From 465106438a1b5747b163472b07ef7005aeb1edd5 Mon Sep 17 00:00:00 2001
From: jeangab <jeangabriel.gc@gmail.com>
Date: Fri, 27 Sep 2024 16:51:49 -0400
Subject: [PATCH 01/19] wip: Actual implementation of opnsense dhcp

---
 harmony-rs/harmony/src/infra/opnsense/mod.rs | 22 ++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/harmony-rs/harmony/src/infra/opnsense/mod.rs b/harmony-rs/harmony/src/infra/opnsense/mod.rs
index 92f1826..0f81d40 100644
--- a/harmony-rs/harmony/src/infra/opnsense/mod.rs
+++ b/harmony-rs/harmony/src/infra/opnsense/mod.rs
@@ -1,10 +1,10 @@
 mod management;
 pub use management::*;
 
-use crate::topology::{
+use crate::{executors::ExecutorError, topology::{
     Backend, DHCPStaticEntry, DhcpServer, DnsServer, Firewall, FirewallError, FirewallRule,
     Frontend, IpAddress, LoadBalancer, LoadBalancerError, LogicalHost,
-};
+}};
 use derive_new::new;
 
 #[derive(new, Clone)]
@@ -16,6 +16,10 @@ impl OPNSenseFirewall {
     pub fn get_ip(&self) -> IpAddress {
         self.host.ip
     }
+
+    fn save_xml_to_config(&self, xml_entry: &str) -> Result<(), ExecutorError> {
+        todo!("Save XML Entry in opnsense /conf/config.xml {xml_entry}");
+    }
 }
 
 impl Firewall for OPNSenseFirewall {
@@ -77,6 +81,20 @@ impl DhcpServer for OPNSenseFirewall {
         &self,
         entry: &DHCPStaticEntry,
     ) -> Result<(), crate::topology::DhcpError> {
+        let mac = &entry.mac;
+        let name = &entry.name;
+        let ip = &entry.ip;
+
+        let xml_entry = format!("<staticmap>
+>         <mac>{mac}</mac>
+>         <ipaddr>{ip}</ipaddr>
+>         <hostname>{name}</hostname>
+>         <descr>{name}</descr>
+>         <winsserver/>
+>         <dnsserver/>
+>         <ntpserver/>
+>       </staticmap>");
+        self.save_xml_to_config(&xml_entry)?;
         todo!("Register {:?}", entry)
     }
 

From 407bdbc032597e424c0bc29e85431c8b2edcd693 Mon Sep 17 00:00:00 2001
From: jeangab <jeangabriel.gc@gmail.com>
Date: Mon, 30 Sep 2024 16:20:11 -0400
Subject: [PATCH 02/19] wip: OPNSense XML config editor coming along

---
 harmony-rs/Cargo.lock                         | 74 ++++++++++++++++---
 harmony-rs/Cargo.toml                         |  1 +
 harmony-rs/harmony/Cargo.toml                 |  1 +
 harmony-rs/harmony/src/domain/hardware/mod.rs |  1 +
 .../harmony/src/domain/inventory/mod.rs       |  7 +-
 .../src/domain/topology/load_balancer.rs      | 11 ++-
 .../harmony/src/domain/topology/network.rs    | 27 ++++---
 .../harmony/src/infra/opnsense/config.rs      | 43 +++++++++++
 harmony-rs/harmony/src/infra/opnsense/mod.rs  | 70 ++++++++++--------
 harmony-rs/harmony/src/modules/dhcp.rs        | 16 ++--
 10 files changed, 181 insertions(+), 70 deletions(-)
 create mode 100644 harmony-rs/harmony/src/infra/opnsense/config.rs

diff --git a/harmony-rs/Cargo.lock b/harmony-rs/Cargo.lock
index a0a529d..6e0abb7 100644
--- a/harmony-rs/Cargo.lock
+++ b/harmony-rs/Cargo.lock
@@ -58,17 +58,6 @@ dependencies = [
  "subtle",
 ]
 
-[[package]]
-name = "affilium"
-version = "0.1.0"
-dependencies = [
- "cidr",
- "env_logger",
- "harmony",
- "log",
- "tokio",
-]
-
 [[package]]
 name = "aho-corasick"
 version = "1.1.3"
@@ -258,6 +247,15 @@ version = "1.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8318a53db07bb3f8dca91a600466bdb3f2eaadeedfdbcf02e1accbad9271ba50"
 
+[[package]]
+name = "castaway"
+version = "0.2.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0abae9be0aaf9ea96a3b1b8b1b55c602ca751eba1b1500220cea4ecbafe7c0d5"
+dependencies = [
+ "rustversion",
+]
+
 [[package]]
 name = "cbc"
 version = "0.1.2"
@@ -315,6 +313,19 @@ version = "1.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d3fd119d74b830634cea2a0f58bbd0d54540518a14397557951e79340abc28c0"
 
+[[package]]
+name = "compact_str"
+version = "0.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f86b9c4c00838774a6d902ef931eff7470720c51d90c2e32cfe15dc304737b3f"
+dependencies = [
+ "castaway",
+ "cfg-if",
+ "itoa",
+ "ryu",
+ "static_assertions",
+]
+
 [[package]]
 name = "const-oid"
 version = "0.9.6"
@@ -817,6 +828,7 @@ dependencies = [
  "env_logger",
  "libredfish",
  "log",
+ "minidom",
  "reqwest",
  "russh",
  "rust-ipmi",
@@ -1069,6 +1081,15 @@ version = "0.3.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a"
 
+[[package]]
+name = "minidom"
+version = "0.16.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e394a0e3c7ccc2daea3dffabe82f09857b6b510cb25af87d54bf3e910ac1642d"
+dependencies = [
+ "rxml",
+]
+
 [[package]]
 name = "miniz_oxide"
 version = "0.7.4"
@@ -1732,6 +1753,31 @@ dependencies = [
  "base64",
 ]
 
+[[package]]
+name = "rustversion"
+version = "1.0.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "955d28af4278de8121b7ebeb796b6a45735dc01436d898801014aced2773a3d6"
+
+[[package]]
+name = "rxml"
+version = "0.11.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "65bc94b580d0f5a6b7a2d604e597513d3c673154b52ddeccd1d5c32360d945ee"
+dependencies = [
+ "bytes",
+ "rxml_validation",
+]
+
+[[package]]
+name = "rxml_validation"
+version = "0.11.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "826e80413b9a35e9d33217b3dcac04cf95f6559d15944b93887a08be5496c4a4"
+dependencies = [
+ "compact_str",
+]
+
 [[package]]
 name = "ryu"
 version = "1.0.18"
@@ -1993,6 +2039,12 @@ dependencies = [
  "zeroize",
 ]
 
+[[package]]
+name = "static_assertions"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f"
+
 [[package]]
 name = "subtle"
 version = "2.6.1"
diff --git a/harmony-rs/Cargo.toml b/harmony-rs/Cargo.toml
index 9e5cc19..954f000 100644
--- a/harmony-rs/Cargo.toml
+++ b/harmony-rs/Cargo.toml
@@ -17,3 +17,4 @@ derive-new = "0.7.0"
 async-trait = "0.1.82"
 tokio = { version = "1.40.0", features = ["io-std"] }
 cidr = "0.2.3"
+minidom = "0.16.0"
diff --git a/harmony-rs/harmony/Cargo.toml b/harmony-rs/harmony/Cargo.toml
index 17b07da..b017d54 100644
--- a/harmony-rs/harmony/Cargo.toml
+++ b/harmony-rs/harmony/Cargo.toml
@@ -17,3 +17,4 @@ log = { workspace = true }
 env_logger = { workspace = true }
 async-trait = { workspace = true }
 cidr = { workspace = true }
+minidom = { workspace = true }
diff --git a/harmony-rs/harmony/src/domain/hardware/mod.rs b/harmony-rs/harmony/src/domain/hardware/mod.rs
index 985e16e..8ec4f81 100644
--- a/harmony-rs/harmony/src/domain/hardware/mod.rs
+++ b/harmony-rs/harmony/src/domain/hardware/mod.rs
@@ -7,6 +7,7 @@ use crate::topology::MacAddress;
 pub type HostGroup = Vec<PhysicalHost>;
 pub type SwitchGroup = Vec<Switch>;
 pub type FirewallGroup = Vec<PhysicalHost>;
+
 #[derive(Debug, Clone)]
 pub struct PhysicalHost {
     pub category: HostCategory,
diff --git a/harmony-rs/harmony/src/domain/inventory/mod.rs b/harmony-rs/harmony/src/domain/inventory/mod.rs
index af4a00c..930ee02 100644
--- a/harmony-rs/harmony/src/domain/inventory/mod.rs
+++ b/harmony-rs/harmony/src/domain/inventory/mod.rs
@@ -23,6 +23,9 @@ use super::{
 pub struct Inventory {
     pub location: Location,
     pub switch: SwitchGroup,
+    // Firewall is really just a host but with somewhat specialized hardware
+    // I'm not entirely sure it belongs to its own category but it helps make things easier and
+    // clearer for now so let's try it this way.
     pub firewall: FirewallGroup,
     pub worker_host: HostGroup,
     pub storage_host: HostGroup,
@@ -34,9 +37,11 @@ impl Inventory {
     pub fn empty_inventory() -> Self {
         Self {
             location: Location::test_building(),
-            host: HostGroup::new(),
             switch: SwitchGroup::new(),
             firewall: FirewallGroup::new(),
+            worker_host: HostGroup::new(),
+            storage_host: HostGroup::new(),
+            control_plane_host: HostGroup::new(),
         }
     }
 }
diff --git a/harmony-rs/harmony/src/domain/topology/load_balancer.rs b/harmony-rs/harmony/src/domain/topology/load_balancer.rs
index cf79ac3..9f5226a 100644
--- a/harmony-rs/harmony/src/domain/topology/load_balancer.rs
+++ b/harmony-rs/harmony/src/domain/topology/load_balancer.rs
@@ -1,10 +1,11 @@
+use crate::executors::ExecutorError;
 use super::{IpAddress, LogicalHost};
 
 pub trait LoadBalancer: Send + Sync {
-    fn add_backend(&mut self, backend: Backend) -> Result<(), LoadBalancerError>;
-    fn remove_backend(&mut self, backend_id: &str) -> Result<(), LoadBalancerError>;
-    fn add_frontend(&mut self, frontend: Frontend) -> Result<(), LoadBalancerError>;
-    fn remove_frontend(&mut self, frontend_id: &str) -> Result<(), LoadBalancerError>;
+    fn add_backend(&mut self, backend: Backend) -> Result<(), ExecutorError>;
+    fn remove_backend(&mut self, backend_id: &str) -> Result<(), ExecutorError>;
+    fn add_frontend(&mut self, frontend: Frontend) -> Result<(), ExecutorError>;
+    fn remove_frontend(&mut self, frontend_id: &str) -> Result<(), ExecutorError>;
     fn list_backends(&self) -> Vec<Backend>;
     fn list_frontends(&self) -> Vec<Frontend>;
     fn get_ip(&self) -> IpAddress;
@@ -17,8 +18,6 @@ impl std::fmt::Debug for dyn LoadBalancer {
     }
 }
 
-pub struct LoadBalancerError;
-
 #[derive(Clone, Debug)]
 pub struct Backend {
     pub id: String,
diff --git a/harmony-rs/harmony/src/domain/topology/network.rs b/harmony-rs/harmony/src/domain/topology/network.rs
index 00189e4..8096af9 100644
--- a/harmony-rs/harmony/src/domain/topology/network.rs
+++ b/harmony-rs/harmony/src/domain/topology/network.rs
@@ -1,3 +1,7 @@
+use async_trait::async_trait;
+
+use crate::executors::ExecutorError;
+
 use super::{IpAddress, LogicalHost};
 
 #[derive(Debug)]
@@ -14,8 +18,8 @@ impl std::fmt::Display for DHCPStaticEntry {
 }
 
 pub trait Firewall: Send + Sync {
-    fn add_rule(&mut self, rule: FirewallRule) -> Result<(), FirewallError>;
-    fn remove_rule(&mut self, rule_id: &str) -> Result<(), FirewallError>;
+    fn add_rule(&mut self, rule: FirewallRule) -> Result<(), ExecutorError>;
+    fn remove_rule(&mut self, rule_id: &str) -> Result<(), ExecutorError>;
     fn list_rules(&self) -> Vec<FirewallRule>;
     fn get_ip(&self) -> IpAddress;
     fn get_host(&self) -> LogicalHost;
@@ -31,10 +35,11 @@ pub struct NetworkDomain {
     pub name: String,
 }
 
+#[async_trait]
 pub trait DhcpServer: Send + Sync {
-    fn add_static_mapping(&self, entry: &DHCPStaticEntry) -> Result<(), DhcpError>;
-    fn remove_static_mapping(&self, mac: &MacAddress) -> Result<(), DhcpError>;
-    fn list_static_mappings(&self) -> Vec<(MacAddress, IpAddress)>;
+    async fn add_static_mapping(&self, entry: &DHCPStaticEntry) -> Result<(), ExecutorError>;
+    async fn remove_static_mapping(&self, mac: &MacAddress) -> Result<(), ExecutorError>;
+    async fn list_static_mappings(&self) -> Vec<(MacAddress, IpAddress)>;
     fn get_ip(&self) -> IpAddress;
     fn get_host(&self) -> LogicalHost;
 }
@@ -51,8 +56,8 @@ pub trait DnsServer: Send + Sync {
         name: &str,
         record_type: DnsRecordType,
         value: &str,
-    ) -> Result<(), DnsError>;
-    fn remove_record(&mut self, name: &str, record_type: DnsRecordType) -> Result<(), DnsError>;
+    ) -> Result<(), ExecutorError>;
+    fn remove_record(&mut self, name: &str, record_type: DnsRecordType) -> Result<(), ExecutorError>;
     fn list_records(&self) -> Vec<DnsRecord>;
     fn get_ip(&self) -> IpAddress;
     fn get_host(&self) -> LogicalHost;
@@ -89,6 +94,9 @@ pub enum Action {
 #[derive(Clone, Debug, PartialEq, Eq, Hash)]
 pub struct MacAddress(pub [u8; 6]);
 
+// TODO create a small macro to provide a nice API to initiate a MacAddress
+// MacAddress::from!("00:90:7f:df:2c:23"),
+
 impl MacAddress {
     pub fn dummy() -> Self {
         Self([0, 0, 0, 0, 0, 0])
@@ -119,8 +127,3 @@ pub struct DnsRecord {
     pub record_type: DnsRecordType,
     pub value: String,
 }
-
-// Error types
-pub struct FirewallError;
-pub struct DhcpError;
-pub struct DnsError;
diff --git a/harmony-rs/harmony/src/infra/opnsense/config.rs b/harmony-rs/harmony/src/infra/opnsense/config.rs
new file mode 100644
index 0000000..5ed2f40
--- /dev/null
+++ b/harmony-rs/harmony/src/infra/opnsense/config.rs
@@ -0,0 +1,43 @@
+use crate::executors::ExecutorError;
+
+pub struct OPNSenseXmlConfigEditor;
+
+impl OPNSenseXmlConfigEditor {
+    pub(crate) async fn add(vec: Vec<&str>, xml_entry: &str) -> Result<(), ExecutorError>{
+        todo!()
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use minidom::Element;
+    use std::fs;
+    use std::io::{BufReader, Read};
+    use std::process::Command;
+
+    // #[test]
+    // fn should_not_alter_config() {
+    //     let path = "./private_repos/affilium_mcd/private/config.xml";
+    //     //  TODO
+    //     //  Load file to string
+    //     //  Parse with minidom (ex: `let root: Element = file_str.parse().unwrap()`)
+    //     //  save file with suffix name
+    //     //  Verify that file is still identical with md5sum after removing indentation
+    // }
+
+    #[test]
+    fn should_not_alter_config() {
+        let path = "/home/jeangab/work/nationtech/harmony/harmony-rs/affilium_mcd/private/config.xml";
+        let output_path = format!("{}.test_output", path);
+
+        // Load file to string
+        let file_str = fs::read_to_string(path).expect("Failed to read file");
+
+        // Parse with minidom
+        let root: Element = file_str.parse().unwrap();
+
+        // Save file with suffix name
+        fs::write(&output_path, String::from(&root)).expect("Failed to write output file");
+    }
+
+}
diff --git a/harmony-rs/harmony/src/infra/opnsense/mod.rs b/harmony-rs/harmony/src/infra/opnsense/mod.rs
index 0f81d40..fd7bd6c 100644
--- a/harmony-rs/harmony/src/infra/opnsense/mod.rs
+++ b/harmony-rs/harmony/src/infra/opnsense/mod.rs
@@ -1,15 +1,20 @@
 mod management;
+mod config;
+use async_trait::async_trait;
 pub use management::*;
 
-use crate::{executors::ExecutorError, topology::{
-    Backend, DHCPStaticEntry, DhcpServer, DnsServer, Firewall, FirewallError, FirewallRule,
-    Frontend, IpAddress, LoadBalancer, LoadBalancerError, LogicalHost,
-}};
+use crate::{
+    executors::ExecutorError, infra::opnsense::config::OPNSenseXmlConfigEditor, topology::{
+        Backend, DHCPStaticEntry, DhcpServer, DnsServer, Firewall, FirewallRule, Frontend,
+        IpAddress, LoadBalancer, LogicalHost,
+    }
+};
 use derive_new::new;
 
 #[derive(new, Clone)]
 pub struct OPNSenseFirewall {
     host: LogicalHost,
+    cluster_nic_name: String,
 }
 
 impl OPNSenseFirewall {
@@ -17,17 +22,14 @@ impl OPNSenseFirewall {
         self.host.ip
     }
 
-    fn save_xml_to_config(&self, xml_entry: &str) -> Result<(), ExecutorError> {
-        todo!("Save XML Entry in opnsense /conf/config.xml {xml_entry}");
-    }
 }
 
 impl Firewall for OPNSenseFirewall {
-    fn add_rule(&mut self, _rule: FirewallRule) -> Result<(), FirewallError> {
+    fn add_rule(&mut self, _rule: FirewallRule) -> Result<(), ExecutorError> {
         todo!()
     }
 
-    fn remove_rule(&mut self, _rule_id: &str) -> Result<(), FirewallError> {
+    fn remove_rule(&mut self, _rule_id: &str) -> Result<(), ExecutorError> {
         todo!()
     }
 
@@ -44,19 +46,19 @@ impl Firewall for OPNSenseFirewall {
 }
 
 impl LoadBalancer for OPNSenseFirewall {
-    fn add_backend(&mut self, _backend: Backend) -> Result<(), LoadBalancerError> {
+    fn add_backend(&mut self, _backend: Backend) -> Result<(), ExecutorError> {
         todo!()
     }
 
-    fn remove_backend(&mut self, _backend_id: &str) -> Result<(), LoadBalancerError> {
+    fn remove_backend(&mut self, _backend_id: &str) -> Result<(), ExecutorError> {
         todo!()
     }
 
-    fn add_frontend(&mut self, _frontend: Frontend) -> Result<(), LoadBalancerError> {
+    fn add_frontend(&mut self, _frontend: Frontend) -> Result<(), ExecutorError> {
         todo!()
     }
 
-    fn remove_frontend(&mut self, _frontend_id: &str) -> Result<(), LoadBalancerError> {
+    fn remove_frontend(&mut self, _frontend_id: &str) -> Result<(), ExecutorError> {
         todo!()
     }
 
@@ -76,36 +78,40 @@ impl LoadBalancer for OPNSenseFirewall {
     }
 }
 
+#[async_trait]
 impl DhcpServer for OPNSenseFirewall {
-    fn add_static_mapping(
-        &self,
-        entry: &DHCPStaticEntry,
-    ) -> Result<(), crate::topology::DhcpError> {
+    async fn add_static_mapping(&self, entry: &DHCPStaticEntry) -> Result<(), ExecutorError> {
         let mac = &entry.mac;
         let name = &entry.name;
         let ip = &entry.ip;
 
-        let xml_entry = format!("<staticmap>
->         <mac>{mac}</mac>
->         <ipaddr>{ip}</ipaddr>
->         <hostname>{name}</hostname>
->         <descr>{name}</descr>
->         <winsserver/>
->         <dnsserver/>
->         <ntpserver/>
->       </staticmap>");
-        self.save_xml_to_config(&xml_entry)?;
+        let xml_entry = format!(
+            "<staticmap>
+          <mac>{mac}</mac>
+          <ipaddr>{ip}</ipaddr>
+          <hostname>{name}</hostname>
+          <descr>{name}</descr>
+          <winsserver/>
+          <dnsserver/>
+          <ntpserver/>
+        </staticmap>"
+        );
+        // XML Path : <opnsense><dhcpd><DHCPD_INTERFACE_NAME><staticmap>
+        OPNSenseXmlConfigEditor::add(
+            vec!["opnsense", "dhcpd", &self.cluster_nic_name, "staticmap"],
+            &xml_entry,
+        ).await?;
         todo!("Register {:?}", entry)
     }
 
-    fn remove_static_mapping(
+    async fn remove_static_mapping(
         &self,
         _mac: &crate::topology::MacAddress,
-    ) -> Result<(), crate::topology::DhcpError> {
+    ) -> Result<(), ExecutorError> {
         todo!()
     }
 
-    fn list_static_mappings(&self) -> Vec<(crate::topology::MacAddress, IpAddress)> {
+    async fn list_static_mappings(&self) -> Vec<(crate::topology::MacAddress, IpAddress)> {
         todo!()
     }
 
@@ -122,7 +128,7 @@ impl DnsServer for OPNSenseFirewall {
         _name: &str,
         _record_type: crate::topology::DnsRecordType,
         _value: &str,
-    ) -> Result<(), crate::topology::DnsError> {
+    ) -> Result<(), ExecutorError> {
         todo!()
     }
 
@@ -130,7 +136,7 @@ impl DnsServer for OPNSenseFirewall {
         &mut self,
         _name: &str,
         _record_type: crate::topology::DnsRecordType,
-    ) -> Result<(), crate::topology::DnsError> {
+    ) -> Result<(), ExecutorError> {
         todo!()
     }
 
diff --git a/harmony-rs/harmony/src/modules/dhcp.rs b/harmony-rs/harmony/src/modules/dhcp.rs
index ec100ea..246576b 100644
--- a/harmony-rs/harmony/src/modules/dhcp.rs
+++ b/harmony-rs/harmony/src/modules/dhcp.rs
@@ -1,3 +1,5 @@
+use std::sync::Arc;
+
 use async_trait::async_trait;
 use derive_new::new;
 use log::info;
@@ -7,7 +9,6 @@ use crate::{
         data::{Id, Version},
         interpret::InterpretStatus,
     },
-    infra::executors::russh::RusshClient,
     interpret::{Interpret, InterpretError, InterpretName, Outcome},
     inventory::Inventory,
     topology::{DHCPStaticEntry, HAClusterTopology, HostBinding},
@@ -114,9 +115,8 @@ impl Interpret for DhcpInterpret {
         topology: &HAClusterTopology,
     ) -> Result<Outcome, InterpretError> {
         info!("Executing {} on inventory {inventory:?}", self.get_name());
-        let ssh_client = RusshClient {};
 
-        let entries: Vec<DHCPStaticEntry> = self
+        let dhcp_entries: Vec<DHCPStaticEntry> = self
             .score
             .host_binding
             .iter()
@@ -126,16 +126,16 @@ impl Interpret for DhcpInterpret {
                 ip: binding.logical_host.ip,
             })
             .collect();
-        info!("DHCPStaticEntry : {:?}", entries);
+        info!("DHCPStaticEntry : {:?}", dhcp_entries);
 
-        let dhcp = topology.dhcp_server.clone();
+        let dhcp = Arc::new(Box::new(topology.dhcp_server.clone()));
         info!("DHCP server : {:?}", dhcp);
-        entries.iter().for_each(|entry| {
-            match dhcp.add_static_mapping(&entry) {
+        for entry in dhcp_entries.into_iter() {
+            match dhcp.add_static_mapping(&entry).await {
                 Ok(_) => info!("Successfully registered DHCPStaticEntry {}", entry),
                 Err(_) => todo!(),
             }
-        });
+        }
         todo!("Configure DHCPServer");
 
         Ok(Outcome::new(

From 6a5ebdbac7c8308d06610c29fc72d1edfd956b5c Mon Sep 17 00:00:00 2001
From: Jean-Gabriel Gill-Couture <jeangabriel.gc@gmail.com>
Date: Fri, 4 Oct 2024 11:26:55 -0400
Subject: [PATCH 03/19] wip: xml parser

---
 harmony-rs/Cargo.lock                         | 97 +++++++------------
 harmony-rs/Cargo.toml                         |  2 +-
 harmony-rs/harmony/Cargo.toml                 |  2 +-
 .../harmony/src/infra/opnsense/config.rs      |  8 +-
 4 files changed, 40 insertions(+), 69 deletions(-)

diff --git a/harmony-rs/Cargo.lock b/harmony-rs/Cargo.lock
index 6e0abb7..ff15101 100644
--- a/harmony-rs/Cargo.lock
+++ b/harmony-rs/Cargo.lock
@@ -247,15 +247,6 @@ version = "1.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8318a53db07bb3f8dca91a600466bdb3f2eaadeedfdbcf02e1accbad9271ba50"
 
