>
|
|
<pcp>0</pcp>
|
|
<descr>RR-AP</descr>
|
|
<vlanif>em0_vlan3</vlanif>
|
|
</vlan>
|
|
<vlan>
|
|
<if>em0</if>
|
|
<tag>4</tag>
|
|
<pcp>0</pcp>
|
|
<descr>RR-Sw</descr>
|
|
<vlanif>em0_vlan4</vlanif>
|
|
</vlan>
|
|
<vlan>
|
|
<if>em0</if>
|
|
<tag>5</tag>
|
|
<pcp>0</pcp>
|
|
<descr>RR-Voip</descr>
|
|
<vlanif>em0_vlan5</vlanif>
|
|
</vlan>
|
|
<vlan>
|
|
<if>em0</if>
|
|
<tag>6</tag>
|
|
<pcp>0</pcp>
|
|
<descr>RR-RtrLan</descr>
|
|
<vlanif>em0_vlan6</vlanif>
|
|
</vlan>
|
|
<vlan>
|
|
<if>em0</if>
|
|
<tag>7</tag>
|
|
<pcp>0</pcp>
|
|
<descr>RR-IPTV</descr>
|
|
<vlanif>em0_vlan7</vlanif>
|
|
</vlan>
|
|
<vlan>
|
|
<if>em0</if>
|
|
<tag>8</tag>
|
|
<pcp>0</pcp>
|
|
<descr>RR-PeanutGallery1</descr>
|
|
<vlanif>em0_vlan8</vlanif>
|
|
</vlan>
|
|
<vlan>
|
|
<if>em0</if>
|
|
<tag>9</tag>
|
|
<pcp>0</pcp>
|
|
<descr>RR-Malzoo</descr>
|
|
<vlanif>em0_vlan9</vlanif>
|
|
</vlan>
|
|
<vlan>
|
|
<if>em0</if>
|
|
<tag>10</tag>
|
|
<pcp>0</pcp>
|
|
<descr>RR-Fstack1</descr>
|
|
<vlanif>em0_vlan10</vlanif>
|
|
</vlan>
|
|
<vlan>
|
|
<if>em0</if>
|
|
<tag>11</tag>
|
|
<pcp>0</pcp>
|
|
<descr>RR-RtrWan</descr>
|
|
<vlanif>em0_vlan11</vlanif>
|
|
</vlan>
|
|
</vlans>
|
|
<ppps/>
|
|
<openvpn>
|
|
<openvpn-client>
|
|
<protocol>TCP</protocol>
|
|
<dev_mode>tun</dev_mode>
|
|
<server_addr>158.69.183.162</server_addr>
|
|
<server_port>1199</server_port>
|
|
<proxy_authtype>none</proxy_authtype>
|
|
<description>tsys corp vpn - ovh</description>
|
|
<mode>p2p_shared_key</mode>
|
|
<crypto>AES-128-CBC</crypto>
|
|
<digest>SHA1</digest>
|
|
<engine>none</engine>
|
|
<tunnel_network>192.168.198.0/30</tunnel_network>
|
|
<compression>no</compression>
|
|
<verbosity_level>1</verbosity_level>
|
|
<interface>wan</interface>
|
|
<vpnid>1</vpnid>
|
|
<custom_options/>
|
|
<shared_key>Iw0KIyAyMDQ4IGJpdCBPcGVuVlBOIHN0YXRpYyBrZXkNCiMNCi0tLS0tQkVHSU4gT3BlblZQTiBTdGF0aWMga2V5IFYxLS0tLS0NCjM3ZTdhZjg0MjQ3OTA1YmFjMWUzN2U3Y2RjNTIyN2VmDQpjMTMxNTZiZjAyZDE4ZWJjMjk0ODUxOTg0OGQwMDdmYQ0KMTQ0NWNjNzgzY2I5Njc1NDA4ZWExN2ViZjJiNTgwZDcNCjU2NmQxODcxODc1NmNjN2UzZTBiZThjODM2NGJkMGI1DQpjZmVhNzJhYjNmMjFkZmQzOGExMjliODhiNWM1YzQ4ZA0KNzMxNDExOWNjN2E0ZDgxYzZiNzE3ZDVhZDRlNzZhZDMNCjg4YjY5M2YxY2ZmZWRhMjlkOTljMjc4NmQ4MTc3ZjE5DQpkOGQxNGI2ODM5YmZjZTMyN2EwOGYwODgzMGM2N2I2OA0KNmQ4NzA1YmVjYTlkOWZlNzdlMDhkNGVlODc2YTI4NzQNCjNjZThkMzY5YzM2ZGQzOWRhZjdkMDZjNGEzN2MzZWYxDQo3ZDdmZDAyYTMzMTc1NzBhOTE2NGI0Nzk1ZTYwNTNmYQ0KNmQ0ZDhjNThhNGMxZGNjZTQ1ZTI3NzYyNDAzNDQ3M2QNCmIwNjdlMmFlYjNhZDkzY2QyYmRhZWQ4MWRiZWIxNjMxDQowMDRjNzg0ZmMyZWRkZTJkNzM5YWMxY2MxZTFjOTFhNA0KYjA0YTgzNzg1MWQxMzIzOGRiMzhlZWY4MWUwYWQyNGMNCmVhM2M2OWRiYTQxYTgyOGE1MTQ0MWZlODA2ZjYxYjE4DQotLS0tLUVORCBPcGVuVlBOIFN0YXRpYyBrZXkgVjEtLS0tLQ0K</shared_key>
|
|
</openvpn-client>
|
|
</openvpn>
|
|
<virtualip>
|
|
<vip>
|
|
<type>single</type>
|
|
<subnet_bits>24</subnet_bits>
|
|
<mode>carp</mode>
|
|
<interface>lan</interface>
|
|
<descr>.30 float</descr>
|
|
<subnet>10.251.30.254</subnet>
|
|
<vhid>1</vhid>
|
|
<advskew>0</advskew>
|
|
<advbase>1</advbase>
|
|
<password>carpyo</password>
|
|
</vip>
|
|
<vip>
|
|
<type>single</type>
|
|
<subnet_bits>24</subnet_bits>
|
|
<mode>carp</mode>
|
|
<interface>opt1</interface>
|
|
<descr>.100 float</descr>
|
|
<subnet>10.251.100.254</subnet>
|
|
<vhid>2</vhid>
|
|
<advskew>0</advskew>
|
|
<advbase>1</advbase>
|
|
<password>carpyo</password>
|
|
</vip>
|
|
<vip>
|
|
<type>single</type>
|
|
<subnet_bits>24</subnet_bits>
|
|
<mode>carp</mode>
|
|
<interface>opt3</interface>
|
|
<descr>.22 float</descr>
|
|
<subnet>10.251.22.254</subnet>
|
|
<vhid>3</vhid>
|
|
<advskew>0</advskew>
|
|
<advbase>1</advbase>
|
|
<password>carpyo</password>
|
|
</vip>
|
|
<vip>
|
|
<type>single</type>
|
|
<subnet_bits>24</subnet_bits>
|
|
<mode>carp</mode>
|
|
<interface>opt2</interface>
|
|
<descr>nerdbone float</descr>
|
|
<subnet>10.251.200.254</subnet>
|
|
<vhid>4</vhid>
|
|
<advskew>0</advskew>
|
|
<advbase>1</advbase>
|
|
<password>123</password>
|
|
</vip>
|
|
</virtualip>
|
|
</opnsense>
|