-[[package]]
-name = "castaway"
-version = "0.2.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0abae9be0aaf9ea96a3b1b8b1b55c602ca751eba1b1500220cea4ecbafe7c0d5"
-dependencies = [
- "rustversion",
-]
-
 [[package]]
 name = "cbc"
 version = "0.1.2"
@@ -313,19 +304,6 @@ version = "1.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d3fd119d74b830634cea2a0f58bbd0d54540518a14397557951e79340abc28c0"
 
-[[package]]
-name = "compact_str"
-version = "0.7.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f86b9c4c00838774a6d902ef931eff7470720c51d90c2e32cfe15dc304737b3f"
-dependencies = [
- "castaway",
- "cfg-if",
- "itoa",
- "ryu",
- "static_assertions",
-]
-
 [[package]]
 name = "const-oid"
 version = "0.9.6"
@@ -828,7 +806,6 @@ dependencies = [
  "env_logger",
  "libredfish",
  "log",
- "minidom",
  "reqwest",
  "russh",
  "rust-ipmi",
@@ -836,6 +813,7 @@ dependencies = [
  "serde",
  "serde_json",
  "tokio",
+ "xml_dom",
 ]
 
 [[package]]
@@ -1081,15 +1059,6 @@ version = "0.3.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a"
 
-[[package]]
-name = "minidom"
-version = "0.16.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e394a0e3c7ccc2daea3dffabe82f09857b6b510cb25af87d54bf3e910ac1642d"
-dependencies = [
- "rxml",
-]
-
 [[package]]
 name = "miniz_oxide"
 version = "0.7.4"
@@ -1452,6 +1421,15 @@ dependencies = [
  "unicode-ident",
 ]
 
+[[package]]
+name = "quick-xml"
+version = "0.36.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f7649a7b4df05aed9ea7ec6f628c67c9953a43869b8bc50929569b2999d443fe"
+dependencies = [
+ "memchr",
+]
+
 [[package]]
 name = "quote"
 version = "1.0.37"
@@ -1753,31 +1731,6 @@ dependencies = [
  "base64",
 ]
 
-[[package]]
-name = "rustversion"
-version = "1.0.17"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "955d28af4278de8121b7ebeb796b6a45735dc01436d898801014aced2773a3d6"
-
-[[package]]
-name = "rxml"
-version = "0.11.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "65bc94b580d0f5a6b7a2d604e597513d3c673154b52ddeccd1d5c32360d945ee"
-dependencies = [
- "bytes",
- "rxml_validation",
-]
-
-[[package]]
-name = "rxml_validation"
-version = "0.11.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "826e80413b9a35e9d33217b3dcac04cf95f6559d15944b93887a08be5496c4a4"
-dependencies = [
- "compact_str",
-]
-
 [[package]]
 name = "ryu"
 version = "1.0.18"
@@ -2039,12 +1992,6 @@ dependencies = [
  "zeroize",
 ]
 
-[[package]]
-name = "static_assertions"
-version = "1.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f"
-
 [[package]]
 name = "subtle"
 version = "2.6.1"
@@ -2218,9 +2165,21 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef"
 dependencies = [
  "pin-project-lite",
+ "tracing-attributes",
  "tracing-core",
 ]
 
+[[package]]
+name = "tracing-attributes"
+version = "0.1.27"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
 [[package]]
 name = "tracing-core"
 version = "0.1.32"
@@ -2583,6 +2542,18 @@ dependencies = [
  "tap",
 ]
 
+[[package]]
+name = "xml_dom"
+version = "0.2.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "836bd445caf6b9e969199f2a9667d58b433b286ddb515764303ab75a6d17e51f"
+dependencies = [
+ "log",
+ "quick-xml",
+ "regex",
+ "tracing",
+]
+
 [[package]]
 name = "zerocopy"
 version = "0.7.35"
diff --git a/harmony-rs/Cargo.toml b/harmony-rs/Cargo.toml
index 954f000..0263f23 100644
--- a/harmony-rs/Cargo.toml
+++ b/harmony-rs/Cargo.toml
@@ -17,4 +17,4 @@ derive-new = "0.7.0"
 async-trait = "0.1.82"
 tokio = { version = "1.40.0", features = ["io-std"] }
 cidr = "0.2.3"
-minidom = "0.16.0"
+xml_dom = "0.2.8"
diff --git a/harmony-rs/harmony/Cargo.toml b/harmony-rs/harmony/Cargo.toml
index b017d54..5917bdf 100644
--- a/harmony-rs/harmony/Cargo.toml
+++ b/harmony-rs/harmony/Cargo.toml
@@ -17,4 +17,4 @@ log = { workspace = true }
 env_logger = { workspace = true }
 async-trait = { workspace = true }
 cidr = { workspace = true }
-minidom = { workspace = true }
+xml_dom = { workspace = true }
diff --git a/harmony-rs/harmony/src/infra/opnsense/config.rs b/harmony-rs/harmony/src/infra/opnsense/config.rs
index 5ed2f40..309e59d 100644
--- a/harmony-rs/harmony/src/infra/opnsense/config.rs
+++ b/harmony-rs/harmony/src/infra/opnsense/config.rs
@@ -10,11 +10,12 @@ impl OPNSenseXmlConfigEditor {
 
 #[cfg(test)]
 mod test {
-    use minidom::Element;
     use std::fs;
     use std::io::{BufReader, Read};
     use std::process::Command;
 
+    use xml_dom::parser::read_xml;
+
     // #[test]
     // fn should_not_alter_config() {
     //     let path = "./private_repos/affilium_mcd/private/config.xml";
@@ -34,10 +35,9 @@ mod test {
         let file_str = fs::read_to_string(path).expect("Failed to read file");
 
         // Parse with minidom
-        let root: Element = file_str.parse().unwrap();
+        let root = read_xml(&file_str).unwrap();
 
-        // Save file with suffix name
-        fs::write(&output_path, String::from(&root)).expect("Failed to write output file");
+        assert_eq!(&root.to_string(), &file_str);
     }
 
 }

From 32cea6c3ff460e1ae87e4a78a1756884c35dbb25 Mon Sep 17 00:00:00 2001
From: Jean-Gabriel Gill-Couture <jeangabriel.gc@gmail.com>
Date: Sun, 13 Oct 2024 08:48:56 -0400
Subject: [PATCH 04/19] wip: New crate opnsense-config

---
 harmony-rs/Cargo.lock                         | 85 ++++++++++++++++---
 harmony-rs/Cargo.toml                         |  3 +
 harmony-rs/opnsense-config/Cargo.toml         | 14 +++
 harmony-rs/opnsense-config/adr/001-yaserde.md | 38 +++++++++
 harmony-rs/opnsense-config/src/config.rs      | 55 ++++++++++++
 harmony-rs/opnsense-config/src/error.rs       | 13 +++
 harmony-rs/opnsense-config/src/lib.rs         |  6 ++
 .../opnsense-config/src/modules/dhcp.rs       | 24 ++++++
 harmony-rs/opnsense-config/src/modules/mod.rs |  2 +
 .../opnsense-config/src/modules/opnsense.rs   | 44 ++++++++++
 10 files changed, 272 insertions(+), 12 deletions(-)
 create mode 100644 harmony-rs/opnsense-config/Cargo.toml
 create mode 100644 harmony-rs/opnsense-config/adr/001-yaserde.md
 create mode 100644 harmony-rs/opnsense-config/src/config.rs
 create mode 100644 harmony-rs/opnsense-config/src/error.rs
 create mode 100644 harmony-rs/opnsense-config/src/lib.rs
 create mode 100644 harmony-rs/opnsense-config/src/modules/dhcp.rs
 create mode 100644 harmony-rs/opnsense-config/src/modules/mod.rs
 create mode 100644 harmony-rs/opnsense-config/src/modules/opnsense.rs

diff --git a/harmony-rs/Cargo.lock b/harmony-rs/Cargo.lock
index ff15101..db0ca21 100644
--- a/harmony-rs/Cargo.lock
+++ b/harmony-rs/Cargo.lock
@@ -124,7 +124,7 @@ checksum = "a27b8a3a6e1a44fa4c8baf1f653e4172e81486d4941f2237e20dc2d0cf4ddff1"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.77",
 ]
 
 [[package]]
@@ -400,7 +400,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.77",
 ]
 
 [[package]]
@@ -428,7 +428,7 @@ checksum = "2cdc8d50f426189eef89dac62fabfa0abb27d5cc008f25bf4156a0203325becc"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.77",
 ]
 
 [[package]]
@@ -695,7 +695,7 @@ checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.77",
 ]
 
 [[package]]
@@ -822,6 +822,12 @@ version = "0.14.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1"
 
+[[package]]
+name = "heck"
+version = "0.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea"
+
 [[package]]
 name = "hermit-abi"
 version = "0.3.9"
@@ -1208,7 +1214,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.77",
 ]
 
 [[package]]
@@ -1229,6 +1235,20 @@ dependencies = [
  "vcpkg",
 ]
 
+[[package]]
+name = "opnsense-config"
+version = "0.1.0"
+dependencies = [
+ "async-trait",
+ "russh",
+ "russh-keys",
+ "thiserror",
+ "tokio",
+ "xml-rs",
+ "yaserde",
+ "yaserde_derive",
+]
+
 [[package]]
 name = "p256"
 version = "0.13.2"
@@ -1826,7 +1846,7 @@ checksum = "a5831b979fd7b5439637af1752d535ff49f4860c0f341d1baeb6faf0f4242170"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.77",
 ]
 
 [[package]]
@@ -1998,6 +2018,17 @@ version = "2.6.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
 
+[[package]]
+name = "syn"
+version = "1.0.109"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-ident",
+]
+
 [[package]]
 name = "syn"
 version = "2.0.77"
@@ -2072,7 +2103,7 @@ checksum = "a4558b58466b9ad7ca0f102865eccc95938dca1a74a856f2b57b6629050da261"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.77",
 ]
 
 [[package]]
@@ -2115,7 +2146,7 @@ checksum = "693d596312e88961bc67d7f1f97af8a70227d9f90c31bba5806eec004978d752"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.77",
 ]
 
 [[package]]
@@ -2177,7 +2208,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.77",
 ]
 
 [[package]]
@@ -2298,7 +2329,7 @@ dependencies = [
  "once_cell",
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.77",
  "wasm-bindgen-shared",
 ]
 
@@ -2332,7 +2363,7 @@ checksum = "afc340c74d9005395cf9dd098506f7f44e38f2b4a21c6aaacf9a105ea5e1e836"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.77",
  "wasm-bindgen-backend",
  "wasm-bindgen-shared",
 ]
@@ -2542,6 +2573,12 @@ dependencies = [
  "tap",
 ]
 
+[[package]]
+name = "xml-rs"
+version = "0.8.22"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "af4e2e2f7cba5a093896c1e150fbfe177d1883e7448200efb81d40b9d339ef26"
+
 [[package]]
 name = "xml_dom"
 version = "0.2.8"
@@ -2554,6 +2591,30 @@ dependencies = [
  "tracing",
 ]
 
+[[package]]
+name = "yaserde"
+version = "0.11.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d8198a8ee4113411b7be1086e10b654f83653c01e4bd176fb98fe9d11951af5e"
+dependencies = [
+ "log",
+ "xml-rs",
+]
+
+[[package]]
+name = "yaserde_derive"
+version = "0.11.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "82eaa312529cc56b0df120253c804a8c8d593d2b5fe8deb5402714f485f62d79"
+dependencies = [
+ "heck",
+ "log",
+ "proc-macro2",
+ "quote",
+ "syn 1.0.109",
+ "xml-rs",
+]
+
 [[package]]
 name = "zerocopy"
 version = "0.7.35"
@@ -2572,7 +2633,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.77",
 ]
 
 [[package]]
diff --git a/harmony-rs/Cargo.toml b/harmony-rs/Cargo.toml
index 0263f23..89dbb19 100644
--- a/harmony-rs/Cargo.toml
+++ b/harmony-rs/Cargo.toml
@@ -3,6 +3,7 @@ resolver = "2"
 members = [
   "private_repos/*",
   "harmony",
+  "opnsense-config",
 ]
 
 [workspace.package]
@@ -18,3 +19,5 @@ async-trait = "0.1.82"
 tokio = { version = "1.40.0", features = ["io-std"] }
 cidr = "0.2.3"
 xml_dom = "0.2.8"
+russh = "0.45.0"
+russh-keys = "0.45.0"
diff --git a/harmony-rs/opnsense-config/Cargo.toml b/harmony-rs/opnsense-config/Cargo.toml
new file mode 100644
index 0000000..8499311
--- /dev/null
+++ b/harmony-rs/opnsense-config/Cargo.toml
@@ -0,0 +1,14 @@
+[package]
+name = "opnsense-config"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]
+russh = { workspace = true }
+russh-keys = { workspace = true }
+yaserde = "0.11.1"
+yaserde_derive = "0.11.1"
+xml-rs = "0.8"
+thiserror = "1.0"
+async-trait = { workspace = true }
+tokio = { workspace = true }
diff --git a/harmony-rs/opnsense-config/adr/001-yaserde.md b/harmony-rs/opnsense-config/adr/001-yaserde.md
new file mode 100644
index 0000000..69e61df
--- /dev/null
+++ b/harmony-rs/opnsense-config/adr/001-yaserde.md
@@ -0,0 +1,38 @@
+# Architecture Decision Record: Using yaserde for OPNsense Config Parsing
+
+- Status : Proposed
+- Author : Jean-Gabriel Gill-Couture
+
+## Context
+
+We need to parse and manipulate the OPNsense config.xml file in our Rust crate. We considered several XML parsing libraries, including quick-xml, xml-dom, minidom and yaserde. Each library has its own strengths and trade-offs in terms of performance, ease of use, and robustness.
+
+## Decision
+
+We have decided to use yaserde for parsing and manipulating the OPNsense config.xml file.
+
+## Rationale
+
+1. Type Safety: yaserde allows us to define a complete Rust representation of the config.xml structure. This provides strong type safety and makes it easier to catch errors at compile-time rather than runtime.
+
+2. Robustness: By mapping the entire config structure to Rust types, we ensure that our code interacts with the config in a well-defined manner. This reduces the risk of runtime errors due to unexpected XML structures.
+
+3. Ease of Use: Working with native Rust types is more intuitive and less error-prone than manipulating XML directly. This can lead to more maintainable and readable code.
+
+4. Memory Usage: While yaserde may use more memory than streaming parsers like quick-xml, the OPNsense config files are typically not large enough for this to be a significant concern. We prioritize robustness and ease of use over minimal memory usage in this context.
+
+5. Serialization/Deserialization: yaserde provides both deserialization (XML to Rust structs) and serialization (Rust structs to XML) out of the box, which simplifies our implementation.
+
+## Consequences
+
+Positive:
+- Increased type safety and robustness in handling the config.xml structure.
+- More intuitive API for developers working with the config.
+- Easier to extend and maintain the code that interacts with different parts of the config.
+
+Negative:
+- It will be harder to maintain when there are breaking changes in the config.xml format. Any structural changes in the XML will require corresponding updates to our Rust struct definitions.
+- Slightly higher memory usage compared to streaming parsers.
+- Initial development time may be longer due to the need to define the entire config structure upfront.
+
+We accept the trade-off of potentially more difficult maintenance in the face of breaking config.xml changes, as we believe the benefits of increased robustness and type safety outweigh this drawback. When OPNsense releases updates that change the config.xml structure, we will need to update our Rust struct definitions accordingly.
diff --git a/harmony-rs/opnsense-config/src/config.rs b/harmony-rs/opnsense-config/src/config.rs
new file mode 100644
index 0000000..99c8a45
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/config.rs
@@ -0,0 +1,55 @@
+use crate::error::Error;
+use crate::modules::opnsense::OPNsense;
+use russh::client::{Config as SshConfig, Handler};
+use std::sync::Arc;
+use russh_keys::key;
+
+pub struct Config {
+    opnsense: OPNsense,
+    ssh_config: Arc<SshConfig>,
+    host: String,
+    username: String,
+}
+
+impl Config {
+    pub async fn new(host: &str, username: &str, key_path: &str) -> Result<Self, Error> {
+        let key = russh_keys::load_secret_key(key_path, None).expect("Secret key failed loading");
+        let config = SshConfig::default();
+        let config = Arc::new(config);
+
+        let mut ssh = russh::client::connect(config.clone(), host, Handler).await?;
+        ssh.authenticate_publickey(username, key).await?;
+
+        let (xml, _) = ssh.exec(true, "cat /conf/config.xml").await?;
+        let xml = String::from_utf8(xml).map_err(|e| Error::Config(e.to_string()))?;
+
+        let opnsense = yaserde::de::from_str(&xml).map_err(|e| Error::Xml(e.to_string()))?;
+
+        Ok(Self {
+            opnsense,
+            ssh_config: config,
+            host: host.to_string(),
+            username: username.to_string(),
+        })
+    }
+
+    pub fn get_opnsense(&self) -> &OPNsense {
+        &self.opnsense
+    }
+
+    pub fn get_opnsense_mut(&mut self) -> &mut OPNsense {
+        &mut self.opnsense
+    }
+
+    pub async fn save(&self) -> Result<(), Error> {
+        let xml = yaserde::ser::to_string(&self.opnsense).map_err(|e| Error::Xml(e.to_string()))?;
+
+        let mut ssh = russh::client::connect(self.ssh_config.clone(), &self.host, Handler).await?;
+        ssh.authenticate_publickey(&self.username, key).await?;
+
+        ssh.exec(true, &format!("echo '{}' > /conf/config.xml", xml))
+            .await?;
+
+        Ok(())
+    }
+}
diff --git a/harmony-rs/opnsense-config/src/error.rs b/harmony-rs/opnsense-config/src/error.rs
new file mode 100644
index 0000000..733746b
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/error.rs
@@ -0,0 +1,13 @@
+use thiserror::Error;
+
+#[derive(Error, Debug)]
+pub enum Error {
+    #[error("XML error: {0}")]
+    Xml(String),
+    #[error("SSH error: {0}")]
+    Ssh(#[from] russh::Error),
+    #[error("I/O error: {0}")]
+    Io(#[from] std::io::Error),
+    #[error("Config error: {0}")]
+    Config(String),
+}
diff --git a/harmony-rs/opnsense-config/src/lib.rs b/harmony-rs/opnsense-config/src/lib.rs
new file mode 100644
index 0000000..7673ffc
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/lib.rs
@@ -0,0 +1,6 @@
+pub mod config;
+pub mod modules;
+pub mod error;
+
+pub use config::Config;
+pub use error::Error;
diff --git a/harmony-rs/opnsense-config/src/modules/dhcp.rs b/harmony-rs/opnsense-config/src/modules/dhcp.rs
new file mode 100644
index 0000000..2bb7362
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/modules/dhcp.rs
@@ -0,0 +1,24 @@
+use super::opnsense::{OPNsense, StaticMap};
+
+pub struct DhcpConfig<'a> {
+    opnsense: &'a mut OPNsense,
+}
+
+impl<'a> DhcpConfig<'a> {
+    pub fn new(opnsense: &'a mut OPNsense) -> Self {
+        Self { opnsense }
+    }
+
+    pub fn add_static_mapping(&mut self, mac: String, ipaddr: String, hostname: String) {
+        let static_map = StaticMap {
+            mac,
+            ipaddr,
+            hostname,
+        };
+        self.opnsense.dhcpd.lan.staticmaps.push(static_map);
+    }
+
+    pub fn get_static_mappings(&self) -> &[StaticMap] {
+        &self.opnsense.dhcpd.lan.staticmaps
+    }
+}
diff --git a/harmony-rs/opnsense-config/src/modules/mod.rs b/harmony-rs/opnsense-config/src/modules/mod.rs
new file mode 100644
index 0000000..d847dcb
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/modules/mod.rs
@@ -0,0 +1,2 @@
+pub mod opnsense;
+pub mod dhcp;
diff --git a/harmony-rs/opnsense-config/src/modules/opnsense.rs b/harmony-rs/opnsense-config/src/modules/opnsense.rs
new file mode 100644
index 0000000..2ca04c0
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/modules/opnsense.rs
@@ -0,0 +1,44 @@
+use yaserde_derive::{YaDeserialize, YaSerialize};
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+#[yaserde(rename = "opnsense")]
+pub struct OPNsense {
+    #[yaserde(rename = "dhcpd")]
+    pub dhcpd: Dhcpd,
+    // Add other top-level elements as needed
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Dhcpd {
+    #[yaserde(rename = "lan")]
+    pub lan: DhcpInterface,
+    // Add other interfaces as needed
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct DhcpInterface {
+    #[yaserde(rename = "enable")]
+    pub enable: bool,
+    #[yaserde(rename = "range")]
+    pub range: DhcpRange,
+    #[yaserde(rename = "staticmap")]
+    pub staticmaps: Vec<StaticMap>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct DhcpRange {
+    #[yaserde(rename = "from")]
+    pub from: String,
+    #[yaserde(rename = "to")]
+    pub to: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct StaticMap {
+    #[yaserde(rename = "mac")]
+    pub mac: String,
+    #[yaserde(rename = "ipaddr")]
+    pub ipaddr: String,
+    #[yaserde(rename = "hostname")]
+    pub hostname: String,
+}

From 8459c38499e751669d0373735e47d1a44b770410 Mon Sep 17 00:00:00 2001
From: Jean-Gabriel Gill-Couture <jeangabriel.gc@gmail.com>
Date: Mon, 14 Oct 2024 07:53:02 -0400
Subject: [PATCH 05/19] wip(opnsense-config): It compiles now, still have to
 test it

---
 harmony-rs/opnsense-config/src/config.rs | 64 ++++++++++++++++++++----
 1 file changed, 54 insertions(+), 10 deletions(-)

diff --git a/harmony-rs/opnsense-config/src/config.rs b/harmony-rs/opnsense-config/src/config.rs
index 99c8a45..205b7d3 100644
--- a/harmony-rs/opnsense-config/src/config.rs
+++ b/harmony-rs/opnsense-config/src/config.rs
@@ -1,27 +1,68 @@
 use crate::error::Error;
 use crate::modules::opnsense::OPNsense;
+use async_trait::async_trait;
 use russh::client::{Config as SshConfig, Handler};
-use std::sync::Arc;
 use russh_keys::key;
+use std::{fmt::Write as _, sync::Arc};
+use tokio::io::AsyncWriteExt;
+
+struct Client {}
+
+// More SSH event handlers
+// can be defined in this trait
+// In this example, we're only using Channel, so these aren't needed.
+#[async_trait]
+impl Handler for Client {
+    type Error = Error;
+
+    async fn check_server_key(
+        &mut self,
+        _server_public_key: &key::PublicKey,
+    ) -> Result<bool, Self::Error> {
+        Ok(true)
+    }
+}
 
 pub struct Config {
     opnsense: OPNsense,
     ssh_config: Arc<SshConfig>,
     host: String,
     username: String,
+    key: Arc<key::KeyPair>,
 }
 
 impl Config {
     pub async fn new(host: &str, username: &str, key_path: &str) -> Result<Self, Error> {
         let key = russh_keys::load_secret_key(key_path, None).expect("Secret key failed loading");
+        let key = Arc::new(key);
         let config = SshConfig::default();
         let config = Arc::new(config);
 
-        let mut ssh = russh::client::connect(config.clone(), host, Handler).await?;
-        ssh.authenticate_publickey(username, key).await?;
+        let mut ssh = russh::client::connect(config.clone(), host, Client {}).await?;
+        ssh.authenticate_publickey(username, key.clone()).await?;
 
-        let (xml, _) = ssh.exec(true, "cat /conf/config.xml").await?;
-        let xml = String::from_utf8(xml).map_err(|e| Error::Config(e.to_string()))?;
+        let mut channel = ssh.channel_open_session().await?;
+
+        channel.exec(true, "cat /conf/config.xml").await?;
+        let mut code;
+        let mut output = String::new();
+        loop {
+            let Some(msg) = channel.wait().await else {
+                break;
+            };
+
+            match msg {
+                russh::ChannelMsg::Data { ref data } => {
+                    write!(&mut output, "{:?}", data);
+                    println!("Got data {output}");
+                }
+                russh::ChannelMsg::ExitStatus { exit_status } => {
+                    code = Some(exit_status);
+                }
+                _ => todo!(),
+            }
+        }
+        let xml = output;
 
         let opnsense = yaserde::de::from_str(&xml).map_err(|e| Error::Xml(e.to_string()))?;
 
@@ -30,6 +71,7 @@ impl Config {
             ssh_config: config,
             host: host.to_string(),
             username: username.to_string(),
+            key,
         })
     }
 
@@ -44,12 +86,14 @@ impl Config {
     pub async fn save(&self) -> Result<(), Error> {
         let xml = yaserde::ser::to_string(&self.opnsense).map_err(|e| Error::Xml(e.to_string()))?;
 
-        let mut ssh = russh::client::connect(self.ssh_config.clone(), &self.host, Handler).await?;
-        ssh.authenticate_publickey(&self.username, key).await?;
+        let mut ssh =
+            russh::client::connect(self.ssh_config.clone(), &self.host, Client {}).await?;
+        ssh.authenticate_publickey(&self.username, self.key.clone()).await?;
+        todo!("Writing config file to remote host {xml}");
 
-        ssh.exec(true, &format!("echo '{}' > /conf/config.xml", xml))
-            .await?;
+        // ssh.exec(true, &format!("echo '{}' > /conf/config.xml", xml))
+        //     .await?;
 
-        Ok(())
+        // Ok(())
     }
 }

From b332723431f581db7254fd5da9e79b950e8b36f4 Mon Sep 17 00:00:00 2001
From: Jean-Gabriel Gill-Couture <jeangabriel.gc@gmail.com>
Date: Mon, 14 Oct 2024 16:13:20 -0400
Subject: [PATCH 06/19] feat(opnsense-config): Refactor config to use a
 repository trait, implement file based and ssh, save a full config file

---
 harmony-rs/Cargo.lock                         |    8 +-
 harmony-rs/opnsense-config/Cargo.toml         |    6 +-
 harmony-rs/opnsense-config/src/config.rs      |  170 +-
 .../src/tests/data/config-full-1.xml          | 2778 +++++++++++++++++
 4 files changed, 2917 insertions(+), 45 deletions(-)
 create mode 100644 harmony-rs/opnsense-config/src/tests/data/config-full-1.xml

diff --git a/harmony-rs/Cargo.lock b/harmony-rs/Cargo.lock
index db0ca21..6fc9ac4 100644
--- a/harmony-rs/Cargo.lock
+++ b/harmony-rs/Cargo.lock
@@ -1240,8 +1240,10 @@ name = "opnsense-config"
 version = "0.1.0"
 dependencies = [
  "async-trait",
+ "log",
  "russh",
  "russh-keys",
+ "serde",
  "thiserror",
  "tokio",
  "xml-rs",
@@ -2594,8 +2596,7 @@ dependencies = [
 [[package]]
 name = "yaserde"
 version = "0.11.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d8198a8ee4113411b7be1086e10b654f83653c01e4bd176fb98fe9d11951af5e"
+source = "git+https://git.nationtech.io/NationTech/yaserde#353558737f3ef73e93164c596ff920d4344f30a3"
 dependencies = [
  "log",
  "xml-rs",
@@ -2604,8 +2605,7 @@ dependencies = [
 [[package]]
 name = "yaserde_derive"
 version = "0.11.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "82eaa312529cc56b0df120253c804a8c8d593d2b5fe8deb5402714f485f62d79"
+source = "git+https://git.nationtech.io/NationTech/yaserde#353558737f3ef73e93164c596ff920d4344f30a3"
 dependencies = [
  "heck",
  "log",
diff --git a/harmony-rs/opnsense-config/Cargo.toml b/harmony-rs/opnsense-config/Cargo.toml
index 8499311..d79b74e 100644
--- a/harmony-rs/opnsense-config/Cargo.toml
+++ b/harmony-rs/opnsense-config/Cargo.toml
@@ -4,10 +4,12 @@ version = "0.1.0"
 edition = "2021"
 
 [dependencies]
+serde = { version = "1.0.123", features = [ "derive" ] }
+log = { workspace = true }
 russh = { workspace = true }
 russh-keys = { workspace = true }
-yaserde = "0.11.1"
-yaserde_derive = "0.11.1"
+yaserde = { git = "https://git.nationtech.io/NationTech/yaserde" }
+yaserde_derive = { git = "https://git.nationtech.io/NationTech/yaserde" }
 xml-rs = "0.8"
 thiserror = "1.0"
 async-trait = { workspace = true }
diff --git a/harmony-rs/opnsense-config/src/config.rs b/harmony-rs/opnsense-config/src/config.rs
index 205b7d3..41f2ee3 100644
--- a/harmony-rs/opnsense-config/src/config.rs
+++ b/harmony-rs/opnsense-config/src/config.rs
@@ -1,16 +1,19 @@
 use crate::error::Error;
 use crate::modules::opnsense::OPNsense;
 use async_trait::async_trait;
+use log::info;
 use russh::client::{Config as SshConfig, Handler};
 use russh_keys::key;
-use std::{fmt::Write as _, sync::Arc};
-use tokio::io::AsyncWriteExt;
+use std::{fs, net::Ipv4Addr, path::Path, sync::Arc};
+
+#[async_trait]
+pub trait ConfigRepository: std::fmt::Debug {
+    async fn load(&self) -> Result<String, Error>;
+    async fn save(&self, content: &str) -> Result<(), Error>;
+}
 
 struct Client {}
 
-// More SSH event handlers
-// can be defined in this trait
-// In this example, we're only using Channel, so these aren't needed.
 #[async_trait]
 impl Handler for Client {
     type Error = Error;
@@ -23,55 +26,131 @@ impl Handler for Client {
     }
 }
 
-pub struct Config {
-    opnsense: OPNsense,
+#[derive(Debug)]
+pub struct SshConfigRepository {
     ssh_config: Arc<SshConfig>,
-    host: String,
     username: String,
     key: Arc<key::KeyPair>,
+    host: (Ipv4Addr, u16),
 }
 
-impl Config {
-    pub async fn new(host: &str, username: &str, key_path: &str) -> Result<Self, Error> {
-        let key = russh_keys::load_secret_key(key_path, None).expect("Secret key failed loading");
-        let key = Arc::new(key);
-        let config = SshConfig::default();
-        let config = Arc::new(config);
+impl SshConfigRepository {
+    pub fn new(
+        host: (Ipv4Addr, u16),
+        username: String,
+        key: Arc<key::KeyPair>,
+        ssh_config: Arc<SshConfig>,
+    ) -> Self {
+        Self {
+            ssh_config,
+            username,
+            key,
+            host,
+        }
+    }
+}
 
-        let mut ssh = russh::client::connect(config.clone(), host, Client {}).await?;
-        ssh.authenticate_publickey(username, key.clone()).await?;
+#[async_trait]
+impl ConfigRepository for SshConfigRepository {
+    async fn load(&self) -> Result<String, Error> {
+        let mut ssh = russh::client::connect(self.ssh_config.clone(), self.host, Client {}).await?;
+        ssh.authenticate_publickey(&self.username, self.key.clone())
+            .await?;
 
         let mut channel = ssh.channel_open_session().await?;
 
         channel.exec(true, "cat /conf/config.xml").await?;
-        let mut code;
-        let mut output = String::new();
+        let mut output: Vec<u8> = vec![];
+        loop {
+            let Some(msg) = channel.wait().await else {
+                break;
+            };
+
+            info!("got msg {:?}", msg);
+            match msg {
+                russh::ChannelMsg::Data { ref data } => {
+                    output.append(&mut data.to_vec());
+                }
+                russh::ChannelMsg::ExitStatus { .. } => {}
+                russh::ChannelMsg::WindowAdjusted { .. } => {}
+                russh::ChannelMsg::Success { .. } => {}
+                russh::ChannelMsg::Eof { .. } => {}
+                _ => todo!(),
+            }
+        }
+        Ok(String::from_utf8(output).expect("Valid utf-8 bytes"))
+    }
+
+    async fn save(&self, content: &str) -> Result<(), Error> {
+        let mut ssh = russh::client::connect(self.ssh_config.clone(), self.host, Client {}).await?;
+        ssh.authenticate_publickey(&self.username, self.key.clone())
+            .await?;
+
+        let mut channel = ssh.channel_open_session().await?;
+
+        let command = format!(
+            "echo '{}' > /conf/config.xml",
+            content.replace("'", "'\"'\"'")
+        );
+        channel.exec(true, command.as_bytes()).await?;
+
         loop {
             let Some(msg) = channel.wait().await else {
                 break;
             };
 
             match msg {
-                russh::ChannelMsg::Data { ref data } => {
-                    write!(&mut output, "{:?}", data);
-                    println!("Got data {output}");
-                }
                 russh::ChannelMsg::ExitStatus { exit_status } => {
-                    code = Some(exit_status);
+                    if exit_status != 0 {
+                        return Err(Error::Ssh(russh::Error::Disconnect));
+                    }
                 }
-                _ => todo!(),
+                _ => {}
             }
         }
-        let xml = output;
+
+        Ok(())
+    }
+}
+
+#[derive(Debug)]
+pub struct LocalFileConfigRepository {
+    file_path: String,
+}
+
+impl LocalFileConfigRepository {
+    pub fn new(file_path: String) -> Self {
+        Self { file_path }
+    }
+}
+
+#[async_trait]
+impl ConfigRepository for LocalFileConfigRepository {
+    async fn load(&self) -> Result<String, Error> {
+        Ok(fs::read_to_string(&self.file_path)?)
+    }
+
+    async fn save(&self, content: &str) -> Result<(), Error> {
+        Ok(fs::write(&self.file_path, content)?)
+    }
+}
+
+#[derive(Debug)]
+pub struct Config {
+    opnsense: OPNsense,
+    repository: Box<dyn ConfigRepository + Send + Sync>,
+}
+
+impl Config {
+    pub async fn new(repository: Box<dyn ConfigRepository + Send + Sync>) -> Result<Self, Error> {
+        let xml = repository.load().await?;
+        info!("xml {}", xml);
 
         let opnsense = yaserde::de::from_str(&xml).map_err(|e| Error::Xml(e.to_string()))?;
 
         Ok(Self {
             opnsense,
-            ssh_config: config,
-            host: host.to_string(),
-            username: username.to_string(),
-            key,
+            repository,
         })
     }
 
@@ -85,15 +164,28 @@ impl Config {
 
     pub async fn save(&self) -> Result<(), Error> {
         let xml = yaserde::ser::to_string(&self.opnsense).map_err(|e| Error::Xml(e.to_string()))?;
-
-        let mut ssh =
-            russh::client::connect(self.ssh_config.clone(), &self.host, Client {}).await?;
-        ssh.authenticate_publickey(&self.username, self.key.clone()).await?;
-        todo!("Writing config file to remote host {xml}");
-
-        // ssh.exec(true, &format!("echo '{}' > /conf/config.xml", xml))
-        //     .await?;
-
-        // Ok(())
+        self.repository.save(&xml).await
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use std::path::PathBuf;
+
+    #[tokio::test]
+    async fn test_load_config_from_local_file() {
+        let mut test_file_path = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
+        test_file_path.push("src/tests/data/config-full-1.xml");
+
+        let config_file_path = test_file_path.to_str().unwrap().to_string();
+        println!("File path {config_file_path}");
+        let repository = Box::new(LocalFileConfigRepository::new(config_file_path));
+        let config = Config::new(repository)
+            .await
+            .expect("Failed to load config");
+
+        println!("Config {:?}", config);
+        assert!(false);
     }
 }
diff --git a/harmony-rs/opnsense-config/src/tests/data/config-full-1.xml b/harmony-rs/opnsense-config/src/tests/data/config-full-1.xml
new file mode 100644
index 0000000..1feaa2e
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/tests/data/config-full-1.xml
@@ -0,0 +1,2778 @@
+<?xml version="1.0"?>
+<opnsense>
+  <theme>opnsense</theme>
+  <sysctl>
+    <item>
+      <descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
+      <tunable>vfs.read_max</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set the ephemeral port range to be lower.</descr>
+      <tunable>net.inet.ip.portrange.first</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Drop packets to closed TCP ports without returning a RST</descr>
+      <tunable>net.inet.tcp.blackhole</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
+      <tunable>net.inet.udp.blackhole</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Randomize the ID field in IP packets</descr>
+      <tunable>net.inet.ip.random_id</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>
+        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
+        It can also be used to probe for information about your internal networks. These functions come enabled
+        as part of the standard FreeBSD core system.
+      </descr>
+      <tunable>net.inet.ip.sourceroute</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>
+        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
+        It can also be used to probe for information about your internal networks. These functions come enabled
+        as part of the standard FreeBSD core system.
+      </descr>
+      <tunable>net.inet.ip.accept_sourceroute</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>
+        This option turns off the logging of redirect packets because there is no limit and this could fill
+        up your logs consuming your whole hard drive.
+      </descr>
+      <tunable>net.inet.icmp.log_redirect</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
+      <tunable>net.inet.tcp.drop_synfin</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Enable sending IPv6 redirects</descr>
+      <tunable>net.inet6.ip6.redirect</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
+      <tunable>net.inet6.ip6.use_tempaddr</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Prefer privacy addresses and use them over the normal addresses</descr>
+      <tunable>net.inet6.ip6.prefer_tempaddr</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
+      <tunable>net.inet.tcp.syncookies</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
+      <tunable>net.inet.tcp.recvspace</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
+      <tunable>net.inet.tcp.sendspace</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
+      <tunable>net.inet.tcp.delayed_ack</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum outgoing UDP datagram size</descr>
+      <tunable>net.inet.udp.maxdgram</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
+      <tunable>net.link.bridge.pfil_onlyip</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
+      <tunable>net.link.bridge.pfil_local_phys</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
+      <tunable>net.link.bridge.pfil_member</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set to 1 to enable filtering on the bridge interface</descr>
+      <tunable>net.link.bridge.pfil_bridge</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Allow unprivileged access to tap(4) device nodes</descr>
+      <tunable>net.link.tap.user_open</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
+      <tunable>kern.randompid</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum size of the IP input queue</descr>
+      <tunable>net.inet.ip.intr_queue_maxlen</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
+      <tunable>hw.syscons.kbd_reboot</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Hint at default settings for serial console in case the autodetect is not working</descr>
+      <tunable>hw.uart.console</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Enable TCP extended debugging</descr>
+      <tunable>net.inet.tcp.log_debug</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set ICMP Limits</descr>
+      <tunable>net.inet.icmp.icmplim</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>TCP Offload Engine</descr>
+      <tunable>net.inet.tcp.tso</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>UDP Checksums</descr>
+      <tunable>net.inet.udp.checksum</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum socket buffer size</descr>
+      <tunable>kern.ipc.maxsockbuf</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Page Table Isolation (Meltdown mitigation, requires reboot.)</descr>
+      <tunable>vm.pmap.pti</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)</descr>
+      <tunable>hw.ibrs_disable</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Hide processes running as other groups</descr>
+      <tunable>security.bsd.see_other_gids</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Hide processes running as other users</descr>
+      <tunable>security.bsd.see_other_uids</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
+        and for the sender directly reachable, route and next hop is known.
+      </descr>
+      <tunable>net.inet.ip.redirect</tunable>
+      <value>0</value>
+    </item>
+    <item>
+      <descr>
+        Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects
+        to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect
+        packets without returning a response.
+      </descr>
+      <tunable>net.inet.icmp.drop_redirect</tunable>
+      <value>1</value>
+    </item>
+    <item>
+      <descr>Maximum outgoing UDP datagram size</descr>
+      <tunable>net.local.dgram.maxdgram</tunable>
+      <value>default</value>
+    </item>
+  </sysctl>
+  <system>
+    <use_mfs_tmp/>
+    <use_mfs_var/>
+    <serialspeed>115200</serialspeed>
+    <primaryconsole>serial</primaryconsole>
+    <secondaryconsole>video</secondaryconsole>
+    <optimization>normal</optimization>
+    <hostname>OPN1</hostname>
+    <domain>somedomain.yourlocal.mcd</domain>
+    <group>
+      <name>admins</name>
+      <description>System Administrators</description>
+      <scope>system</scope>
+      <gid>1999</gid>
+      <member>0</member>
+      <member>2000</member>
+      <priv>page-all</priv>
+    </group>
+    <user>
+      <name>root</name>
+      <descr>System Administrator</descr>
+      <scope>system</scope>
+      <groupname>admins</groupname>
+      <password>$2y$10$5555555555o8dj21980j1doiOIJDIOASJOID!jidjeue19812y</password>
+      <uid>0</uid>
+      <expires/>
+      <authorizedkeys/>
+      <ipsecpsk/>
+      <otp_seed/>
+    </user>
+    <user>
+      <password>$2y$11$55555555556D8198uOASIDJaiojdjd1oijdijosaoijdaoidOIASJDoijdoiadOASdoiK</password>
+      <scope>user</scope>
+      <name>someuser</name>
+      <descr/>
+      <expires/>
+      <authorizedkeys/>
+      <ipsecpsk/>
+      <otp_seed/>
+      <shell>/bin/sh</shell>
+      <uid>2000</uid>
+    </user>
+    <nextuid>2001</nextuid>
+    <nextgid>2000</nextgid>
+    <timezone>Etc/UTC</timezone>
+    <timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
+    <webgui>
+      <protocol>https</protocol>
+      <ssl-certref>6155aba4c9375</ssl-certref>
+      <port/>
+      <ssl-ciphers/>
+      <interfaces/>
+      <compression/>
+    </webgui>
+    <usevirtualterminal>1</usevirtualterminal>
+    <disableconsolemenu>1</disableconsolemenu>
+    <disablevlanhwfilter>1</disablevlanhwfilter>
+    <disablechecksumoffloading>1</disablechecksumoffloading>
+    <disablesegmentationoffloading>1</disablesegmentationoffloading>
+    <disablelargereceiveoffloading>1</disablelargereceiveoffloading>
+    <ipv6allow>1</ipv6allow>
+    <powerd_ac_mode>hadp</powerd_ac_mode>
+    <powerd_battery_mode>hadp</powerd_battery_mode>
+    <powerd_normal_mode>hadp</powerd_normal_mode>
+    <bogons>
+      <interval>monthly</interval>
+    </bogons>
+    <crypto_hardware>aesni</crypto_hardware>
+    <pf_share_forward>1</pf_share_forward>
+    <lb_use_sticky>1</lb_use_sticky>
+    <kill_states>1</kill_states>
+    <ssh>
+      <group>admins</group>
+      <noauto>1</noauto>
+      <interfaces/>
+      <kex/>
+      <ciphers/>
+      <macs/>
+      <keys/>
+      <enabled>enabled</enabled>
+      <passwordauth>1</passwordauth>
+      <keysig/>
+      <permitrootlogin>1</permitrootlogin>
+    </ssh>
+    <firmware version="1.0.1">
+      <mirror/>
+      <flavour/>
+      <plugins>os-ddclient,os-dyndns,os-haproxy,os-wireguard</plugins>
+      <type/>
+      <subscription/>
+    </firmware>
+    <sudo_allow_wheel>1</sudo_allow_wheel>
+    <sudo_allow_group>admins</sudo_allow_group>
+    <enablenatreflectionhelper>yes</enablenatreflectionhelper>
+    <rulesetoptimization>basic</rulesetoptimization>
+    <maximumstates/>
+    <maximumfrags/>
+    <aliasesresolveinterval/>
+    <maximumtableentries/>
+    <language>en_US</language>
+    <dnsserver/>
+    <dns1gw>none</dns1gw>
+    <dns2gw>none</dns2gw>
+    <dns3gw>none</dns3gw>
+    <dns4gw>none</dns4gw>
+    <dns5gw>none</dns5gw>
+    <dns6gw>none</dns6gw>
+    <dns7gw>none</dns7gw>
+    <dns8gw>none</dns8gw>
+    <dnsallowoverride>1</dnsallowoverride>
+    <dnsallowoverride_exclude/>
+  </system>
+  <interfaces>
+    <wan>
+      <if>pppoe0</if>
+      <descr>WAN</descr>
+      <enable>1</enable>
+      <lock>1</lock>
+      <spoofmac/>
+      <blockpriv>1</blockpriv>
+      <blockbogons>1</blockbogons>
+      <ipaddr>pppoe</ipaddr>
+    </wan>
+    <lan>
+      <if>em1</if>
+      <descr>LAN</descr>
+      <enable>1</enable>
+      <spoofmac/>
+      <ipaddr>192.168.20.1</ipaddr>
+      <subnet>24</subnet>
+      <ipaddrv6>track6</ipaddrv6>
+      <track6-interface/>
+      <track6-prefix-id>0</track6-prefix-id>
+    </lan>
+    <lo0>
+      <internal_dynamic>1</internal_dynamic>
+      <descr>Loopback</descr>
+      <enable>1</enable>
+      <if>lo0</if>
+      <ipaddr>127.0.0.1</ipaddr>
+      <ipaddrv6>::1</ipaddrv6>
+      <subnet>8</subnet>
+      <subnetv6>128</subnetv6>
+      <type>none</type>
+      <virtual>1</virtual>
+    </lo0>
+    <opt1>
+      <if>em5</if>
+      <descr>backup_sync</descr>
+      <enable>1</enable>
+      <lock>1</lock>
+      <spoofmac/>
+      <ipaddr>10.10.5.1</ipaddr>
+      <subnet>24</subnet>
+    </opt1>
+    <wireguard>
+      <internal_dynamic>1</internal_dynamic>
+      <descr>WireGuard (Group)</descr>
+      <if>wireguard</if>
+      <virtual>1</virtual>
+      <enable>1</enable>
+      <type>group</type>
+      <networks/>
+    </wireguard>
+    <openvpn>
+      <internal_dynamic>1</internal_dynamic>
+      <enable>1</enable>
+      <if>openvpn</if>
+      <descr>OpenVPN</descr>
+      <type>group</type>
+      <virtual>1</virtual>
+      <networks/>
+    </openvpn>
+  </interfaces>
+  <dhcpd>
+    <lan>
+      <enable>1</enable>
+      <gateway>192.168.20.1</gateway>
+      <domain>somedomain.yourlocal.mcd</domain>
+      <ddnsdomainalgorithm>hmac-md5</ddnsdomainalgorithm>
+      <numberoptions>
+        <item/>
+      </numberoptions>
+      <range>
+        <from>192.168.20.50</from>
+        <to>192.168.20.200</to>
+      </range>
+      <winsserver/>
+      <dnsserver>192.168.20.1</dnsserver>
+      <ntpserver/>
+      <staticmap>
+        <mac>55:55:55:55:55:1c</mac>
+        <ipaddr>192.168.20.160</ipaddr>
+        <hostname>somehost983</hostname>
+        <descr>someservire8</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>55:55:55:55:55:1c</mac>
+        <ipaddr>192.168.20.155</ipaddr>
+        <hostname>somehost893</hostname>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>55:55:55:55:55:1c</mac>
+        <ipaddr>192.168.20.52</ipaddr>
+        <hostname>somehost545</hostname>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>55:55:55:55:55:1c</mac>
+        <ipaddr>192.168.20.51</ipaddr>
+        <hostname>sw1</hostname>
+        <descr>someswitch2</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>55:55:55:55:55:1c</mac>
+        <ipaddr>192.168.20.50</ipaddr>
+        <hostname>hostswitch2</hostname>
+        <descr>switch-2 (bottom)</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <pool/>
+    </lan>
+  </dhcpd>
+  <snmpd>
+    <syslocation/>
+    <syscontact/>
+    <rocommunity>public</rocommunity>
+  </snmpd>
+  <syslog>
+    <reverse/>
+    <preservelogs>3</preservelogs>
+  </syslog>
+  <nat>
+    <outbound>
+      <mode>automatic</mode>
+    </outbound>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr/>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_618812d37b8193.31302503</associated-rule-id>
+      <target>host_3</target>
+      <local-port>22</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>55555</port>
+      </destination>
+      <updated>
+        <username>root@192.168.1.118</username>
+        <time>1636307667.506</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.1.118</username>
+        <time>1636307667.506</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr/>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_64fa19f4acba11.80049900</associated-rule-id>
+      <target>192.168.20.150</target>
+      <local-port>7860</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>7860</port>
+      </destination>
+      <updated>
+        <username>root@172.12.0.10</username>
+        <time>1694179239.7533</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@172.12.0.10</username>
+        <time>1694112244.7076</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr/>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_64fb1fbba71e29.76190279</associated-rule-id>
+      <target>192.168.20.150</target>
+      <local-port>7861</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>7861</port>
+      </destination>
+      <updated>
+        <username>root@172.12.0.10</username>
+        <time>1694179259.6846</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@172.12.0.10</username>
+        <time>1694179259.6846</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr/>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_64fb1fcea6d8b7.62653343</associated-rule-id>
+      <target>192.168.20.150</target>
+      <local-port>7862</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>7862</port>
+      </destination>
+      <updated>
+        <username>root@172.12.0.10</username>
+        <time>1694179278.6835</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@172.12.0.10</username>
+        <time>1694179278.6835</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr/>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_64fb1fdb48ff18.28912920</associated-rule-id>
+      <target>192.168.20.150</target>
+      <local-port>7863</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>7863</port>
+      </destination>
+      <updated>
+        <username>root@172.12.0.10</username>
+        <time>1694179291.299</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@172.12.0.10</username>
+        <time>1694179291.299</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr/>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_65aed5a66c4f65.25454286</associated-rule-id>
+      <target>192.168.20.140</target>
+      <local-port>8081</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>10100</port>
+      </destination>
+      <updated>
+        <username>root@192.168.20.100</username>
+        <time>1705956774.4437</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.20.100</username>
+        <time>1705956774.4437</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr/>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_65aed67d497580.58958916</associated-rule-id>
+      <target>192.168.20.160</target>
+      <local-port>8080</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>10101</port>
+      </destination>
+      <updated>
+        <username>root@192.168.20.100</username>
+        <time>1709643235.0793</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.20.100</username>
+        <time>1705956989.301</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr/>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_65aed6961c4ea7.81903986</associated-rule-id>
+      <target>192.168.20.160</target>
+      <local-port>4000</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>10110</port>
+      </destination>
+      <updated>
+        <username>root@192.168.20.100</username>
+        <time>1709643245.355</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.20.100</username>
+        <time>1705957014.116</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr/>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_65f4a5b928c9a7.52477383</associated-rule-id>
+      <target>192.168.20.115</target>
+      <local-port>5000</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>10111</port>
+      </destination>
+      <updated>
+        <username>root@192.168.20.147</username>
+        <time>1710941303.9911</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.20.100</username>
+        <time>1710532025.1672</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Redirecting to someservice1 on somehost9</descr>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_662bb59baf7573.98640354</associated-rule-id>
+      <target>192.168.20.115</target>
+      <local-port>11434</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>11000</port>
+      </destination>
+      <updated>
+        <username>root@192.168.20.100</username>
+        <time>1714140571.7188</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.20.100</username>
+        <time>1714140571.7188</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr>port forwarding for virtual ip for someservice2 servers</descr>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>pass</associated-rule-id>
+      <target>someservice2_vip</target>
+      <local-port>55555</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>55555</port>
+      </destination>
+      <updated>
+        <username>root@172.12.0.12</username>
+        <time>1728676366.2167</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@172.12.0.12</username>
+        <time>1728656046.0442</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr>port forwarding for virtual ip for someservice2 servers</descr>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_670979b3279551.73601303</associated-rule-id>
+      <disabled>1</disabled>
+      <target>192.168.20.1</target>
+      <local-port>55555</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>55555</port>
+      </destination>
+      <updated>
+        <username>root@172.12.0.12</username>
+        <time>1728676373.4668</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@172.12.0.12</username>
+        <time>1728674227.1622</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr>port forwarding for reconfig of someservice2 somehost3</descr>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_6709763b6a6748.85579760</associated-rule-id>
+      <disabled>1</disabled>
+      <target>192.168.20.132</target>
+      <local-port>55555</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>5533</port>
+      </destination>
+      <updated>
+        <username>root@172.12.0.12</username>
+        <time>1728676388.8268</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@172.12.0.12</username>
+        <time>1728673339.4359</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Redirecting to someservice81 on somehost9</descr>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_663c3458b7b5e4.19986620</associated-rule-id>
+      <target>192.168.20.115</target>
+      <local-port>27017</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>27057</port>
+      </destination>
+      <updated>
+        <username>root@172.12.0.8</username>
+        <time>1715221701.8228</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@172.12.0.8</username>
+        <time>1715221592.7526</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Redirecting to someservice858 on somehost545</descr>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_663d85b2e3b364.53108170</associated-rule-id>
+      <target>192.168.20.163</target>
+      <local-port>8888</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>8888</port>
+      </destination>
+      <updated>
+        <username>root@172.12.0.10</username>
+        <time>1715308572.9782</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@172.12.0.10</username>
+        <time>1715307954.9327</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Redirecting to someservice858 on somehost545</descr>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_667cd97504d870.57128970</associated-rule-id>
+      <target>192.168.20.163</target>
+      <local-port>8889</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>9888</port>
+      </destination>
+      <updated>
+        <username>root@172.12.0.8</username>
+        <time>1719458165.0199</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@172.12.0.8</username>
+        <time>1719458165.0199</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Redirecting to someservice858 on somehost9</descr>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_666c8932142ed6.34062700</associated-rule-id>
+      <target>192.168.20.115</target>
+      <local-port>8888</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>8889</port>
+      </destination>
+      <updated>
+        <username>root@192.168.20.100</username>
+        <time>1718389042.0828</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.20.100</username>
+        <time>1718389042.0828</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr/>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_651ffc35e573d9.09092618</associated-rule-id>
+      <target>192.168.20.140</target>
+      <local-port>22</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>30140</port>
+      </destination>
+      <updated>
+        <username>root@172.12.0.11</username>
+        <time>1696594997.9399</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@172.12.0.11</username>
+        <time>1696594997.9399</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+  </nat>
+  <filter>
+    <rule uuid="36bf9a49-7705-40d4-9ea8-815a215ce007">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>allow public connections to vpn</descr>
+      <direction>in</direction>
+      <category>wireguard</category>
+      <quick>1</quick>
+      <protocol>udp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>51820</port>
+      </destination>
+      <updated>
+        <username>root@192.168.1.118</username>
+        <time>1636306863.2747</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.1.118</username>
+        <time>1636305029.8036</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="0568810c-a24e-40c5-bcd9-f20a9badb9d5">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>icmp</protocol>
+      <icmptype>echoreq</icmptype>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+      </destination>
+      <updated>
+        <username>root@192.168.1.136</username>
+        <time>1636465204.4671</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.1.118</username>
+        <time>1636305759.776</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="492b7596-d929-46cb-a6b9-c9cc34a0ca74">
+      <source>
+        <any>1</any>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>x3690_3</address>
+        <port>22</port>
+      </destination>
+      <descr/>
+      <category/>
+      <associated-rule-id>nat_618812d37b8193.31302503</associated-rule-id>
+      <created>
+        <username>root@192.168.1.118</username>
+        <time>1636307667.5059</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="eeba39a9-d0f6-4b1e-a785-7278b0b241ab">
+      <source>
+        <any>1</any>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>192.168.20.150</address>
+        <port>7860</port>
+      </destination>
+      <descr/>
+      <category/>
+      <associated-rule-id>nat_64fa19f4acba11.80049900</associated-rule-id>
+      <created>
+        <username>root@172.12.0.10</username>
+        <time>1694112244.7075</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="c19adc1c-fec2-4183-93ed-5e46efca1adf">
+      <source>
+        <any>1</any>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>192.168.20.150</address>
+        <port>7861</port>
+      </destination>
+      <descr/>
+      <category/>
+      <associated-rule-id>nat_64fb1fbba71e29.76190279</associated-rule-id>
+      <created>
+        <username>root@172.12.0.10</username>
+        <time>1694179259.6845</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="c0831633-8c3b-408e-82d0-3e3f61d0ee3d">
+      <source>
+        <any>1</any>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>192.168.20.150</address>
+        <port>7862</port>
+      </destination>
+      <descr/>
+      <category/>
+      <associated-rule-id>nat_64fb1fcea6d8b7.62653343</associated-rule-id>
+      <created>
+        <username>root@172.12.0.10</username>
+        <time>1694179278.6835</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="3f600791-1fa6-4cb4-877d-45fe2ea175a9">
+      <source>
+        <any>1</any>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>192.168.20.150</address>
+        <port>7863</port>
+      </destination>
+      <descr/>
+      <category/>
+      <associated-rule-id>nat_64fb1fdb48ff18.28912920</associated-rule-id>
+      <created>
+        <username>root@172.12.0.10</username>
+        <time>1694179291.299</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="7dd160f0-663e-465b-be94-a069df112a95">
+      <source>
+        <any>1</any>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>192.168.20.140</address>
+        <port>22</port>
+      </destination>
+      <descr/>
+      <category/>
+      <associated-rule-id>nat_651ffc35e573d9.09092618</associated-rule-id>
+      <created>
+        <username>root@172.12.0.11</username>
+        <time>1696594997.9399</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="1e576704-da50-4dd9-a425-77fa5c4e563a">
+      <associated-rule-id>nat_65aed5a66c4f65.25454286</associated-rule-id>
+      <source>
+        <any>1</any>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>192.168.20.140</address>
+        <port>8081</port>
+      </destination>
+      <descr/>
+      <category/>
+      <created>
+        <username>root@192.168.20.100</username>
+        <time>1705956774.4437</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="aa41dd13-9c5a-4048-8820-f9558cea8ba3">
+      <associated-rule-id>nat_65aed67d497580.58958916</associated-rule-id>
+      <source>
+        <any>1</any>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>192.168.20.160</address>
+        <port>8080</port>
+      </destination>
+      <descr/>
+      <category/>
+      <created>
+        <username>root@192.168.20.100</username>
+        <time>1705956989.3009</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="dfd53bf0-cea9-4254-8b0a-106f327d72e5">
+      <associated-rule-id>nat_65aed6961c4ea7.81903986</associated-rule-id>
+      <source>
+        <any>1</any>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>192.168.20.160</address>
+        <port>4000</port>
+      </destination>
+      <descr/>
+      <category/>
+      <created>
+        <username>root@192.168.20.100</username>
+        <time>1705957014.116</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="777bdd94-51b9-4daf-b744-70b9cb3c9f94">
+      <associated-rule-id>nat_65f4a5b928c9a7.52477383</associated-rule-id>
+      <source>
+        <any>1</any>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>192.168.20.115</address>
+        <port>5000</port>
+      </destination>
+      <descr/>
+      <category/>
+      <created>
+        <username>root@192.168.20.100</username>
+        <time>1710532025.1671</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="98f400f5-1a91-46aa-8d35-f78b34bc7a04">
+      <associated-rule-id>nat_662bb59baf7573.98640354</associated-rule-id>
+      <source>
+        <any>1</any>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>192.168.20.115</address>
+        <port>11434</port>
+      </destination>
+      <descr>Redirecting to someservice1 on somehost9</descr>
+      <category/>
+      <created>
+        <username>root@192.168.20.100</username>
+        <time>1714140571.7187</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="fef5ec47-f5e7-45cc-a9f7-f8eeb6d1160c">
+      <associated-rule-id>nat_663c3458b7b5e4.19986620</associated-rule-id>
+      <source>
+        <any>1</any>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>192.168.20.115</address>
+        <port>27017</port>
+      </destination>
+      <descr>Redirecting to someservice81 on somehost9</descr>
+      <category/>
+      <created>
+        <username>root@172.12.0.8</username>
+        <time>1715221592.7525</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="4170cf4e-4116-42e9-a3ec-eff6768bca9d">
+      <associated-rule-id>nat_663d85b2e3b364.53108170</associated-rule-id>
+      <source>
+        <any>1</any>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>192.168.20.163</address>
+        <port>8888</port>
+      </destination>
+      <descr>Redirecting to someservice858 on somehost545</descr>
+      <category/>
+      <created>
+        <username>root@172.12.0.10</username>
+        <time>1715307954.9327</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="79e4325d-93af-4af2-9fa0-263c69545eb0">
+      <associated-rule-id>nat_666c8932142ed6.34062700</associated-rule-id>
+      <source>
+        <any>1</any>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>192.168.20.115</address>
+        <port>8888</port>
+      </destination>
+      <descr>Redirecting to someservice858 on somehost9</descr>
+      <category/>
+      <created>
+        <username>root@192.168.20.100</username>
+        <time>1718389042.0827</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="1b68a264-e475-4cc6-b852-0797154fdf2b">
+      <associated-rule-id>nat_667cd97504d870.57128970</associated-rule-id>
+      <source>
+        <any>1</any>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>192.168.20.163</address>
+        <port>8889</port>
+      </destination>
+      <descr>Redirecting to someservice858 on somehost545</descr>
+      <category/>
+      <created>
+        <username>root@172.12.0.8</username>
+        <time>1719458165.0199</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="cdf89008-5ca0-4755-a83b-1d99ce595fd0">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>open virtual ip address for someservice2</descr>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <address>192.168.20.225</address>
+        <port>55555</port>
+      </destination>
+      <updated>
+        <username>root@172.12.0.12</username>
+        <time>1728660191.9737</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@172.12.0.12</username>
+        <time>1728655580.6616</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="96d70c20-b78c-4e18-9823-79b71eba964c">
+      <type>pass</type>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Default allow LAN to any rule</descr>
+      <interface>lan</interface>
+      <source>
+        <network>lan</network>
+      </source>
+      <destination>
+        <any/>
+      </destination>
+    </rule>
+    <rule uuid="61194fb7-8916-4e30-a32b-a90495987c64">
+      <type>pass</type>
+      <ipprotocol>inet6</ipprotocol>
+      <descr>Default allow LAN IPv6 to any rule</descr>
+      <interface>lan</interface>
+      <source>
+        <network>lan</network>
+      </source>
+      <destination>
+        <any/>
+      </destination>
+    </rule>
+    <rule uuid="f227db73-52d2-44e7-b22f-f6ea9923c8f2">
+      <type>pass</type>
+      <interface>lan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>carp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <any>1</any>
+      </destination>
+      <updated>
+        <username>root@192.168.20.100</username>
+        <time>1657657495.8293</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.20.100</username>
+        <time>1657657495.8293</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="c2bb88d0-6684-4388-adba-74eae3428453">
+      <type>pass</type>
+      <interface>wireguard</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <direction>in</direction>
+      <quick>1</quick>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <any>1</any>
+      </destination>
+      <updated>
+        <username>root@192.168.20.100</username>
+        <time>1657657288.1753</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.1.136</username>
+        <time>1636397813.3549</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <associated-rule-id>nat_6709763b6a6748.85579760</associated-rule-id>
+      <source>
+        <any>1</any>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>192.168.20.132</address>
+        <port>55555</port>
+      </destination>
+      <descr>port forwarding for reconfig of someservice2 somehost3</descr>
+      <category/>
+      <created>
+        <username>root@172.12.0.12</username>
+        <time>1728673339.4359</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+      <disabled>1</disabled>
+    </rule>
+    <rule>
+      <associated-rule-id>nat_670979b3279551.73601303</associated-rule-id>
+      <source>
+        <any>1</any>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>192.168.20.1</address>
+        <port>55555</port>
+      </destination>
+      <descr>port forwarding for virtual ip for someservice2 servers</descr>
+      <category/>
+      <created>
+        <username>root@172.12.0.12</username>
+        <time>1728674227.1622</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+      <disabled>1</disabled>
+    </rule>
+  </filter>
+  <load_balancer>
+    <monitor_type>
+      <name>ICMP</name>
+      <type>icmp</type>
+      <descr>ICMP</descr>
+      <options/>
+    </monitor_type>
+    <monitor_type>
+      <name>TCP</name>
+      <type>tcp</type>
+      <descr>Generic TCP</descr>
+      <options/>
+    </monitor_type>
+    <monitor_type>
+      <name>HTTP</name>
+      <type>http</type>
+      <descr>Generic HTTP</descr>
+      <options>
+        <path>/</path>
+        <host/>
+        <code>200</code>
+      </options>
+    </monitor_type>
+    <monitor_type>
+      <name>HTTPS</name>
+      <type>https</type>
+      <descr>Generic HTTPS</descr>
+      <options>
+        <path>/</path>
+        <host/>
+        <code>200</code>
+      </options>
+    </monitor_type>
+    <monitor_type>
+      <name>SMTP</name>
+      <type>send</type>
+      <descr>Generic SMTP</descr>
+      <options>
+        <send/>
+        <expect>220 *</expect>
+      </options>
+    </monitor_type>
+  </load_balancer>
+  <ntpd>
+    <prefer>0.opnsense.pool.ntp.org</prefer>
+  </ntpd>
+  <widgets>
+    <sequence>system_information-container:00000000-col3:show,traffic_graphs-container:00000001-col3:show,thermal_sensors-container:00000002-col3:show,log-container:00000003-col3:show,services_status-container:00000004-col4:show,gateways-container:00000005-col4:show,interface_list-container:00000006-col4:show,carp_status-container:00000007-col4:show,wireguard-container:00000008-col4:show,dyn_dns_status-container:00000009-col4:show,system_log-container:00000010-col4:show</sequence>
+    <column_count>2</column_count>
+  </widgets>
+  <revision>
+    <username>root@172.12.0.12</username>
+    <time>1728676391.9878</time>
+    <description>/firewall_nat.php made changes</description>
+  </revision>
+  <OPNsense>
+    <captiveportal version="1.0.1">
+      <zones/>
+      <templates/>
+    </captiveportal>
+    <cron version="1.0.4">
+      <jobs/>
+    </cron>
+    <Netflow version="1.0.1">
+      <capture>
+        <interfaces/>
+        <egress_only/>
+        <version>v9</version>
+        <targets/>
+      </capture>
+      <collect>
+        <enable>0</enable>
+      </collect>
+      <activeTimeout>1800</activeTimeout>
+      <inactiveTimeout>15</inactiveTimeout>
+    </Netflow>
+    <Firewall>
+      <Lvtemplate version="0.0.1">
+        <templates/>
+      </Lvtemplate>
+      <Category version="1.0.0">
+        <categories>
+          <category uuid="1d91d52b-7588-40c5-8c2c-05acdfcf8c1e">
+            <name>wireguard</name>
+            <auto>1</auto>
+            <color/>
+          </category>
+        </categories>
+      </Category>
+      <Alias version="1.0.1">
+        <geoip>
+          <url/>
+        </geoip>
+        <aliases>
+          <alias uuid="298089ad-f84a-4dda-9c10-6653a7464294">
+            <enabled>1</enabled>
+            <name>x3690_3</name>
+            <type>host</type>
+            <proto/>
+            <interface/>
+            <counters>0</counters>
+            <updatefreq/>
+            <content>192.168.1.136</content>
+            <categories/>
+            <description/>
+          </alias>
+          <alias uuid="e80d6d23-a0b0-4432-aff5-b5be0557eb01">
+            <enabled>1</enabled>
+            <name>someservice2_vip</name>
+            <type>host</type>
+            <proto/>
+            <interface/>
+            <counters>0</counters>
+            <updatefreq/>
+            <content>192.168.20.225</content>
+            <categories/>
+            <description>alias for someservice2 vip</description>
+          </alias>
+        </aliases>
+      </Alias>
+    </Firewall>
+    <IDS version="1.0.9">
+      <rules/>
+      <policies/>
+      <userDefinedRules/>
+      <files/>
+      <fileTags/>
+      <general>
+        <enabled>0</enabled>
+        <ips>0</ips>
+        <promisc>0</promisc>
+        <interfaces>wan</interfaces>
+        <homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
+        <defaultPacketSize/>
+        <UpdateCron/>
+        <AlertLogrotate>W0D23</AlertLogrotate>
+        <AlertSaveLogs>4</AlertSaveLogs>
+        <MPMAlgo>ac</MPMAlgo>
+        <detect>
+          <Profile>medium</Profile>
+          <toclient_groups/>
+          <toserver_groups/>
+        </detect>
+        <syslog>0</syslog>
+        <syslog_eve>0</syslog_eve>
+        <LogPayload>0</LogPayload>
+        <verbosity/>
+      </general>
+    </IDS>
+    <IPsec version="1.0.1">
+      <general>
+        <enabled/>
+      </general>
+      <keyPairs/>
+      <preSharedKeys/>
+    </IPsec>
+    <Interfaces>
+      <vxlans version="1.0.1"/>
+      <loopbacks version="1.0.0"/>
+    </Interfaces>
+    <monit version="1.0.12">
+      <general>
+        <enabled>0</enabled>
+        <interval>120</interval>
+        <startdelay>120</startdelay>
+        <mailserver>127.0.0.1</mailserver>
+        <port>25</port>
+        <username/>
+        <password/>
+        <ssl>0</ssl>
+        <sslversion>auto</sslversion>
+        <sslverify>1</sslverify>
+        <logfile>syslog facility log_daemon</logfile>
+        <statefile/>
+        <eventqueuePath/>
+        <eventqueueSlots/>
+        <httpdEnabled>0</httpdEnabled>
+        <httpdUsername>root</httpdUsername>
+        <httpdPassword>oiujds9889DSIJSDIJSDIjdj</httpdPassword>
+        <httpdPort>2812</httpdPort>
+        <httpdAllow/>
+        <mmonitUrl/>
+        <mmonitTimeout>5</mmonitTimeout>
+        <mmonitRegisterCredentials>1</mmonitRegisterCredentials>
+      </general>
+      <alert uuid="d307f1df-e759-4262-a4cd-7b9673f0ad36">
+        <enabled>0</enabled>
+        <recipient>root@localhost.local</recipient>
+        <noton>0</noton>
+        <events/>
+        <format/>
+        <reminder>10</reminder>
+        <description/>
+      </alert>
+      <service uuid="9f01617b-08c1-487d-9c8a-fa1340add37e">
+        <enabled>1</enabled>
+        <name>$HOST</name>
+        <description/>
+        <type>system</type>
+        <pidfile/>
+        <match/>
+        <path/>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>da6083fd-852c-44af-9ae7-8c9de443bbc9,4f18b847-c2ab-4707-9686-bf656e187ab8,62ea6632-3554-43be-bb0b-ceceab685338,f543f50a-4e52-4afd-85ce-95fe6d61dc54</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <service uuid="fdd1efff-35c7-4e05-8832-1465e3ae1eda">
+        <enabled>1</enabled>
+        <name>RootFs</name>
+        <description/>
+        <type>filesystem</type>
+        <pidfile/>
+        <match/>
+        <path>/</path>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>58896875-13d3-41ad-bed5-d610e0197d37</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <service uuid="607065a3-85aa-4835-9614-a30a3b0b8926">
+        <enabled>0</enabled>
+        <name>carp_status_change</name>
+        <description/>
+        <type>custom</type>
+        <pidfile/>
+        <match/>
+        <path>/usr/local/opnsense/scripts/OPNsense/Monit/carp_status</path>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>78d20574-60b0-4e63-b6d2-0248e7570293</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <service uuid="bb83174b-fa44-4fca-94bf-16378cde993b">
+        <enabled>0</enabled>
+        <name>gateway_alert</name>
+        <description/>
+        <type>custom</type>
+        <pidfile/>
+        <match/>
+        <path>/usr/local/opnsense/scripts/OPNsense/Monit/gateway_alert</path>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>572a5691-1ea7-4191-be24-d7399845a75b</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <test uuid="93365006-3a70-4d80-bab8-72fb9214a51b">
+        <name>Ping</name>
+        <type>NetworkPing</type>
+        <condition>failed ping</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="48a4ae66-c879-40fe-a554-0f354ee67770">
+        <name>NetworkLink</name>
+        <type>NetworkInterface</type>
+        <condition>failed link</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="5e0e64a3-1147-4055-a39e-56bd95954474">
+        <name>NetworkSaturation</name>
+        <type>NetworkInterface</type>
+        <condition>saturation is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="da6083fd-852c-44af-9ae7-8c9de443bbc9">
+        <name>MemoryUsage</name>
+        <type>SystemResource</type>
+        <condition>memory usage is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="4f18b847-c2ab-4707-9686-bf656e187ab8">
+        <name>CPUUsage</name>
+        <type>SystemResource</type>
+        <condition>cpu usage is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="62ea6632-3554-43be-bb0b-ceceab685338">
+        <name>LoadAvg1</name>
+        <type>SystemResource</type>
+        <condition>loadavg (1min) is greater than 4</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="f543f50a-4e52-4afd-85ce-95fe6d61dc54">
+        <name>LoadAvg5</name>
+        <type>SystemResource</type>
+        <condition>loadavg (5min) is greater than 3</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="d5969239-ebc2-4450-a858-a24febd5f8b9">
+        <name>LoadAvg15</name>
+        <type>SystemResource</type>
+        <condition>loadavg (15min) is greater than 2</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="58896875-13d3-41ad-bed5-d610e0197d37">
+        <name>SpaceUsage</name>
+        <type>SpaceUsage</type>
+        <condition>space usage is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="78d20574-60b0-4e63-b6d2-0248e7570293">
+        <name>ChangedStatus</name>
+        <type>ProgramStatus</type>
+        <condition>changed status</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="572a5691-1ea7-4191-be24-d7399845a75b">
+        <name>NonZeroStatus</name>
+        <type>ProgramStatus</type>
+        <condition>status != 0</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+    </monit>
+    <OpenVPNExport version="0.0.1">
+      <servers/>
+    </OpenVPNExport>
+    <proxy version="1.0.6">
+      <general>
+        <enabled>0</enabled>
+        <error_pages>opnsense</error_pages>
+        <icpPort/>
+        <logging>
+          <enable>
+            <accessLog>1</accessLog>
+            <storeLog>1</storeLog>
+          </enable>
+          <ignoreLogACL/>
+          <target/>
+        </logging>
+        <alternateDNSservers/>
+        <dnsV4First>0</dnsV4First>
+        <forwardedForHandling>on</forwardedForHandling>
+        <uriWhitespaceHandling>strip</uriWhitespaceHandling>
+        <enablePinger>1</enablePinger>
+        <useViaHeader>1</useViaHeader>
+        <suppressVersion>0</suppressVersion>
+        <connecttimeout/>
+        <VisibleEmail>admin@localhost.local</VisibleEmail>
+        <VisibleHostname/>
+        <cache>
+          <local>
+            <enabled>0</enabled>
+            <directory>/var/squid/cache</directory>
+            <cache_mem>256</cache_mem>
+            <maximum_object_size/>
+            <maximum_object_size_in_memory/>
+            <memory_cache_mode>always</memory_cache_mode>
+            <size>100</size>
+            <l1>16</l1>
+            <l2>256</l2>
+            <cache_linux_packages>0</cache_linux_packages>
+            <cache_windows_updates>0</cache_windows_updates>
+          </local>
+        </cache>
+        <traffic>
+          <enabled>0</enabled>
+          <maxDownloadSize>2048</maxDownloadSize>
+          <maxUploadSize>1024</maxUploadSize>
+          <OverallBandwidthTrotteling>1024</OverallBandwidthTrotteling>
+          <perHostTrotteling>256</perHostTrotteling>
+        </traffic>
+        <parentproxy>
+          <enabled>0</enabled>
+          <host/>
+          <enableauth>0</enableauth>
+          <user>username</user>
+          <password>password</password>
+          <port/>
+          <localdomains/>
+          <localips/>
+        </parentproxy>
+      </general>
+      <forward>
+        <interfaces>lan</interfaces>
+        <port>3128</port>
+        <sslbumpport>3129</sslbumpport>
+        <sslbump>0</sslbump>
+        <sslurlonly>0</sslurlonly>
+        <sslcertificate/>
+        <sslnobumpsites/>
+        <ssl_crtd_storage_max_size>4</ssl_crtd_storage_max_size>
+        <sslcrtd_children>5</sslcrtd_children>
+        <snmp_enable>0</snmp_enable>
+        <snmp_port>3401</snmp_port>
+        <snmp_password>public</snmp_password>
+        <ftpInterfaces/>
+        <ftpPort>2121</ftpPort>
+        <ftpTransparentMode>0</ftpTransparentMode>
+        <addACLforInterfaceSubnets>1</addACLforInterfaceSubnets>
+        <transparentMode>0</transparentMode>
+        <acl>
+          <allowedSubnets/>
+          <unrestricted/>
+          <bannedHosts/>
+          <whiteList/>
+          <blackList/>
+          <browser/>
+          <mimeType/>
+          <googleapps/>
+          <youtube/>
+          <safePorts>80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http</safePorts>
+          <sslPorts>443:https</sslPorts>
+          <remoteACLs>
+            <blacklists/>
+            <UpdateCron/>
+          </remoteACLs>
+        </acl>
+        <icap>
+          <enable>0</enable>
+          <RequestURL>icap://[::1]:1344/avscan</RequestURL>
+          <ResponseURL>icap://[::1]:1344/avscan</ResponseURL>
+          <SendClientIP>1</SendClientIP>
+          <SendUsername>0</SendUsername>
+          <EncodeUsername>0</EncodeUsername>
+          <UsernameHeader>X-Username</UsernameHeader>
+          <EnablePreview>1</EnablePreview>
+          <PreviewSize>1024</PreviewSize>
+          <OptionsTTL>60</OptionsTTL>
+          <exclude/>
+        </icap>
+        <authentication>
+          <method/>
+          <authEnforceGroup/>
+          <realm>OPNsense proxy authentication</realm>
+          <credentialsttl>2</credentialsttl>
+          <children>5</children>
+        </authentication>
+      </forward>
+      <pac/>
+      <error_pages>
+        <template/>
+      </error_pages>
+    </proxy>
+    <Syslog version="1.0.1">
+      <general>
+        <enabled>1</enabled>
+      </general>
+      <destinations/>
+    </Syslog>
+    <TrafficShaper version="1.0.3">
+      <pipes/>
+      <queues/>
+      <rules/>
+    </TrafficShaper>
+    <unboundplus version="1.0.8">
+      <general>
+        <enabled>1</enabled>
+        <port>53</port>
+        <stats/>
+        <active_interface/>
+        <dnssec/>
+        <dns64/>
+        <dns64prefix/>
+        <noarecords/>
+        <regdhcp>1</regdhcp>
+        <regdhcpdomain/>
+        <regdhcpstatic>1</regdhcpstatic>
+        <noreglladdr6/>
+        <noregrecords/>
+        <txtsupport/>
+        <cacheflush/>
+        <local_zone_type>transparent</local_zone_type>
+        <outgoing_interface/>
+        <enable_wpad/>
+      </general>
+      <advanced>
+        <hideidentity>0</hideidentity>
+        <hideversion>0</hideversion>
+        <prefetch>0</prefetch>
+        <prefetchkey>0</prefetchkey>
+        <dnssecstripped>0</dnssecstripped>
+        <serveexpired>0</serveexpired>
+        <serveexpiredreplyttl/>
+        <serveexpiredttl/>
+        <serveexpiredttlreset>0</serveexpiredttlreset>
+        <serveexpiredclienttimeout/>
+        <qnameminstrict>0</qnameminstrict>
+        <extendedstatistics>0</extendedstatistics>
+        <logqueries>0</logqueries>
+        <logreplies>0</logreplies>
+        <logtagqueryreply>0</logtagqueryreply>
+        <logservfail/>
+        <loglocalactions/>
+        <logverbosity>1</logverbosity>
+        <valloglevel>0</valloglevel>
+        <privatedomain/>
+        <privateaddress>0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10</privateaddress>
+        <insecuredomain/>
+        <msgcachesize/>
+        <rrsetcachesize/>
+        <outgoingnumtcp/>
+        <incomingnumtcp/>
+        <numqueriesperthread/>
+        <outgoingrange/>
+        <jostletimeout/>
+        <cachemaxttl/>
+        <cachemaxnegativettl/>
+        <cacheminttl/>
+        <infrahostttl/>
+        <infrakeepprobing/>
+        <infracachenumhosts/>
+        <unwantedreplythreshold/>
+      </advanced>
+      <acls>
+        <default_action>allow</default_action>
+      </acls>
+      <dnsbl>
+        <enabled>0</enabled>
+        <safesearch/>
+        <type/>
+        <lists/>
+        <whitelists/>
+        <blocklists/>
+        <wildcards/>
+        <address/>
+        <nxdomain>0</nxdomain>
+      </dnsbl>
+      <forwarding>
+        <enabled>0</enabled>
+      </forwarding>
+      <dots/>
+      <hosts>
+        <host uuid="a681fc39-70fa-4cf1-9331-79f5cbf9048f">
+          <enabled>1</enabled>
+          <hostname>api</hostname>
+          <domain>someapp.yourdomain.local.mcd</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <server>192.168.20.161</server>
+          <description>Some app local</description>
+        </host>
+        <host uuid="dd593e95-02bc-476f-8610-fa1ee454e950">
+          <enabled>1</enabled>
+          <hostname>api-int</hostname>
+          <domain>someapp.yourdomain.local.mcd</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <server>192.168.20.161</server>
+          <description>Some app local</description>
+        </host>
+        <host uuid="e1606f96-dd38-471f-a3d7-ad25e41e810d">
+          <enabled>1</enabled>
+          <hostname>*</hostname>
+          <domain>someapp.yourdomain.local.mcd</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <server>192.168.20.161</server>
+          <description>Some app local</description>
+        </host>
+      </hosts>
+      <aliases/>
+      <domains/>
+    </unboundplus>
+    <wireguard>
+      <general version="0.0.1">
+        <enabled>1</enabled>
+      </general>
+      <server version="0.0.4">
+        <servers>
+          <server uuid="3ec7bf83-b3b7-4fba-b4f2-a96dafbfb162">
+            <enabled>1</enabled>
+            <name>publicwg</name>
+            <instance>0</instance>
+            <pubkey>89udsjiuod109jadsSUIDSAUIduhashuiauas/asdkj=</pubkey>
+            <privkey>eH555555555555555+892jdjiodsjiodsoijsdjiodj=</privkey>
+            <port>51820</port>
+            <mtu/>
+            <dns/>
+            <tunneladdress>172.12.0.1/24</tunneladdress>
+            <disableroutes>0</disableroutes>
+            <gateway/>
+            <carp_depend_on/>
+            <peers>03031aec-2e84-462e-9eab-57762dde667a,98e6ca3d-1de9-449b-be80-77022221b509,67c0ace5-e802-4d2b-a536-f8b7a2db6f99,74b60fff-7844-4097-9966-f1c2b1ad29ff,3de82ad5-bc1b-4b91-9598-f906e58ac937,a95e6b5e-24a4-40b5-bb41-b79e784f6f1c,6c9a12c6-c1ca-4c14-866b-975406a30590,c33b308b-7125-4688-9561-989ace8787b5,e43f004a-23bf-4027-8fb0-953fbb40479f</peers>
+          </server>
+        </servers>
+      </server>
+      <client version="0.0.7">
+        <clients>
+          <client uuid="98e6ca3d-1de9-449b-be80-77022221b509">
+            <enabled>1</enabled>
+            <name>some-laptop</name>
+            <pubkey>95555555555555555555555555555FN2aCHemL3RjA8=</pubkey>
+            <psk/>
+            <tunneladdress>172.12.0.8/32</tunneladdress>
+            <serveraddress/>
+            <serverport/>
+            <keepalive/>
+          </client>
+          <client uuid="74b60fff-7844-4097-9966-f1c2b1ad29ff">
+            <enabled>1</enabled>
+            <name>user2</name>
+            <pubkey>pJ555555555555555555xiUxuJof78XXugx1KUrrYg8=</pubkey>
+            <psk/>
+            <tunneladdress>172.12.0.6/32</tunneladdress>
+            <serveraddress/>
+            <serverport/>
+            <keepalive/>
+          </client>
+          <client uuid="67c0ace5-e802-4d2b-a536-f8b7a2db6f99">
+            <enabled>1</enabled>
+            <name>some-phone</name>
+            <pubkey>SLQXdM/555555555555555555MWhR2WSEkaSXh1ZpXU=</pubkey>
+            <psk/>
+            <tunneladdress>172.12.0.9/32</tunneladdress>
+            <serveraddress/>
+            <serverport/>
+            <keepalive/>
+          </client>
+          <client uuid="03031aec-2e84-462e-9eab-57762dde667a">
+            <enabled>1</enabled>
+            <name>some-thinkbook</name>
+            <pubkey>UNmdEn4555555555555555555555OMD+/lW+5o//oBo=</pubkey>
+            <psk/>
+            <tunneladdress>172.12.0.10/32</tunneladdress>
+            <serveraddress/>
+            <serverport/>
+            <keepalive/>
+          </client>
+          <client uuid="3de82ad5-bc1b-4b91-9598-f906e58ac937">
+            <enabled>1</enabled>
+            <name>some-laptop</name>
+            <pubkey>hZr10vTTN555555555555555555555555555555JC0I=</pubkey>
+            <psk/>
+            <tunneladdress>172.12.0.11/32</tunneladdress>
+            <serveraddress/>
+            <serverport/>
+            <keepalive/>
+          </client>
+          <client uuid="a95e6b5e-24a4-40b5-bb41-b79e784f6f1c">
+            <enabled>1</enabled>
+            <name>some3-laptop</name>
+            <pubkey>4z5555555555555555555555555555555wB07/uTUHg=</pubkey>
+            <psk/>
+            <tunneladdress>172.12.0.12/32</tunneladdress>
+            <serveraddress/>
+            <serverport/>
+            <keepalive/>
+          </client>
+          <client uuid="6c9a12c6-c1ca-4c14-866b-975406a30590">
+            <enabled>1</enabled>
+            <name>some5-desktop</name>
+            <pubkey>8x55555555555555555555555555555555557zbKxWg=</pubkey>
+            <psk/>
+            <tunneladdress>172.12.0.13/32</tunneladdress>
+            <serveraddress/>
+            <serverport/>
+            <keepalive/>
+          </client>
+          <client uuid="c33b308b-7125-4688-9561-989ace8787b5">
+            <enabled>1</enabled>
+            <name>some6-workstation</name>
+            <pubkey>jXVbbK55555555555555555555555555555555BGjnw=</pubkey>
+            <psk/>
+            <tunneladdress>172.12.0.14/32</tunneladdress>
+            <serveraddress/>
+            <serverport/>
+            <keepalive/>
+          </client>
+          <client uuid="e43f004a-23bf-4027-8fb0-953fbb40479f">
+            <enabled>1</enabled>
+            <name>some8-desktop</name>
+            <pubkey>Isax3S555555555555555555555555557PiLqv/7iGY=</pubkey>
+            <psk/>
+            <tunneladdress>172.12.0.15/32</tunneladdress>
+            <serveraddress/>
+            <serverport/>
+            <keepalive/>
+          </client>
+        </clients>
+      </client>
+    </wireguard>
+    <Swanctl version="1.0.0">
+      <Connections/>
+      <locals/>
+      <remotes/>
+      <children/>
+      <Pools/>
+      <VTIs/>
+      <SPDs/>
+    </Swanctl>
+    <DynDNS version="1.5.1">
+      <general>
+        <enabled>1</enabled>
+        <verbose>0</verbose>
+        <allowipv6>0</allowipv6>
+        <daemon_delay>300</daemon_delay>
+        <backend>ddclient</backend>
+      </general>
+      <accounts>
+        <account uuid="5be8a905-3cde-4e34-b16c-e53623146c95">
+          <enabled>1</enabled>
+          <service>someddnsprovider</service>
+          <protocol/>
+          <server/>
+          <username>someusername.com</username>
+          <password>55555555555555555555555555555dsi</password>
+          <resourceId/>
+          <hostnames>yourpublic.host.com</hostnames>
+          <wildcard>0</wildcard>
+          <zone/>
+          <checkip>if</checkip>
+          <checkip_timeout>10</checkip_timeout>
+          <force_ssl>1</force_ssl>
+          <ttl>300</ttl>
+          <interface>wan</interface>
+          <description>yourpublic.host.com</description>
+        </account>
+      </accounts>
+    </DynDNS>
+    <OpenVPN version="1.0.0">
+      <Overwrites/>
+      <Instances/>
+      <StaticKeys/>
+    </OpenVPN>
+    <Gateways version="0.0.1"/>
+    <HAProxy version="4.0.0">
+      <general>
+        <enabled>1</enabled>
+        <gracefulStop>0</gracefulStop>
+        <hardStopAfter>60s</hardStopAfter>
+        <closeSpreadTime/>
+        <seamlessReload>0</seamlessReload>
+        <storeOcsp>0</storeOcsp>
+        <showIntro>1</showIntro>
+        <peers>
+          <enabled>0</enabled>
+          <name1/>
+          <listen1/>
+          <port1>1024</port1>
+          <name2/>
+          <listen2/>
+          <port2>1024</port2>
+        </peers>
+        <tuning>
+          <root>0</root>
+          <maxConnections/>
+          <nbthread>1</nbthread>
+          <sslServerVerify>ignore</sslServerVerify>
+          <maxDHSize>2048</maxDHSize>
+          <bufferSize>16384</bufferSize>
+          <spreadChecks>2</spreadChecks>
+          <bogusProxyEnabled>0</bogusProxyEnabled>
+          <luaMaxMem>0</luaMaxMem>
+          <customOptions/>
+          <ssl_defaultsEnabled>0</ssl_defaultsEnabled>
+          <ssl_bindOptions>prefer-client-ciphers</ssl_bindOptions>
+          <ssl_minVersion>TLSv1.2</ssl_minVersion>
+          <ssl_maxVersion/>
+          <ssl_cipherList>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256</ssl_cipherList>
+          <ssl_cipherSuites>TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256</ssl_cipherSuites>
+        </tuning>
+        <defaults>
+          <maxConnections/>
+          <maxConnectionsServers/>
+          <timeoutClient>30s</timeoutClient>
+          <timeoutConnect>30s</timeoutConnect>
+          <timeoutCheck/>
+          <timeoutServer>30s</timeoutServer>
+          <retries>3</retries>
+          <redispatch>x-1</redispatch>
+          <init_addr>last,libc</init_addr>
+          <customOptions/>
+        </defaults>
+        <logging>
+          <host>127.0.0.1</host>
+          <facility>local0</facility>
+          <level>info</level>
+          <length/>
+        </logging>
+        <stats>
+          <enabled>0</enabled>
+          <port>8822</port>
+          <remoteEnabled>0</remoteEnabled>
+          <remoteBind/>
+          <authEnabled>0</authEnabled>
+          <users/>
+          <allowedUsers/>
+          <allowedGroups/>
+          <customOptions/>
+          <prometheus_enabled>0</prometheus_enabled>
+          <prometheus_bind>*:8404</prometheus_bind>
+          <prometheus_path>/metrics</prometheus_path>
+        </stats>
+        <cache>
+          <enabled>0</enabled>
+          <totalMaxSize>4</totalMaxSize>
+          <maxAge>60</maxAge>
+          <maxObjectSize/>
+          <processVary>0</processVary>
+          <maxSecondaryEntries>10</maxSecondaryEntries>
+        </cache>
+      </general>
+      <frontends>
+        <frontend uuid="379ce7bf-4df6-4b12-8aee-a32cff084d92">
+          <id>6707fe74642f67.52019899</id>
+          <enabled>1</enabled>
+          <name>some-ingress</name>
+          <description>public service redirecting traffic</description>
+          <bind>192.168.20.55:55555</bind>
+          <bindOptions/>
+          <mode>tcp</mode>
+          <defaultBackend>f0c76bef-8623-4fa8-a992-61f83d504b87</defaultBackend>
+          <ssl_enabled>0</ssl_enabled>
+          <ssl_certificates/>
+          <ssl_default_certificate/>
+          <ssl_customOptions/>
+          <ssl_advancedEnabled>0</ssl_advancedEnabled>
+          <ssl_bindOptions>prefer-client-ciphers</ssl_bindOptions>
+          <ssl_minVersion>TLSv1.2</ssl_minVersion>
+          <ssl_maxVersion/>
+          <ssl_cipherList>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256</ssl_cipherList>
+          <ssl_cipherSuites>TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256</ssl_cipherSuites>
+          <ssl_hstsEnabled>1</ssl_hstsEnabled>
+          <ssl_hstsIncludeSubDomains>0</ssl_hstsIncludeSubDomains>
+          <ssl_hstsPreload>0</ssl_hstsPreload>
+          <ssl_hstsMaxAge>15768000</ssl_hstsMaxAge>
+          <ssl_clientAuthEnabled>0</ssl_clientAuthEnabled>
+          <ssl_clientAuthVerify>required</ssl_clientAuthVerify>
+          <ssl_clientAuthCAs/>
+          <ssl_clientAuthCRLs/>
+          <basicAuthEnabled>0</basicAuthEnabled>
+          <basicAuthUsers/>
+          <basicAuthGroups/>
+          <tuning_maxConnections/>
+          <tuning_timeoutClient/>
+          <tuning_timeoutHttpReq/>
+          <tuning_timeoutHttpKeepAlive/>
+          <linkedCpuAffinityRules/>
+          <tuning_shards/>
+          <logging_dontLogNull>0</logging_dontLogNull>
+          <logging_dontLogNormal>0</logging_dontLogNormal>
+          <logging_logSeparateErrors>0</logging_logSeparateErrors>
+          <logging_detailedLog>0</logging_detailedLog>
+          <logging_socketStats>0</logging_socketStats>
+          <stickiness_pattern/>
+          <stickiness_dataTypes/>
+          <stickiness_expire>30m</stickiness_expire>
+          <stickiness_size>50k</stickiness_size>
+          <stickiness_counter>1</stickiness_counter>
+          <stickiness_counter_key>src</stickiness_counter_key>
+          <stickiness_length/>
+          <stickiness_connRatePeriod>10s</stickiness_connRatePeriod>
+          <stickiness_sessRatePeriod>10s</stickiness_sessRatePeriod>
+          <stickiness_httpReqRatePeriod>10s</stickiness_httpReqRatePeriod>
+          <stickiness_httpErrRatePeriod>10s</stickiness_httpErrRatePeriod>
+          <stickiness_bytesInRatePeriod>1m</stickiness_bytesInRatePeriod>
+          <stickiness_bytesOutRatePeriod>1m</stickiness_bytesOutRatePeriod>
+          <http2Enabled>0</http2Enabled>
+          <http2Enabled_nontls>0</http2Enabled_nontls>
+          <advertised_protocols>h2,http11</advertised_protocols>
+          <forwardFor>0</forwardFor>
+          <prometheus_enabled>0</prometheus_enabled>
+          <prometheus_path>/metrics</prometheus_path>
+          <connectionBehaviour>http-keep-alive</connectionBehaviour>
+          <customOptions/>
+          <linkedActions/>
+          <linkedErrorfiles/>
+        </frontend>
+        <frontend uuid="e5cdd687-92a0-46a1-93c0-7b26431fea92">
+          <id>670979396dea69.72299427</id>
+          <enabled>0</enabled>
+          <name>another-ingress</name>
+          <description>public service redirecting traffic with non descriptive description</description>
+          <bind>192.168.20.1:55555</bind>
+          <bindOptions/>
+          <mode>tcp</mode>
+          <defaultBackend>f0c76bef-8623-4fa8-a992-61f83d504b87</defaultBackend>
+          <ssl_enabled>0</ssl_enabled>
+          <ssl_certificates/>
+          <ssl_default_certificate/>
+          <ssl_customOptions/>
+          <ssl_advancedEnabled>0</ssl_advancedEnabled>
+          <ssl_bindOptions>prefer-client-ciphers</ssl_bindOptions>
+          <ssl_minVersion>TLSv1.2</ssl_minVersion>
+          <ssl_maxVersion/>
+          <ssl_cipherList>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256</ssl_cipherList>
+          <ssl_cipherSuites>TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256</ssl_cipherSuites>
+          <ssl_hstsEnabled>1</ssl_hstsEnabled>
+          <ssl_hstsIncludeSubDomains>0</ssl_hstsIncludeSubDomains>
+          <ssl_hstsPreload>0</ssl_hstsPreload>
+          <ssl_hstsMaxAge>15768000</ssl_hstsMaxAge>
+          <ssl_clientAuthEnabled>0</ssl_clientAuthEnabled>
+          <ssl_clientAuthVerify>required</ssl_clientAuthVerify>
+          <ssl_clientAuthCAs/>
+          <ssl_clientAuthCRLs/>
+          <basicAuthEnabled>0</basicAuthEnabled>
+          <basicAuthUsers/>
+          <basicAuthGroups/>
+          <tuning_maxConnections/>
+          <tuning_timeoutClient/>
+          <tuning_timeoutHttpReq/>
+          <tuning_timeoutHttpKeepAlive/>
+          <linkedCpuAffinityRules/>
+          <tuning_shards/>
+          <logging_dontLogNull>0</logging_dontLogNull>
+          <logging_dontLogNormal>0</logging_dontLogNormal>
+          <logging_logSeparateErrors>0</logging_logSeparateErrors>
+          <logging_detailedLog>0</logging_detailedLog>
+          <logging_socketStats>0</logging_socketStats>
+          <stickiness_pattern/>
+          <stickiness_dataTypes/>
+          <stickiness_expire>30m</stickiness_expire>
+          <stickiness_size>50k</stickiness_size>
+          <stickiness_counter>1</stickiness_counter>
+          <stickiness_counter_key>src</stickiness_counter_key>
+          <stickiness_length/>
+          <stickiness_connRatePeriod>10s</stickiness_connRatePeriod>
+          <stickiness_sessRatePeriod>10s</stickiness_sessRatePeriod>
+          <stickiness_httpReqRatePeriod>10s</stickiness_httpReqRatePeriod>
+          <stickiness_httpErrRatePeriod>10s</stickiness_httpErrRatePeriod>
+          <stickiness_bytesInRatePeriod>1m</stickiness_bytesInRatePeriod>
+          <stickiness_bytesOutRatePeriod>1m</stickiness_bytesOutRatePeriod>
+          <http2Enabled>0</http2Enabled>
+          <http2Enabled_nontls>0</http2Enabled_nontls>
+          <advertised_protocols>h2,http11</advertised_protocols>
+          <forwardFor>0</forwardFor>
+          <prometheus_enabled>0</prometheus_enabled>
+          <prometheus_path>/metrics</prometheus_path>
+          <connectionBehaviour>http-keep-alive</connectionBehaviour>
+          <customOptions/>
+          <linkedActions/>
+          <linkedErrorfiles/>
+        </frontend>
+      </frontends>
+      <backends>
+        <backend uuid="f0c76bef-8623-4fa8-a992-61f83d504b87">
+          <id>6707fa71c3cb99.64451664</id>
+          <enabled>1</enabled>
+          <name>some_servers</name>
+          <description/>
+          <mode>tcp</mode>
+          <algorithm>roundrobin</algorithm>
+          <random_draws>2</random_draws>
+          <proxyProtocol/>
+          <linkedServers>c0364e69-459d-48b2-a1d1-808324fea9cb,187d8b79-4376-45fc-9fd7-476074a7a577</linkedServers>
+          <linkedFcgi/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <source/>
+          <healthCheckEnabled>1</healthCheckEnabled>
+          <healthCheck>5110db0c-afa9-4bad-bbbe-5bbeb52262bb</healthCheck>
+          <healthCheckLogStatus>0</healthCheckLogStatus>
+          <checkInterval/>
+          <checkDownInterval/>
+          <healthCheckFall/>
+          <healthCheckRise/>
+          <linkedMailer/>
+          <http2Enabled>0</http2Enabled>
+          <http2Enabled_nontls>0</http2Enabled_nontls>
+          <ba_advertised_protocols>h2,http11</ba_advertised_protocols>
+          <persistence>sticktable</persistence>
+          <persistence_cookiemode>piggyback</persistence_cookiemode>
+          <persistence_cookiename>SRVCOOKIE</persistence_cookiename>
+          <persistence_stripquotes>1</persistence_stripquotes>
+          <stickiness_pattern>sourceipv4</stickiness_pattern>
+          <stickiness_dataTypes/>
+          <stickiness_expire>30m</stickiness_expire>
+          <stickiness_size>50k</stickiness_size>
+          <stickiness_cookiename/>
+          <stickiness_cookielength/>
+          <stickiness_connRatePeriod>10s</stickiness_connRatePeriod>
+          <stickiness_sessRatePeriod>10s</stickiness_sessRatePeriod>
+          <stickiness_httpReqRatePeriod>10s</stickiness_httpReqRatePeriod>
+          <stickiness_httpErrRatePeriod>10s</stickiness_httpErrRatePeriod>
+          <stickiness_bytesInRatePeriod>1m</stickiness_bytesInRatePeriod>
+          <stickiness_bytesOutRatePeriod>1m</stickiness_bytesOutRatePeriod>
+          <basicAuthEnabled>0</basicAuthEnabled>
+          <basicAuthUsers/>
+          <basicAuthGroups/>
+          <tuning_timeoutConnect/>
+          <tuning_timeoutCheck/>
+          <tuning_timeoutServer/>
+          <tuning_retries/>
+          <customOptions/>
+          <tuning_defaultserver/>
+          <tuning_noport>0</tuning_noport>
+          <tuning_httpreuse>safe</tuning_httpreuse>
+          <tuning_caching>0</tuning_caching>
+          <linkedActions/>
+          <linkedErrorfiles/>
+        </backend>
+      </backends>
+      <servers>
+        <server uuid="c0364e69-459d-48b2-a1d1-808324fea9cb">
+          <id>6707f9a980b271.59222580</id>
+          <enabled>1</enabled>
+          <name>server1</name>
+          <description>server running on host</description>
+          <address>192.168.20.55</address>
+          <port>55555</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol>unspecified</multiplexer_protocol>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>1</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <weight>33</weight>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+        <server uuid="187d8b79-4376-45fc-9fd7-476074a7a577">
+          <id>6707faa46d5f57.14318783</id>
+          <enabled>1</enabled>
+          <name>server2</name>
+          <description>server running something</description>
+          <address>192.168.20.155</address>
+          <port>55555</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol>unspecified</multiplexer_protocol>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>1</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <weight>67</weight>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+      </servers>
+      <healthchecks>
+        <healthcheck uuid="5110db0c-afa9-4bad-bbbe-5bbeb52262bb">
+          <name>server-loadbalancer-monitor</name>
+          <description/>
+          <type>tcp</type>
+          <interval>2s</interval>
+          <ssl>nopref</ssl>
+          <sslSNI/>
+          <force_ssl>0</force_ssl>
+          <checkport/>
+          <http_method>options</http_method>
+          <http_uri>/</http_uri>
+          <http_version>http10</http_version>
+          <http_host>localhost</http_host>
+          <http_expressionEnabled>0</http_expressionEnabled>
+          <http_expression/>
+          <http_negate>0</http_negate>
+          <http_value/>
+          <tcp_enabled>0</tcp_enabled>
+          <tcp_sendValue/>
+          <tcp_matchType>string</tcp_matchType>
+          <tcp_negate>0</tcp_negate>
+          <tcp_matchValue/>
+          <agent_port/>
+          <mysql_user/>
+          <mysql_post41>0</mysql_post41>
+          <pgsql_user/>
+          <smtp_domain/>
+          <esmtp_domain/>
+          <agentPort/>
+          <dbUser/>
+          <smtpDomain/>
+        </healthcheck>
+      </healthchecks>
+      <acls/>
+      <actions/>
+      <luas/>
+      <fcgis/>
+      <errorfiles/>
+      <mapfiles/>
+      <groups/>
+      <users/>
+      <cpus/>
+      <resolvers/>
+      <mailers/>
+      <maintenance>
+        <cronjobs>
+          <syncCerts>0</syncCerts>
+          <syncCertsCron/>
+          <updateOcsp>0</updateOcsp>
+          <updateOcspCron/>
+          <reloadService>0</reloadService>
+          <reloadServiceCron/>
+          <restartService>0</restartService>
+          <restartServiceCron/>
+        </cronjobs>
+      </maintenance>
+    </HAProxy>
+  </OPNsense>
+  <staticroutes version="1.0.0">
+    <route/>
+  </staticroutes>
+  <ca/>
+  <gateways>
+    <gateway_item/>
+  </gateways>
+  <cert>
+    <refid>6155aba4c9375</refid>
+    <descr>Web GUI TLS certificate</descr>
+    <crt>LS0tLS1CRUdJ5555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555550tLS0tCg==</crt>
+    <prv>LS5555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555p098uasdiuo1ud98SIKIUDHJASkjhd98qwyduihqwkjd1092uduo9sjdhIUHSDAIUHASDIUhasd98y1iuhd1iuhdaskjhdKJSADHKJSAHd/iuhasiduhSD/asdiuahsdiuhasduih198d89__(*saudyiuh19d98audiuhasdujikhaskdjhKJSADHKJASD///ASudihAUShdiuHASdui198yd9282u1ihd2222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222o=</prv>
+  </cert>
+  <dhcpdv6/>
+  <virtualip version="1.0.0">
+    <vip uuid="756c3b4a-f61a-4406-8776-383bc429a5b3">
+      <interface>wan</interface>
+      <mode>ipalias</mode>
+      <subnet>192.168.20.155</subnet>
+      <subnet_bits>32</subnet_bits>
+      <gateway>10.11.16.17</gateway>
+      <noexpand>0</noexpand>
+      <nobind>0</nobind>
+      <password/>
+      <vhid/>
+      <advbase>1</advbase>
+      <advskew>0</advskew>
+      <descr>virtual ip for service</descr>
+    </vip>
+  </virtualip>
+  <openvpn>
+    <openvpn-server/>
+    <openvpn-client/>
+  </openvpn>
+  <ppps>
+    <ppp>
+      <ptpid>0</ptpid>
+      <type>pppoe</type>
+      <if>pppoe0</if>
+      <ports>em0</ports>
+      <username>someuser@ppoeserver.com</username>
+      <password>5555555555AyNA==</password>
+    </ppp>
+  </ppps>
+  <dyndnses>
+    <dyndns>
+      <type>someddnsprovider</type>
+      <username/>
+      <password>5555555555ee479874398u1298e98u18</password>
+      <host>yourpublic.host.com</host>
+      <mx/>
+      <interface>wan</interface>
+      <zoneid/>
+      <resourceid/>
+      <ttl/>
+      <updateurl/>
+      <resultmatch/>
+      <requestif>wan</requestif>
+      <descr/>
+      <id>0</id>
+    </dyndns>
+  </dyndnses>
+  <vlans version="1.0.0">
+    <vlan/>
+  </vlans>
+  <bridges>
+    <bridged/>
+  </bridges>
+  <gifs>
+    <gif/>
+  </gifs>
+  <gres>
+    <gre/>
+  </gres>
+  <laggs version="1.0.0"/>
+  <wireless>
+    <clone/>
+  </wireless>
+  <hasync>
+    <synchronizealiases>on</synchronizealiases>
+    <synchronizeauthservers>on</synchronizeauthservers>
+    <synchronizecerts>on</synchronizecerts>
+    <synchronizedhcpd>on</synchronizedhcpd>
+    <synchronizenat>on</synchronizenat>
+    <synchronizerules>on</synchronizerules>
+    <synchronizeschedules>on</synchronizeschedules>
+    <synchronizestaticroutes>on</synchronizestaticroutes>
+    <synchronizeusers>on</synchronizeusers>
+    <synchronizevirtualip>on</synchronizevirtualip>
+    <synchronizewidgets>on</synchronizewidgets>
+    <synchronizedhcrelay>on</synchronizedhcrelay>
+    <synchronizedhcpdv6>on</synchronizedhcpdv6>
+    <synchronizedhcrelay6>on</synchronizedhcrelay6>
+    <synchronizentpd>on</synchronizentpd>
+    <synchronizesyslog>on</synchronizesyslog>
+    <synchronizecron>on</synchronizecron>
+    <synchronizesysctl>on</synchronizesysctl>
+    <synchronizewebgui>on</synchronizewebgui>
+    <synchronizednsforwarder>on</synchronizednsforwarder>
+    <synchronizeshaper>on</synchronizeshaper>
+    <synchronizecaptiveportal>on</synchronizecaptiveportal>
+    <synchronizeipsec>on</synchronizeipsec>
+    <synchronizemonit>on</synchronizemonit>
+    <synchronizessh>on</synchronizessh>
+    <synchronizeopenvpn>on</synchronizeopenvpn>
+    <synchronizeifgroups>on</synchronizeifgroups>
+    <synchronizecategories>on</synchronizecategories>
+    <synchronizelvtemplate>on</synchronizelvtemplate>
+    <synchronizesquid>on</synchronizesquid>
+    <synchronizesuricata>on</synchronizesuricata>
+    <synchronizednsresolver>on</synchronizednsresolver>
+    <pfsyncinterface>opt1</pfsyncinterface>
+    <synchronizetoip>10.10.5.2</synchronizetoip>
+    <username>root</username>
+    <password>555555555</password>
+    <pfsyncenabled>on</pfsyncenabled>
+    <disablepreempt>on</disablepreempt>
+    <disconnectppps>on</disconnectppps>
+  </hasync>
+  <ifgroups version="1.0.0"/>
+</opnsense>

From e0acbf304bf024f2f74803956f1f83b7f2b3fe8b Mon Sep 17 00:00:00 2001
From: Jean-Gabriel Gill-Couture <jeangabriel.gc@gmail.com>
Date: Fri, 18 Oct 2024 00:48:57 -0400
Subject: [PATCH 07/19] wip: Full opnsense deserializer almost done, works on a
 slightly cheated config file, next step is to try the real config file

---
 harmony-rs/Cargo.lock                         |    3 +-
 harmony-rs/opnsense-config/Cargo.toml         |    7 +-
 harmony-rs/opnsense-config/src/config.rs      |    2 +-
 .../src/modules/deserializer/interfaces.rs    |  110 +
 .../src/modules/deserializer/mod.rs           |    3 +
 .../opnsense-config/src/modules/dhcp.rs       |    4 +
 harmony-rs/opnsense-config/src/modules/mod.rs |    1 +
 .../opnsense-config/src/modules/opnsense.rs   | 1948 ++++++++++++++++-
 .../src/tests/data/config-structure.xml       | 1421 ++++++++++++
 9 files changed, 3475 insertions(+), 24 deletions(-)
 create mode 100644 harmony-rs/opnsense-config/src/modules/deserializer/interfaces.rs
 create mode 100644 harmony-rs/opnsense-config/src/modules/deserializer/mod.rs
 create mode 100644 harmony-rs/opnsense-config/src/tests/data/config-structure.xml

diff --git a/harmony-rs/Cargo.lock b/harmony-rs/Cargo.lock
index 6fc9ac4..a115db3 100644
--- a/harmony-rs/Cargo.lock
+++ b/harmony-rs/Cargo.lock
@@ -1240,6 +1240,7 @@ name = "opnsense-config"
 version = "0.1.0"
 dependencies = [
  "async-trait",
+ "env_logger",
  "log",
  "russh",
  "russh-keys",
@@ -2596,7 +2597,6 @@ dependencies = [
 [[package]]
 name = "yaserde"
 version = "0.11.1"
-source = "git+https://git.nationtech.io/NationTech/yaserde#353558737f3ef73e93164c596ff920d4344f30a3"
 dependencies = [
  "log",
  "xml-rs",
@@ -2605,7 +2605,6 @@ dependencies = [
 [[package]]
 name = "yaserde_derive"
 version = "0.11.1"
-source = "git+https://git.nationtech.io/NationTech/yaserde#353558737f3ef73e93164c596ff920d4344f30a3"
 dependencies = [
  "heck",
  "log",
diff --git a/harmony-rs/opnsense-config/Cargo.toml b/harmony-rs/opnsense-config/Cargo.toml
index d79b74e..7f6894d 100644
--- a/harmony-rs/opnsense-config/Cargo.toml
+++ b/harmony-rs/opnsense-config/Cargo.toml
@@ -6,10 +6,13 @@ edition = "2021"
 [dependencies]
 serde = { version = "1.0.123", features = [ "derive" ] }
 log = { workspace = true }
+env_logger = { workspace = true }
 russh = { workspace = true }
 russh-keys = { workspace = true }
-yaserde = { git = "https://git.nationtech.io/NationTech/yaserde" }
-yaserde_derive = { git = "https://git.nationtech.io/NationTech/yaserde" }
+#yaserde = { git = "https://git.nationtech.io/NationTech/yaserde" }
+#yaserde_derive = { git = "https://git.nationtech.io/NationTech/yaserde" }
+yaserde = { path = "../../../../github/yaserde/yaserde" }
+yaserde_derive = { path = "../../../../github/yaserde/yaserde_derive" }
 xml-rs = "0.8"
 thiserror = "1.0"
 async-trait = { workspace = true }
diff --git a/harmony-rs/opnsense-config/src/config.rs b/harmony-rs/opnsense-config/src/config.rs
index 41f2ee3..6d26b65 100644
--- a/harmony-rs/opnsense-config/src/config.rs
+++ b/harmony-rs/opnsense-config/src/config.rs
@@ -176,7 +176,7 @@ mod tests {
     #[tokio::test]
     async fn test_load_config_from_local_file() {
         let mut test_file_path = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
-        test_file_path.push("src/tests/data/config-full-1.xml");
+        test_file_path.push("src/tests/data/config-structure.xml");
 
         let config_file_path = test_file_path.to_str().unwrap().to_string();
         println!("File path {config_file_path}");
diff --git a/harmony-rs/opnsense-config/src/modules/deserializer/interfaces.rs b/harmony-rs/opnsense-config/src/modules/deserializer/interfaces.rs
new file mode 100644
index 0000000..ee20f80
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/modules/deserializer/interfaces.rs
@@ -0,0 +1,110 @@
+use xml::reader::XmlEvent;
+use yaserde::{YaDeserialize, YaSerialize};
+
+use crate::modules::opnsense::{Interface, Interfaces};
+
+impl YaSerialize for Interfaces {
+    fn serialize<W: std::io::Write>(
+        &self,
+        writer: &mut yaserde::ser::Serializer<W>,
+    ) -> Result<(), String> {
+        todo!()
+    }
+
+    fn serialize_attributes(
+        &self,
+        attributes: Vec<xml::attribute::OwnedAttribute>,
+        namespace: xml::namespace::Namespace,
+    ) -> Result<
+        (
+            Vec<xml::attribute::OwnedAttribute>,
+            xml::namespace::Namespace,
+        ),
+        String,
+    > {
+        todo!()
+    }
+}
+
+impl YaDeserialize for Interfaces {
+    fn deserialize<R: std::io::Read>(
+        reader: &mut yaserde::de::Deserializer<R>,
+    ) -> Result<Self, String> {
+        let mut interfaces = Interfaces::default();
+        let mut current_interface_name = String::new();
+        let mut current_interface = Interface::default();
+
+        let mut event = reader.next_event()?;
+        loop {
+            match event {
+                xml::reader::XmlEvent::EndElement { name } => {
+                    println!(
+                        "Handling EndElement {}, current_interface_name: {}",
+                        name.local_name, current_interface_name
+                    );
+                    println!("Peeking after EndElement {:?}", reader.peek()?);
+                    if name.local_name == "interfaces" {
+                        break;
+                    }
+                    todo!("Should not hit here");
+                }
+                xml::reader::XmlEvent::StartElement { ref name, .. } => {
+                    println!("Got start Element {:?}", name);
+                    current_interface_name = name.local_name.clone();
+                    println!("About to deserialize interface from name {:?}", name);
+                    // TODO store names
+                    'inner_iface: loop {
+                        let peek = reader.peek()?;
+                        println!("Peeking before forcing next event {:?}", peek);
+
+                        if let XmlEvent::EndElement { name } = peek {
+                            // TODO save the interface name and struct in the hashmap
+                            println!("Forcing next_event");
+                            reader.next_event()?;
+
+                            let peek = reader.peek()?;
+                            println!("Peeking after next event deserializing {:?}", peek);
+                            if let XmlEvent::EndElement { name } = peek {
+                                println!("Got two EndElement in a row, breaking out of loop");
+                                break 'inner_iface;
+                            }
+                        }
+                        println!("Peeking before deserializing {:?}", reader.peek()?);
+                        let interface = <Interface as yaserde::YaDeserialize>::deserialize(reader)?;
+                        println!("Interface deserialized {:?}", interface);
+                        println!("Peeking after deserializing {:?}", reader.peek()?);
+                    }
+                    println!(
+                        "Done with inner interface, loop completed {:?}",
+                        reader.peek()?
+                    );
+                }
+                xml::reader::XmlEvent::EndDocument => break,
+                _ => {
+                    return Err(
+                        "This Interfaces Deserializer does not support all XmlEvent types".into(),
+                    )
+                }
+            }
+            let peek = reader.peek()?;
+
+            let mut read_next = true;
+            if let XmlEvent::EndElement { name } = peek {
+                if name.local_name == "interfaces" {
+                    println!("Got endElement interfaces, not reading next event");
+                    break;
+                }
+            }
+
+            if read_next {
+                event = reader.next_event()?;
+            }
+            println!("Outer loop got event {:?}", event);
+            println!("Outer loop got peek {:?}", reader.peek()?);
+        }
+        println!("Done with interfaces {:?}", interfaces);
+        println!("reader peeking shows {:?}", reader.peek());
+
+        Ok(interfaces)
+    }
+}
diff --git a/harmony-rs/opnsense-config/src/modules/deserializer/mod.rs b/harmony-rs/opnsense-config/src/modules/deserializer/mod.rs
new file mode 100644
index 0000000..e358e80
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/modules/deserializer/mod.rs
@@ -0,0 +1,3 @@
+
+mod interfaces;
+
diff --git a/harmony-rs/opnsense-config/src/modules/dhcp.rs b/harmony-rs/opnsense-config/src/modules/dhcp.rs
index 2bb7362..8d7172a 100644
--- a/harmony-rs/opnsense-config/src/modules/dhcp.rs
+++ b/harmony-rs/opnsense-config/src/modules/dhcp.rs
@@ -14,6 +14,10 @@ impl<'a> DhcpConfig<'a> {
             mac,
             ipaddr,
             hostname,
+            descr: Some("Automatically generated".into()),
+            winsserver: None,
+            dnsserver: None,
+            ntpserver: None,
         };
         self.opnsense.dhcpd.lan.staticmaps.push(static_map);
     }
diff --git a/harmony-rs/opnsense-config/src/modules/mod.rs b/harmony-rs/opnsense-config/src/modules/mod.rs
index d847dcb..0518c7f 100644
--- a/harmony-rs/opnsense-config/src/modules/mod.rs
+++ b/harmony-rs/opnsense-config/src/modules/mod.rs
@@ -1,2 +1,3 @@
 pub mod opnsense;
 pub mod dhcp;
+mod deserializer;
diff --git a/harmony-rs/opnsense-config/src/modules/opnsense.rs b/harmony-rs/opnsense-config/src/modules/opnsense.rs
index 2ca04c0..d7c2730 100644
--- a/harmony-rs/opnsense-config/src/modules/opnsense.rs
+++ b/harmony-rs/opnsense-config/src/modules/opnsense.rs
@@ -3,26 +3,142 @@ use yaserde_derive::{YaDeserialize, YaSerialize};
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 #[yaserde(rename = "opnsense")]
 pub struct OPNsense {
-    #[yaserde(rename = "dhcpd")]
     pub dhcpd: Dhcpd,
-    // Add other top-level elements as needed
+    pub theme: String,
+    pub sysctl: Sysctl,
+    pub system: System,
+    pub interfaces: Interfaces,
+    pub snmpd: Snmpd,
+    pub syslog: Syslog,
+    pub nat: Nat,
+    pub filter: Filters,
+    pub load_balancer: LoadBalancer,
+    pub ntpd: Ntpd,
+    pub widgets: Widgets,
+    pub revision: Revision,
+    #[yaserde(rename = "OPNsense")]
+    pub opnsense: OPNsenseConfig,
+    pub staticroutes: StaticRoutes,
+    pub ca: Option<String>,
+    pub gateways: Gateways,
+    pub cert: Cert,
+    pub dhcpdv6: DhcpDv6,
+    pub virtualip: VirtualIp,
+    pub openvpn: OpenVpn,
+    pub ppps: Ppps,
+    pub dyndnses: Dyndnses,
+    pub vlans: Vlans,
+    pub bridges: Bridges,
+    pub gifs: Gifs,
+    pub gres: Gres,
+    pub laggs: Laggs,
+    pub wireless: Wireless,
+    pub hasync: Hasync,
+    pub ifgroups: Ifgroups,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct LoadBalancer {
+    pub monitor_type: Vec<MonitorType>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct MonitorType {
+    pub name: String,
+    #[yaserde(rename = "type")]
+    pub r#type: String,
+    pub descr: String,
+    pub options: Option<Options>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Ntpd {
+    pub prefer: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Widgets {
+    pub sequence: String,
+    pub column_count: i32,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Revision {
+    pub username: String,
+    pub time: f64,
+    pub description: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Options {
+    pub path: Option<String>,
+    pub host: Option<String>,
+    pub code: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Filters {
+    #[yaserde(rename = "rule")]
+    pub rules: Vec<Rule>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Rule {
+    #[yaserde(attribute)]
+    pub uuid: Option<String>,
+    #[yaserde(rename = "associated-rule-id")]
+    pub associated_rule_id: Option<String>,
+    #[yaserde(rename = "type")]
+    pub r#type: Option<String>,
+    pub interface: String,
+    pub ipprotocol: String,
+    pub statetype: String,
+    pub descr: String,
+    pub direction: Option<String>,
+    pub category: Option<String>,
+    pub quick: Option<String>,
+    pub protocol: String,
+    pub source: Source,
+    pub destination: Destination,
+    pub updated: Option<Updated>,
+    pub created: Created,
+    pub disabled: Option<u8>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Source {
+    pub any: Option<bool>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Destination {
+    pub network: Option<String>,
+    pub address: Option<String>,
+    pub port: Option<u16>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Username {
+    pub user: String,
+    pub host: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Sysctl {
+    pub item: SysctlItem,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct SysctlItem {
+    pub descr: String,
+    pub tunable: String,
+    pub value: String,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Dhcpd {
     #[yaserde(rename = "lan")]
     pub lan: DhcpInterface,
-    // Add other interfaces as needed
-}
-
-#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
-pub struct DhcpInterface {
-    #[yaserde(rename = "enable")]
-    pub enable: bool,
-    #[yaserde(rename = "range")]
-    pub range: DhcpRange,
-    #[yaserde(rename = "staticmap")]
-    pub staticmaps: Vec<StaticMap>,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -34,11 +150,1805 @@ pub struct DhcpRange {
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
-pub struct StaticMap {
-    #[yaserde(rename = "mac")]
-    pub mac: String,
-    #[yaserde(rename = "ipaddr")]
-    pub ipaddr: String,
-    #[yaserde(rename = "hostname")]
+pub struct System {
+    #[yaserde(rename = "use_mfs_tmp")]
+    pub use_mfs_tmp: Option<String>,
+    #[yaserde(rename = "use_mfs_var")]
+    pub use_mfs_var: Option<String>,
+    pub serialspeed: u32,
+    pub primaryconsole: String,
+    pub secondaryconsole: String,
+    pub optimization: String,
     pub hostname: String,
+    pub domain: String,
+    pub group: Vec<Group>,
+    pub user: Vec<User>,
+    pub nextuid: u32,
+    pub nextgid: u32,
+    pub timezone: String,
+    pub timeservers: String,
+    pub webgui: WebGui,
+    pub usevirtualterminal: bool,
+    pub disableconsolemenu: bool,
+    pub disablevlanhwfilter: bool,
+    pub disablechecksumoffloading: bool,
+    pub disablesegmentationoffloading: bool,
+    pub disablelargereceiveoffloading: bool,
+    pub ipv6allow: bool,
+    pub powerd_ac_mode: String,
+    pub powerd_battery_mode: String,
+    pub powerd_normal_mode: String,
+    pub bogons: Bogons,
+    pub crypto_hardware: String,
+    pub pf_share_forward: bool,
+    pub lb_use_sticky: bool,
+    pub kill_states: bool,
+    pub ssh: Ssh,
+    pub firmware: Firmware,
+    pub sudo_allow_wheel: bool,
+    pub sudo_allow_group: String,
+    pub enablenatreflectionhelper: String,
+    pub rulesetoptimization: String,
+    pub maximumstates: Option<String>,
+    pub maximumfrags: Option<String>,
+    pub aliasesresolveinterval: Option<String>,
+    pub maximumtableentries: Option<String>,
+    pub language: String,
+    pub dnsserver: Option<String>,
+    #[yaserde(rename = "dns1gw")]
+    pub dns1gw: String,
+    #[yaserde(rename = "dns2gw")]
+    pub dns2gw: String,
+    #[yaserde(rename = "dns3gw")]
+    pub dns3gw: String,
+    #[yaserde(rename = "dns4gw")]
+    pub dns4gw: String,
+    #[yaserde(rename = "dns5gw")]
+    pub dns5gw: String,
+    #[yaserde(rename = "dns6gw")]
+    pub dns6gw: String,
+    #[yaserde(rename = "dns7gw")]
+    pub dns7gw: String,
+    #[yaserde(rename = "dns8gw")]
+    pub dns8gw: String,
+    pub dnsallowoverride: bool,
+    pub dnsallowoverride_exclude: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Ssh {
+    pub group: String,
+    pub noauto: bool,
+    pub interfaces: Option<String>,
+    pub kex: Option<String>,
+    pub ciphers: Option<String>,
+    pub macs: Option<String>,
+    pub keys: Option<String>,
+    pub enabled: String,
+    pub passwordauth: bool,
+    pub keysig: Option<String>,
+    pub permitrootlogin: bool,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Firmware {
+    #[yaserde(attribute)]
+    pub version: String,
+    pub mirror: Option<String>,
+    pub flavour: Option<String>,
+    pub plugins: String,
+    #[yaserde(rename = "type")]
+    pub firmware_type: Option<String>,
+    pub subscription: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Bogons {
+    pub interval: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Group {
+    pub name: String,
+    pub description: String,
+    pub scope: String,
+    pub gid: u32,
+    pub member: Vec<u32>,
+    #[yaserde(rename = "priv")]
+    pub priv_: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct User {
+    pub name: String,
+    pub descr: Option<String>,
+    pub scope: String,
+    pub groupname: Option<String>,
+    pub password: String,
+    pub uid: u32,
+    pub expires: Option<String>,
+    pub authorizedkeys: Option<String>,
+    pub ipsecpsk: Option<String>,
+    pub otp_seed: Option<String>,
+    pub shell: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct WebGui {
+    pub protocol: String,
+    #[yaserde(rename = "ssl-certref")]
+    pub ssl_certref: String,
+    pub port: Option<String>,
+    #[yaserde(rename = "ssl-ciphers")]
+    pub ssl_ciphers: Option<String>,
+    pub interfaces: Option<String>,
+
+    pub compression: Option<String>,
+}
+
+use std::collections::HashMap;
+
+#[derive(Default, PartialEq, Debug)]
+pub struct Interfaces {
+    pub interfaces: HashMap<String, Interface>,
+}
+
+#[derive(Default, PartialEq, Debug, YaDeserialize, YaSerialize)]
+pub struct Interface {
+    #[yaserde(rename = "if")]
+    pub physical_interface_name: String,
+    pub descr: String,
+    pub enable: u8,
+    #[yaserde(rename = "spoofmac")]
+    pub spoof_mac: Option<String>,
+    pub internal_dynamic: Option<u8>,
+    pub ipaddr: Option<String>,
+    #[yaserde(rename = "blockpriv")]
+    pub block_priv: Option<u8>,
+    #[yaserde(rename = "blockbogons")]
+    pub block_bogons: Option<u8>,
+    pub lock: Option<u8>,
+    #[yaserde(rename = "type")]
+    pub r#type: Option<String>,
+    #[yaserde(rename = "virtual")]
+    pub r#virtual: Option<String>,
+    pub subnet: Option<String>,
+    pub networks: Option<bool>,
+    pub subnetv6: Option<String>,
+    pub ipaddrv6: Option<String>,
+    #[yaserde(rename = "track6-interface")]
+    pub track6_interface: Option<String>,
+    #[yaserde(rename = "track6-prefix-id")]
+    pub track6_prefix_id: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct DhcpInterface {
+    pub enable: i32,
+    pub gateway: String,
+    pub pool: Option<String>,
+    pub domain: String,
+    #[yaserde(rename = "ddnsdomainalgorithm")]
+    pub ddns_domain_algorithm: String,
+    #[yaserde(rename = "numberoptions")]
+    pub number_options: Vec<NumberOption>,
+    #[yaserde(rename = "range")]
+    pub range: Range,
+    pub winsserver: Option<String>,
+    pub dnsserver: String,
+    pub ntpserver: Option<String>,
+    #[yaserde(rename = "staticmap")]
+    pub staticmaps: Vec<StaticMap>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct NumberOption {
+    item: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Range {
+    #[yaserde(rename = "from")]
+    pub from: String,
+    #[yaserde(rename = "to")]
+    pub to: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct StaticMap {
+    pub mac: String,
+    pub ipaddr: String,
+    pub hostname: String,
+    pub descr: Option<String>,
+    pub winsserver: Option<String>,
+    pub dnsserver: Option<String>,
+    pub ntpserver: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Snmpd {
+    pub syslocation: Option<String>,
+    pub syscontact: Option<String>,
+    pub rocommunity: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Syslog {
+    pub reverse: Option<bool>,
+    pub preservelogs: i32,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Nat {
+    #[yaserde(rename = "outbound")]
+    pub outbound: Outbound,
+    #[yaserde(rename = "rule")]
+    pub rules: Vec<NatRule>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Outbound {
+    pub mode: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct NatRule {
+    pub protocol: String,
+    pub interface: String,
+    pub category: Option<String>,
+    pub ipprotocol: String,
+    pub descr: Option<String>,
+    pub tag: Option<String>,
+    pub tagged: Option<bool>,
+    pub poolopts: PoolOpts,
+    #[yaserde(rename = "associated-rule-id")]
+    pub associated_rule_id: String,
+    pub target: String,
+    #[yaserde(rename = "local-port")]
+    pub local_port: i32,
+    pub source: Source,
+    pub destination: Destination,
+    pub updated: Updated,
+    pub created: Created,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct PoolOpts {
+    // No specific fields for this element, can be added as needed
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Updated {
+    pub username: String,
+    pub time: f64,
+    pub description: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Created {
+    pub username: String,
+    pub time: f64,
+    pub description: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+#[yaserde(rename = "OPNsense")]
+pub struct OPNsenseConfig {
+    pub captiveportal: Option<CaptivePortal>,
+    pub cron: Option<Cron>,
+    #[yaserde(rename = "Netflow")]
+    pub netflow: Option<Netflow>,
+    #[yaserde(rename = "Firewall")]
+    pub firewall: Option<Firewall>,
+    #[yaserde(rename = "IDS")]
+    pub ids: Option<IDS>,
+    #[yaserde(rename = "IPsec")]
+    pub ipsec: Option<IPsec>,
+    #[yaserde(rename = "Interfaces")]
+    pub interfaces: Option<ConfigInterfaces>,
+    pub monit: Option<Monit>,
+    #[yaserde(rename = "OpenVPNExport")]
+    pub openvpn_export: Option<OpenVPNExport>,
+    pub proxy: Option<Proxy>,
+    #[yaserde(rename = "Syslog")]
+    pub syslog: Option<ConfigSyslog>,
+    #[yaserde(rename = "TrafficShaper")]
+    pub traffic_shaper: Option<TrafficShaper>,
+    pub unboundplus: Option<UnboundPlus>,
+    pub wireguard: Option<Wireguard>,
+    #[yaserde(rename = "Swanctl")]
+    pub swanctl: Swanctl,
+    #[yaserde(rename = "DynDNS")]
+    pub dyndns: DynDNS,
+    #[yaserde(rename = "OpenVPN")]
+    pub openvpn: ConfigOpenVPN,
+    #[yaserde(rename = "Gateways")]
+    pub gateways: ConfigGateways,
+    #[yaserde(rename = "HAProxy")]
+    pub haproxy: HAProxy,
+}
+
+#[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
+#[yaserde(rename = "IDS")]
+struct IDS {
+    #[yaserde(attribute)]
+    version: String,
+    rules: Option<String>,
+    policies: Option<String>,
+    #[yaserde(rename = "userDefinedRules")]
+    user_defined_rules: Option<String>,
+    files: Option<String>,
+    #[yaserde(rename = "fileTags")]
+    file_tags: Option<String>,
+    general: IDSGeneral,
+}
+
+#[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
+pub struct IDSGeneral {
+    enabled: Option<u8>,
+    ips: Option<u8>,
+    promisc: Option<u8>,
+    interfaces: String,
+    homenet: String,
+    defaultPacketSize: Option<String>,
+    UpdateCron: Option<String>,
+    AlertLogrotate: String,
+    AlertSaveLogs: u8,
+    MPMAlgo: String,
+    detect: Detect,
+    syslog: Option<u8>,
+    syslog_eve: Option<u8>,
+    LogPayload: Option<u8>,
+    verbosity: Option<String>,
+}
+
+#[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
+pub struct Detect {
+    Profile: String,
+    toclient_groups: Option<String>,
+    toserver_groups: Option<String>,
+}
+
+#[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
+#[yaserde(rename = "IPsec")]
+pub struct IPsec {
+    #[yaserde(attribute)]
+    version: String,
+    general: GeneralIpsec,
+    keyPairs: Option<String>,
+    preSharedKeys: Option<String>,
+}
+
+#[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
+pub struct GeneralIpsec {
+    enabled: Option<String>,
+}
+
+#[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
+#[yaserde(rename = "Interfaces")]
+pub struct ConfigInterfaces {
+    vxlans: Vxlan,
+    loopbacks: Loopback,
+}
+
+#[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
+struct Vxlan {
+    #[yaserde(attribute)]
+    version: String,
+}
+
+#[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
+struct Loopback {
+    #[yaserde(attribute)]
+    version: String,
+}
+
+#[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
+#[yaserde(rename = "monit")]
+struct Monit {
+    #[yaserde(attribute)]
+    version: String,
+    general: GeneralMonit,
+    alert: Option<Alert>,
+    service: Option<Service>,
+    test: Option<Test>,
+}
+
+#[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
+struct GeneralMonit {
+    enabled: u8,
+    interval: u32,
+    startdelay: u32,
+    mailserver: String,
+    port: u16,
+    username: Option<String>,
+    password: Option<String>,
+    ssl: u8,
+    sslversion: String,
+    sslverify: u8,
+    logfile: String,
+    statefile: Option<String>,
+    eventqueuePath: Option<String>,
+    eventqueueSlots: Option<String>,
+    httpdEnabled: u8,
+    httpdUsername: String,
+    httpdPassword: String,
+    httpdPort: u16,
+    httpdAllow: Option<String>,
+    mmonitUrl: Option<String>,
+    mmonitTimeout: u32,
+    mmonitRegisterCredentials: u8,
+}
+
+#[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
+struct Alert {
+    #[yaserde(attribute)]
+    uuid: String,
+    enabled: u8,
+    recipient: String,
+    noton: u8,
+    events: Option<String>,
+    format: Option<String>,
+    reminder: u32,
+    description: Option<String>,
+}
+
+#[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
+struct Service {
+    #[yaserde(attribute)]
+    uuid: String,
+    enabled: u8,
+    name: String,
+    description: Option<String>,
+    #[yaserde(rename = "type")]
+    r#type: String,
+    pidfile: Option<String>,
+    #[yaserde(rename = "match")]
+    r#match: Option<String>,
+    path: Option<String>,
+    timeout: u32,
+    starttimeout: u32,
+    address: Option<String>,
+    interface: Option<String>,
+    start: Option<String>,
+    stop: Option<String>,
+    tests: String,
+    depends: Option<String>,
+    polltime: Option<String>,
+}
+
+#[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
+struct Test {
+    #[yaserde(attribute)]
+    uuid: String,
+    name: String,
+    #[yaserde(rename = "type")]
+    r#type: String,
+    condition: String,
+    action: String,
+    path: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct CaptivePortal {
+    #[yaserde(attribute)]
+    pub version: String,
+    #[yaserde(rename = "zones")]
+    pub zones: Option<Zones>,
+    #[yaserde(rename = "templates")]
+    pub templates: Option<Templates>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Cron {
+    #[yaserde(attribute)]
+    pub version: String,
+    #[yaserde(rename = "jobs")]
+    pub jobs: Option<Jobs>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Netflow {
+    #[yaserde(attribute)]
+    pub version: String,
+    #[yaserde(rename = "capture")]
+    pub capture: Option<Capture>,
+    #[yaserde(rename = "collect")]
+    pub collect: Option<Collect>,
+    #[yaserde(rename = "activeTimeout")]
+    pub active_timeout: Option<u64>,
+    #[yaserde(rename = "inactiveTimeout")]
+    pub inactive_timeout: Option<u64>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Capture {
+    #[yaserde(rename = "interfaces")]
+    pub interfaces: Option<String>,
+    #[yaserde(rename = "egress_only")]
+    pub egress_only: Option<bool>,
+    #[yaserde(rename = "version")]
+    pub version: Option<String>,
+    #[yaserde(rename = "targets")]
+    pub targets: Option<Targets>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Collect {
+    #[yaserde(rename = "enable")]
+    pub enable: Option<u8>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Zones {
+    // Define fields for Zones, e.g.:
+    #[yaserde(rename = "zone")]
+    pub zones: Vec<Zone>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Zone {
+    #[yaserde(attribute)]
+    pub uuid: Option<String>,
+    #[yaserde(rename = "name")]
+    pub name: Option<String>,
+    // Add other fields as needed
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Templates {
+    // Define fields for Templates, e.g.:
+    #[yaserde(rename = "template")]
+    pub templates: Vec<Template>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Template {
+    #[yaserde(attribute)]
+    pub uuid: Option<String>,
+    #[yaserde(rename = "name")]
+    pub name: Option<String>,
+    // Add other fields as needed
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Jobs {
+    // Define fields for Jobs, e.g.:
+    #[yaserde(rename = "job")]
+    pub jobs: Vec<Job>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Job {
+    #[yaserde(attribute)]
+    pub uuid: Option<String>,
+    #[yaserde(rename = "name")]
+    pub name: Option<String>,
+    // Add other fields as needed
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Targets {
+    // Define fields for Targets, e.g.:
+    #[yaserde(rename = "target")]
+    pub targets: Vec<Target>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Target {
+    #[yaserde(attribute)]
+    pub uuid: Option<String>,
+    #[yaserde(rename = "name")]
+    pub name: Option<String>,
+    // Add other fields as needed
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Firewall {
+    #[yaserde(rename = "Lvtemplate")]
+    pub lv_template: Option<LvTemplate>,
+    #[yaserde(rename = "Category")]
+    pub category: Option<Category>,
+    #[yaserde(rename = "Alias")]
+    pub alias: Option<Alias>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct LvTemplate {
+    #[yaserde(attribute)]
+    pub version: Option<String>,
+    #[yaserde(rename = "templates")]
+    pub templates: Option<Templates>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Category {
+    #[yaserde(attribute)]
+    pub version: Option<String>,
+    #[yaserde(rename = "categories")]
+    pub categories: Option<Categories>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Categories {
+    #[yaserde(rename = "category")]
+    pub categories: Vec<CategoryItem>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct CategoryItem {
+    #[yaserde(attribute)]
+    pub uuid: Option<String>,
+    #[yaserde(rename = "name")]
+    pub name: Option<String>,
+    #[yaserde(rename = "auto")]
+    pub auto: Option<u8>,
+    #[yaserde(rename = "color")]
+    pub color: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Alias {
+    #[yaserde(attribute)]
+    pub version: Option<String>,
+    #[yaserde(rename = "geoip")]
+    pub geoip: Option<GeoIP>,
+    #[yaserde(rename = "aliases")]
+    pub aliases: Option<Aliases>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct GeoIP {
+    #[yaserde(rename = "url")]
+    pub url: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Aliases {
+    #[yaserde(rename = "alias")]
+    pub aliases: Vec<AliasItem>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct AliasItem {
+    #[yaserde(attribute)]
+    pub uuid: String,
+    pub enabled: String,
+    pub name: String,
+    #[yaserde(rename = "type")]
+    pub r#type: String,
+    pub interface: Option<String>,
+    pub counters: String,
+    pub updatefreq: Option<String>,
+    pub content: String,
+    pub categories: Option<String>,
+    pub description: Option<String>,
+    pub proto: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct OpenVPNExport {
+    #[yaserde(attribute)]
+    pub version: String,
+    pub servers: Option<Servers>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Servers {}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+#[yaserde(rename = "proxy")]
+pub struct Proxy {
+    #[yaserde(attribute)]
+    pub version: String,
+    pub general: ConfigGeneral,
+    pub forward: Forward,
+    pub pac: Option<Pac>,
+    #[yaserde(rename = "error_pages")]
+    pub error_pages: ErrorPages,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct ConfigGeneral {
+    pub enabled: i32,
+    #[yaserde(rename = "error_pages")]
+    pub error_pages: String,
+    pub icpPort: Option<String>,
+    pub logging: Logging,
+    pub alternateDNSservers: Option<String>,
+    pub dnsV4First: i32,
+    pub forwardedForHandling: String,
+    pub uriWhitespaceHandling: String,
+    pub enablePinger: i32,
+    pub useViaHeader: i32,
+    pub suppressVersion: i32,
+    pub connecttimeout: Option<String>,
+    #[yaserde(rename = "VisibleEmail")]
+    pub visible_email: String,
+    #[yaserde(rename = "VisibleHostname")]
+    pub visible_hostname: Option<String>,
+    pub cache: Cache,
+    pub traffic: Traffic,
+    pub parentproxy: ParentProxy,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Logging {
+    pub enable: Enable,
+    pub ignoreLogACL: Option<String>,
+    pub target: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Enable {
+    pub accessLog: i32,
+    pub storeLog: i32,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Cache {
+    pub local: LocalCache,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct LocalCache {
+    pub enabled: i32,
+    pub directory: String,
+    pub cache_mem: i32,
+    pub maximum_object_size: Option<String>,
+    pub maximum_object_size_in_memory: Option<String>,
+    pub memory_cache_mode: String,
+    pub size: i32,
+    pub l1: i32,
+    pub l2: i32,
+    pub cache_linux_packages: i32,
+    pub cache_windows_updates: i32,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Traffic {
+    pub enabled: i32,
+    pub maxDownloadSize: i32,
+    pub maxUploadSize: i32,
+    pub OverallBandwidthTrotteling: i32,
+    pub perHostTrotteling: i32,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct ParentProxy {
+    pub enabled: i32,
+    pub host: Option<String>,
+    pub enableauth: i32,
+    pub user: Option<String>,
+    pub password: Option<String>,
+    pub port: Option<String>,
+    pub localdomains: Option<String>,
+    pub localips: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Forward {
+    pub interfaces: String,
+    pub port: i32,
+    pub sslbumpport: i32,
+    pub sslbump: i32,
+    pub sslurlonly: i32,
+    pub sslcertificate: Option<String>,
+    pub sslnobumpsites: Option<String>,
+    pub ssl_crtd_storage_max_size: i32,
+    pub sslcrtd_children: i32,
+    pub snmp_enable: i32,
+    pub snmp_port: i32,
+    pub snmp_password: String,
+    pub ftpInterfaces: Option<String>,
+    pub ftpPort: i32,
+    pub ftpTransparentMode: i32,
+    pub addACLforInterfaceSubnets: i32,
+    pub transparentMode: i32,
+    pub acl: Acl,
+    pub icap: Icap,
+    pub authentication: Authentication,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Acl {
+    pub allowedSubnets: Option<String>,
+    pub unrestricted: Option<String>,
+    pub bannedHosts: Option<String>,
+    pub whiteList: Option<String>,
+    pub blackList: Option<String>,
+    pub browser: Option<String>,
+    pub mimeType: Option<String>,
+    pub googleapps: Option<String>,
+    pub youtube: Option<String>,
+    pub safePorts: String,
+    pub sslPorts: String,
+    pub remoteACLs: RemoteAcls,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct RemoteAcls {
+    pub blacklists: Option<String>,
+    pub UpdateCron: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Icap {
+    pub enable: i32,
+    pub RequestURL: String,
+    pub ResponseURL: String,
+    pub SendClientIP: i32,
+    pub SendUsername: i32,
+    pub EncodeUsername: i32,
+    pub UsernameHeader: String,
+    pub EnablePreview: i32,
+    pub PreviewSize: i32,
+    pub OptionsTTL: i32,
+    pub exclude: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Authentication {
+    pub method: Option<String>,
+    pub authEnforceGroup: Option<String>,
+    pub realm: String,
+    pub credentialsttl: i32,
+    pub children: i32,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Pac {}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct ErrorPages {
+    pub template: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct ConfigSyslog {
+    #[yaserde(attribute)]
+    pub version: String,
+    pub general: SyslogGeneral,
+    pub destinations: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct SyslogGeneral {
+    pub enabled: i32,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+#[yaserde(rename = "TrafficShaper")]
+pub struct TrafficShaper {
+    #[yaserde(attribute)]
+    pub version: String,
+    pub pipes: Option<String>,
+    pub queues: Option<String>,
+    pub rules: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct UnboundPlus {
+    #[yaserde(attribute)]
+    pub version: String,
+    pub general: UnboundGeneral,
+    pub advanced: Advanced,
+    pub acls: Acls,
+    pub dnsbl: Dnsbl,
+    pub forwarding: Forwarding,
+    pub dots: Option<String>,
+    pub hosts: Hosts,
+    pub aliases: Option<String>,
+    pub domains: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct UnboundGeneral {
+    pub enabled: i32,
+    pub port: i32,
+    pub stats: Option<String>,
+    pub active_interface: Option<String>,
+    pub dnssec: Option<String>,
+    pub dns64: Option<String>,
+    pub dns64prefix: Option<String>,
+    pub noarecords: Option<String>,
+    pub regdhcp: i32,
+    pub regdhcpdomain: Option<String>,
+    pub regdhcpstatic: i32,
+    pub noreglladdr6: Option<String>,
+    pub noregrecords: Option<String>,
+    pub txtsupport: Option<String>,
+    pub cacheflush: Option<String>,
+    pub local_zone_type: String,
+    pub outgoing_interface: Option<String>,
+    pub enable_wpad: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Advanced {
+    pub hideidentity: i32,
+    pub hideversion: i32,
+    pub prefetch: i32,
+    pub prefetchkey: i32,
+    pub dnssecstripped: i32,
+    pub serveexpired: i32,
+    pub serveexpiredreplyttl: Option<String>,
+    pub serveexpiredttl: Option<String>,
+    pub serveexpiredttlreset: i32,
+    pub serveexpiredclienttimeout: Option<String>,
+    pub qnameminstrict: i32,
+    pub extendedstatistics: i32,
+    pub logqueries: i32,
+    pub logreplies: i32,
+    pub logtagqueryreply: i32,
+    pub logservfail: Option<String>,
+    pub loglocalactions: Option<String>,
+    pub logverbosity: i32,
+    pub valloglevel: i32,
+    pub privatedomain: Option<String>,
+    pub privateaddress: Option<String>,
+    pub insecuredomain: Option<String>,
+    pub msgcachesize: Option<String>,
+    pub rrsetcachesize: Option<String>,
+    pub outgoingnumtcp: Option<String>,
+    pub incomingnumtcp: Option<String>,
+    pub numqueriesperthread: Option<String>,
+    pub outgoingrange: Option<String>,
+    pub jostletimeout: Option<String>,
+    pub cachemaxttl: Option<String>,
+    pub cachemaxnegativettl: Option<String>,
+    pub cacheminttl: Option<String>,
+    pub infrahostttl: Option<String>,
+    pub infrakeepprobing: Option<String>,
+    pub infracachenumhosts: Option<String>,
+    pub unwantedreplythreshold: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Acls {
+    #[yaserde(rename = "default_action")]
+    pub default_action: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Dnsbl {
+    pub enabled: i32,
+    pub safesearch: Option<String>,
+    #[yaserde(rename = "type")]
+    pub r#type: Option<String>,
+    pub lists: Option<String>,
+    pub whitelists: Option<String>,
+    pub blocklists: Option<String>,
+    pub wildcards: Option<String>,
+    pub address: Option<String>,
+    pub nxdomain: i32,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Forwarding {
+    pub enabled: i32,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Hosts {
+    #[yaserde(rename = "host")]
+    pub hosts: Vec<Host>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Host {
+    #[yaserde(attribute)]
+    pub uuid: String,
+    pub enabled: i32,
+    pub hostname: String,
+    pub domain: String,
+    pub rr: String,
+    pub mxprio: Option<String>,
+    pub mx: Option<String>,
+    pub server: String,
+    pub description: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Wireguard {
+    pub general: WireguardGeneral,
+    pub server: WireguardServer,
+    pub client: WireguardClient,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct WireguardGeneral {
+    #[yaserde(attribute)]
+    pub version: String,
+    pub enabled: i32,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct WireguardServer {
+    #[yaserde(attribute)]
+    pub version: String,
+    pub servers: WireguardServerList,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct WireguardServerList {
+    pub server: Vec<WireguardServerItem>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct WireguardServerItem {
+    #[yaserde(attribute)]
+    pub uuid: String,
+    pub enabled: i32,
+    pub name: String,
+    pub instance: i32,
+    pub pubkey: String,
+    pub privkey: String,
+    pub port: i32,
+    pub mtu: Option<String>,
+    pub dns: Option<String>,
+    pub tunneladdress: String,
+    pub disableroutes: i32,
+    pub gateway: Option<String>,
+    pub carp_depend_on: Option<String>,
+    pub peers: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct WireguardClient {
+    #[yaserde(attribute)]
+    pub version: String,
+    pub clients: WireguardClientList,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct WireguardClientList {
+    pub client: Vec<WireguardClientItem>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct WireguardClientItem {
+    #[yaserde(attribute)]
+    pub uuid: String,
+    pub enabled: i32,
+    pub name: String,
+    pub pubkey: String,
+    pub psk: Option<String>,
+    pub tunneladdress: String,
+    pub serveraddress: Option<String>,
+    pub serverport: Option<String>,
+    pub keepalive: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Swanctl {
+    #[yaserde(attribute)]
+    pub version: String,
+    #[yaserde(rename = "Connections")]
+    pub connections: Option<String>,
+    pub locals: Option<String>,
+    pub remotes: Option<String>,
+    pub children: Option<String>,
+    #[yaserde(rename = "Pools")]
+    pub pools: Option<String>,
+    #[yaserde(rename = "VTIs")]
+    pub vtis: Option<String>,
+    #[yaserde(rename = "SPDs")]
+    pub spds: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+#[yaserde(rename = "DynDNS")]
+pub struct DynDNS {
+    #[yaserde(attribute)]
+    pub version: String,
+    pub general: DynDNSGeneral,
+    pub accounts: Accounts,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct DynDNSGeneral {
+    pub enabled: i32,
+    pub verbose: i32,
+    pub allowipv6: i32,
+    pub daemon_delay: i32,
+    pub backend: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Accounts {
+    #[yaserde(rename = "account")]
+    pub account: Account,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Account {
+    #[yaserde(attribute)]
+    pub uuid: String,
+    pub enabled: i32,
+    pub service: String,
+    pub protocol: Option<String>,
+    pub server: Option<String>,
+    pub username: String,
+    pub password: String,
+    #[yaserde(rename = "resourceId")]
+    pub resource_id: Option<String>,
+    pub hostnames: String,
+    pub wildcard: i32,
+    pub zone: Option<String>,
+    pub checkip: String,
+    #[yaserde(rename = "checkip_timeout")]
+    pub checkip_timeout: i32,
+    #[yaserde(rename = "force_ssl")]
+    pub force_ssl: i32,
+    pub ttl: i32,
+    pub interface: String,
+    pub description: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct ConfigOpenVPN {
+    #[yaserde(attribute)]
+    pub version: String,
+    pub Overwrites: Option<String>,
+    pub Instances: Option<String>,
+    pub StaticKeys: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct ConfigGateways {
+    #[yaserde(attribute)]
+    pub version: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+#[yaserde(rename = "HAProxy")]
+pub struct HAProxy {
+    #[yaserde(attribute)]
+    pub version: String,
+    pub general: HaProxyGeneral,
+    pub frontends: HAProxyFrontends,
+    pub backends: HAProxyBackends,
+    pub servers: HAProxyServers,
+    pub healthchecks: HAProxyHealthChecks,
+    pub acls: Option<String>,
+    pub actions: Option<String>,
+    pub luas: Option<String>,
+    pub fcgis: Option<String>,
+    pub errorfiles: Option<String>,
+    pub mapfiles: Option<String>,
+    pub groups: Option<String>,
+    pub users: Option<String>,
+    pub cpus: Option<String>,
+    pub resolvers: Option<String>,
+    pub mailers: Option<String>,
+    pub maintenance: Maintenance,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Maintenance {
+    #[yaserde(rename = "cronjobs")]
+    pub cronjobs: CronJobs,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct CronJobs {
+    #[yaserde(rename = "syncCerts")]
+    pub sync_certs: u32,
+    #[yaserde(rename = "syncCertsCron")]
+    pub sync_certs_cron: Option<String>,
+    #[yaserde(rename = "updateOcsp")]
+    pub update_ocsp: u32,
+    #[yaserde(rename = "updateOcspCron")]
+    pub update_ocsp_cron: Option<String>,
+    #[yaserde(rename = "reloadService")]
+    pub reload_service: u32,
+    #[yaserde(rename = "reloadServiceCron")]
+    pub reload_service_cron: Option<String>,
+    #[yaserde(rename = "restartService")]
+    pub restart_service: u32,
+    #[yaserde(rename = "restartServiceCron")]
+    pub restart_service_cron: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct HaProxyGeneral {
+    pub enabled: i32,
+    pub gracefulStop: i32,
+    pub hardStopAfter: String,
+    pub closeSpreadTime: Option<String>,
+    pub seamlessReload: i32,
+    pub storeOcsp: i32,
+    pub showIntro: i32,
+    pub peers: Peers,
+    pub tuning: Tuning,
+    pub defaults: HaProxyDefaults,
+    pub logging: HaProxyLogging,
+    pub stats: Stats,
+    pub cache: HaProxyCache,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Peers {
+    pub enabled: i32,
+    pub name1: Option<String>,
+    pub listen1: Option<String>,
+    pub port1: i32,
+    pub name2: Option<String>,
+    pub listen2: Option<String>,
+    pub port2: i32,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Tuning {
+    pub root: i32,
+    pub maxConnections: Option<String>,
+    pub nbthread: i32,
+    pub sslServerVerify: String,
+    pub maxDHSize: i32,
+    pub bufferSize: i32,
+    pub spreadChecks: i32,
+    pub bogusProxyEnabled: i32,
+    pub luaMaxMem: i32,
+    pub customOptions: Option<String>,
+    #[yaserde(rename = "ssl_defaultsEnabled")]
+    pub ssl_defaults_enabled: i32,
+    pub ssl_bindOptions: String,
+    pub ssl_minVersion: String,
+    pub ssl_maxVersion: Option<String>,
+    pub ssl_cipherList: String,
+    pub ssl_cipherSuites: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct HaProxyDefaults {
+    pub maxConnections: Option<String>,
+    pub maxConnectionsServers: Option<String>,
+    pub timeoutClient: String,
+    pub timeoutConnect: String,
+    pub timeoutCheck: Option<String>,
+    pub timeoutServer: String,
+    pub retries: i32,
+    pub redispatch: String,
+    pub init_addr: String,
+    pub customOptions: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct HaProxyLogging {
+    pub host: String,
+    pub facility: String,
+    pub level: String,
+    pub length: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Stats {
+    pub enabled: i32,
+    pub port: i32,
+    pub remoteEnabled: i32,
+    pub remoteBind: Option<String>,
+    pub authEnabled: i32,
+    pub users: Option<String>,
+    pub allowedUsers: Option<String>,
+    pub allowedGroups: Option<String>,
+    pub customOptions: Option<String>,
+    pub prometheus_enabled: i32,
+    pub prometheus_bind: String,
+    pub prometheus_path: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct HaProxyCache {
+    pub enabled: i32,
+    pub totalMaxSize: i32,
+    pub maxAge: i32,
+    pub maxObjectSize: Option<String>,
+    pub processVary: i32,
+    pub maxSecondaryEntries: i32,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct HAProxyFrontends {
+    #[yaserde(rename = "frontend")]
+    pub frontend: Vec<Frontend>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Frontend {
+    #[yaserde(attribute)]
+    pub uuid: String,
+    pub id: String,
+    pub enabled: i32,
+    pub name: String,
+    pub description: String,
+    pub bind: String,
+    pub bindOptions: Option<String>,
+    pub mode: String,
+    pub defaultBackend: String,
+    pub ssl_enabled: i32,
+    pub ssl_certificates: Option<String>,
+    pub ssl_default_certificate: Option<String>,
+    pub ssl_customOptions: Option<String>,
+    pub ssl_advancedEnabled: i32,
+    pub ssl_bindOptions: String,
+    pub ssl_minVersion: String,
+    pub ssl_maxVersion: Option<String>,
+    pub ssl_cipherList: String,
+    pub ssl_cipherSuites: String,
+    pub ssl_hstsEnabled: i32,
+    pub ssl_hstsIncludeSubDomains: i32,
+    pub ssl_hstsPreload: i32,
+    pub ssl_hstsMaxAge: i32,
+    pub ssl_clientAuthEnabled: i32,
+    pub ssl_clientAuthVerify: String,
+    pub ssl_clientAuthCAs: Option<String>,
+    pub ssl_clientAuthCRLs: Option<String>,
+    pub basicAuthEnabled: i32,
+    pub basicAuthUsers: Option<String>,
+    pub basicAuthGroups: Option<String>,
+    pub tuning_maxConnections: Option<String>,
+    pub tuning_timeoutClient: Option<String>,
+    pub tuning_timeoutHttpReq: Option<String>,
+    pub tuning_timeoutHttpKeepAlive: Option<String>,
+    pub linkedCpuAffinityRules: Option<String>,
+    pub tuning_shards: Option<String>,
+    pub logging_dontLogNull: i32,
+    pub logging_dontLogNormal: i32,
+    pub logging_logSeparateErrors: i32,
+    pub logging_detailedLog: i32,
+    pub logging_socketStats: i32,
+    pub stickiness_pattern: Option<String>,
+    pub stickiness_dataTypes: Option<String>,
+    pub stickiness_expire: String,
+    pub stickiness_size: String,
+    pub stickiness_counter: i32,
+    pub stickiness_counter_key: String,
+    pub stickiness_length: Option<String>,
+    pub stickiness_connRatePeriod: String,
+    pub stickiness_sessRatePeriod: String,
+    pub stickiness_httpReqRatePeriod: String,
+    pub stickiness_httpErrRatePeriod: String,
+    pub stickiness_bytesInRatePeriod: String,
+    pub stickiness_bytesOutRatePeriod: String,
+    pub http2Enabled: i32,
+    pub http2Enabled_nontls: i32,
+    pub advertised_protocols: String,
+    pub forwardFor: i32,
+    pub prometheus_enabled: i32,
+    pub prometheus_path: String,
+    pub connectionBehaviour: String,
+    pub customOptions: Option<String>,
+    pub linkedActions: Option<String>,
+    pub linkedErrorfiles: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct HAProxyBackends {
+    #[yaserde(rename = "backend")]
+    pub backends: Vec<Backend>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Backend {
+    #[yaserde(attribute, rename = "uuid")]
+    pub uuid: String,
+    #[yaserde(rename = "id")]
+    pub id: String,
+    #[yaserde(rename = "enabled")]
+    pub enabled: bool,
+    #[yaserde(rename = "name")]
+    pub name: String,
+    #[yaserde(rename = "description")]
+    pub description: Option<String>,
+    #[yaserde(rename = "mode")]
+    pub mode: String,
+    #[yaserde(rename = "algorithm")]
+    pub algorithm: String,
+    #[yaserde(rename = "random_draws")]
+    pub random_draws: Option<u32>,
+    #[yaserde(rename = "proxyProtocol")]
+    pub proxy_protocol: Option<String>,
+    #[yaserde(rename = "linkedServers")]
+    pub linked_servers: Option<String>,
+    #[yaserde(rename = "linkedFcgi")]
+    pub linked_fcgi: Option<String>,
+    #[yaserde(rename = "linkedResolver")]
+    pub linked_resolver: Option<String>,
+    #[yaserde(rename = "resolverOpts")]
+    pub resolver_opts: Option<String>,
+    #[yaserde(rename = "resolvePrefer")]
+    pub resolve_prefer: Option<String>,
+    #[yaserde(rename = "source")]
+    pub source: Option<String>,
+    #[yaserde(rename = "healthCheckEnabled")]
+    pub health_check_enabled: bool,
+    #[yaserde(rename = "healthCheck")]
+    pub health_check: Option<String>,
+    #[yaserde(rename = "healthCheckLogStatus")]
+    pub health_check_log_status: bool,
+    #[yaserde(rename = "checkInterval")]
+    pub check_interval: Option<String>,
+    #[yaserde(rename = "checkDownInterval")]
+    pub check_down_interval: Option<String>,
+    #[yaserde(rename = "healthCheckFall")]
+    pub health_check_fall: Option<String>,
+    #[yaserde(rename = "healthCheckRise")]
+    pub health_check_rise: Option<String>,
+    #[yaserde(rename = "linkedMailer")]
+    pub linked_mailer: Option<String>,
+    #[yaserde(rename = "http2Enabled")]
+    pub http2_enabled: bool,
+    #[yaserde(rename = "http2Enabled_nontls")]
+    pub http2_enabled_nontls: bool,
+    #[yaserde(rename = "ba_advertised_protocols")]
+    pub ba_advertised_protocols: String,
+    #[yaserde(rename = "persistence")]
+    pub persistence: String,
+    #[yaserde(rename = "persistence_cookiemode")]
+    pub persistence_cookiemode: String,
+    #[yaserde(rename = "persistence_cookiename")]
+    pub persistence_cookiename: Option<String>,
+    #[yaserde(rename = "persistence_stripquotes")]
+    pub persistence_stripquotes: bool,
+    #[yaserde(rename = "stickiness_pattern")]
+    pub stickiness_pattern: String,
+    #[yaserde(rename = "stickiness_dataTypes")]
+    pub stickiness_data_types: Option<String>,
+    #[yaserde(rename = "stickiness_expire")]
+    pub stickiness_expire: String,
+    #[yaserde(rename = "stickiness_size")]
+    pub stickiness_size: String,
+    #[yaserde(rename = "stickiness_cookiename")]
+    pub stickiness_cookiename: Option<String>,
+    #[yaserde(rename = "stickiness_cookielength")]
+    pub stickiness_cookielength: Option<String>,
+    #[yaserde(rename = "stickiness_connRatePeriod")]
+    pub stickiness_conn_rate_period: String,
+    #[yaserde(rename = "stickiness_sessRatePeriod")]
+    pub stickiness_sess_rate_period: String,
+    #[yaserde(rename = "stickiness_httpReqRatePeriod")]
+    pub stickiness_http_req_rate_period: String,
+    #[yaserde(rename = "stickiness_httpErrRatePeriod")]
+    pub stickiness_http_err_rate_period: String,
+    #[yaserde(rename = "stickiness_bytesInRatePeriod")]
+    pub stickiness_bytes_in_rate_period: String,
+    #[yaserde(rename = "stickiness_bytesOutRatePeriod")]
+    pub stickiness_bytes_out_rate_period: String,
+    #[yaserde(rename = "basicAuthEnabled")]
+    pub basic_auth_enabled: bool,
+    #[yaserde(rename = "basicAuthUsers")]
+    pub basic_auth_users: Option<String>,
+    #[yaserde(rename = "basicAuthGroups")]
+    pub basic_auth_groups: Option<String>,
+    #[yaserde(rename = "tuning_timeoutConnect")]
+    pub tuning_timeout_connect: Option<String>,
+    #[yaserde(rename = "tuning_timeoutCheck")]
+    pub tuning_timeout_check: Option<String>,
+    #[yaserde(rename = "tuning_timeoutServer")]
+    pub tuning_timeout_server: Option<String>,
+    #[yaserde(rename = "tuning_retries")]
+    pub tuning_retries: Option<String>,
+    #[yaserde(rename = "customOptions")]
+    pub custom_options: Option<String>,
+    #[yaserde(rename = "tuning_defaultserver")]
+    pub tuning_defaultserver: Option<String>,
+    #[yaserde(rename = "tuning_noport")]
+    pub tuning_noport: bool,
+    #[yaserde(rename = "tuning_httpreuse")]
+    pub tuning_httpreuse: Option<String>,
+    #[yaserde(rename = "tuning_caching")]
+    pub tuning_caching: bool,
+    #[yaserde(rename = "linkedActions")]
+    pub linked_actions: Option<String>,
+    #[yaserde(rename = "linkedErrorfiles")]
+    pub linked_errorfiles: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct HAProxyServers {
+    #[yaserde(rename = "server")]
+    pub servers: Vec<HAProxyServer>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct HAProxyServer {
+    #[yaserde(attribute, rename = "uuid")]
+    pub uuid: String,
+    #[yaserde(rename = "id")]
+    pub id: String,
+    #[yaserde(rename = "enabled")]
+    pub enabled: bool,
+    #[yaserde(rename = "name")]
+    pub name: String,
+    #[yaserde(rename = "description")]
+    pub description: Option<String>,
+    #[yaserde(rename = "address")]
+    pub address: String,
+    #[yaserde(rename = "port")]
+    pub port: u16,
+    #[yaserde(rename = "checkport")]
+    pub checkport: Option<String>,
+    #[yaserde(rename = "mode")]
+    pub mode: String,
+    #[yaserde(rename = "multiplexer_protocol")]
+    pub multiplexer_protocol: String,
+    #[yaserde(rename = "type")]
+    pub server_type: String,
+    #[yaserde(rename = "serviceName")]
+    pub service_name: Option<String>,
+    #[yaserde(rename = "number")]
+    pub number: Option<String>,
+    #[yaserde(rename = "linkedResolver")]
+    pub linked_resolver: Option<String>,
+    #[yaserde(rename = "resolverOpts")]
+    pub resolver_opts: Option<String>,
+    #[yaserde(rename = "resolvePrefer")]
+    pub resolve_prefer: Option<String>,
+    #[yaserde(rename = "ssl")]
+    pub ssl: bool,
+    #[yaserde(rename = "sslSNI")]
+    pub ssl_sni: Option<String>,
+    #[yaserde(rename = "sslVerify")]
+    pub ssl_verify: bool,
+    #[yaserde(rename = "sslCA")]
+    pub ssl_ca: Option<String>,
+    #[yaserde(rename = "sslCRL")]
+    pub ssl_crl: Option<String>,
+    #[yaserde(rename = "sslClientCertificate")]
+    pub ssl_client_certificate: Option<String>,
+    #[yaserde(rename = "maxConnections")]
+    pub max_connections: Option<String>,
+    #[yaserde(rename = "weight")]
+    pub weight: u32,
+    #[yaserde(rename = "checkInterval")]
+    pub check_interval: Option<String>,
+    #[yaserde(rename = "checkDownInterval")]
+    pub check_down_interval: Option<String>,
+    #[yaserde(rename = "source")]
+    pub source: Option<String>,
+    #[yaserde(rename = "advanced")]
+    pub advanced: Option<String>,
+    #[yaserde(rename = "unix_socket")]
+    pub unix_socket: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct HAProxyHealthChecks {
+    #[yaserde(rename = "healthcheck")]
+    pub healthchecks: Vec<HAProxyHealthCheck>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct HAProxyHealthCheck {
+    #[yaserde(attribute)]
+    pub uuid: String,
+    pub name: String,
+    pub description: Option<String>,
+    #[yaserde(rename = "type")]
+    pub health_check_type: String,
+    pub interval: String,
+    pub ssl: String,
+    #[yaserde(rename = "sslSNI")]
+    pub ssl_sni: Option<String>,
+    pub force_ssl: bool,
+    pub checkport: Option<String>,
+    pub http_method: String,
+    pub http_uri: String,
+    pub http_version: Option<String>,
+    #[yaserde(rename = "http_host")]
+    pub http_host: Option<String>,
+    #[yaserde(rename = "http_expressionEnabled")]
+    pub http_expression_enabled: Option<u8>,
+    pub http_expression: Option<String>,
+    pub http_negate: Option<String>,
+    pub http_value: Option<String>,
+    pub tcp_enabled: Option<String>,
+    #[yaserde(rename = "tcp_sendValue")]
+    pub tcp_send_value: Option<String>,
+    #[yaserde(rename = "tcp_matchType")]
+    pub tcp_match_type: Option<String>,
+    #[yaserde(rename = "tcp_matchValue")]
+    pub tcp_match_value: Option<String>,
+    pub tcp_negate: Option<String>,
+    #[yaserde(rename = "agentPort")]
+    pub agent_port: Option<String>,
+    pub mysql_user: Option<String>,
+    pub mysql_post41: Option<String>,
+    pub pgsql_user: Option<String>,
+    #[yaserde(alias = "smtpDomain")]
+    pub smtp_domain: Option<String>,
+    pub esmtp_domain: Option<String>,
+    #[yaserde(rename = "dbUser")]
+    pub db_user: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct StaticRoutes {
+    #[yaserde(attribute)]
+    pub version: String,
+    #[yaserde(rename = "route")]
+    pub route: Option<String>, // Assuming it can be empty, use Option
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Ca {} // Empty struct for <ca/>
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Gateways {
+    #[yaserde(rename = "gateway_item")]
+    pub gateway_item: Option<String>, // Assuming it can be empty, use Option
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Cert {
+    #[yaserde(rename = "refid")]
+    pub refid: String,
+    #[yaserde(rename = "descr")]
+    pub descr: String,
+    #[yaserde(rename = "crt")]
+    pub crt: String,
+    #[yaserde(rename = "prv")]
+    pub prv: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct DhcpDv6 {} // Empty struct for <dhcpdv6/>
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct VirtualIp {
+    #[yaserde(attribute)]
+    pub version: String,
+    #[yaserde(rename = "vip")]
+    pub vip: Vip,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Vip {
+    #[yaserde(attribute)]
+    pub uuid: String,
+    pub interface: String,
+    pub mode: String,
+    pub subnet: String,
+    pub subnet_bits: u32,
+    pub gateway: String,
+    pub noexpand: u32,
+    pub nobind: u32,
+    pub password: Option<String>,
+    pub vhid: Option<String>,
+    pub advbase: u32,
+    pub advskew: u32,
+    pub descr: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct OpenVpn {
+    #[yaserde(rename = "openvpn-server")]
+    pub openvpn_server: Option<String>,
+    #[yaserde(rename = "openvpn-client")]
+    pub openvpn_client: Option<String>,
+}
+
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Ppps {
+    pub ppp: Ppp,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Ppp {
+    pub ptpid: u32,
+    #[yaserde(rename = "type")]
+    pub r#type: String,
+    #[yaserde(rename = "if")]
+    pub r#if: String,
+    pub ports: String,
+    pub username: String,
+    pub password: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Dyndnses {
+    pub dyndns: Dyndns,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Dyndns {
+    #[yaserde(rename = "type")]
+    pub r#type: String,
+    pub username: Option<String>,
+    pub password: String,
+    pub host: String,
+    pub mx: Option<String>,
+    pub interface: String,
+    pub zoneid: Option<String>,
+    pub resourceid: Option<String>,
+    pub ttl: Option<String>,
+    pub updateurl: Option<String>,
+    pub resultmatch: Option<String>,
+    pub requestif: String,
+    pub descr: Option<String>,
+    pub id: u32,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Vlans {
+    #[yaserde(attribute)]
+    pub version: String,
+    pub vlan: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Bridges {
+    pub bridged: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Gifs {
+    pub gif: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Gres {
+    pub gre: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Laggs {
+    #[yaserde(attribute)]
+    pub version: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Wireless {
+    pub clone: Option<String>,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Hasync {
+    pub synchronizealiases: String,
+    pub synchronizeauthservers: String,
+    pub synchronizecerts: String,
+    pub synchronizedhcpd: String,
+    pub synchronizenat: String,
+    pub synchronizerules: String,
+    pub synchronizeschedules: String,
+    pub synchronizestaticroutes: String,
+    pub synchronizeusers: String,
+    pub synchronizevirtualip: String,
+    pub synchronizewidgets: String,
+    pub synchronizedhcrelay: String,
+    pub synchronizedhcpdv6: String,
+    pub synchronizedhcrelay6: String,
+    pub synchronizentpd: String,
+    pub synchronizesyslog: String,
+    pub synchronizecron: String,
+    pub synchronizesysctl: String,
+    pub synchronizewebgui: String,
+    pub synchronizednsforwarder: String,
+    pub synchronizeshaper: String,
+    pub synchronizecaptiveportal: String,
+    pub synchronizeipsec: String,
+    pub synchronizemonit: String,
+    pub synchronizessh: String,
+    pub synchronizeopenvpn: String,
+    pub synchronizeifgroups: String,
+    pub synchronizecategories: String,
+    pub synchronizelvtemplate: String,
+    pub synchronizesquid: String,
+    pub synchronizesuricata: String,
+    pub synchronizednsresolver: String,
+    pub pfsyncinterface: String,
+    pub synchronizetoip: String,
+    pub username: String,
+    pub password: String,
+    pub pfsyncenabled: String,
+    pub disablepreempt: String,
+    pub disconnectppps: String,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Ifgroups {
+    #[yaserde(attribute)]
+    pub version: String,
 }
diff --git a/harmony-rs/opnsense-config/src/tests/data/config-structure.xml b/harmony-rs/opnsense-config/src/tests/data/config-structure.xml
new file mode 100644
index 0000000..b67feaa
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/tests/data/config-structure.xml
@@ -0,0 +1,1421 @@
+<?xml version="1.0"?>
+<opnsense>
+  <theme>opnsense</theme>
+  <sysctl>
+    <item>
+      <descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
+      <tunable>vfs.read_max</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set the ephemeral port range to be lower.</descr>
+      <tunable>net.inet.ip.portrange.first</tunable>
+      <value>default</value>
+    </item>
+  </sysctl>
+  <system>
+    <use_mfs_tmp/>
+    <use_mfs_var/>
+    <serialspeed>115200</serialspeed>
+    <primaryconsole>serial</primaryconsole>
+    <secondaryconsole>video</secondaryconsole>
+    <optimization>normal</optimization>
+    <hostname>OPN1</hostname>
+    <domain>somedomain.yourlocal.mcd</domain>
+    <group>
+      <name>admins</name>
+      <description>System Administrators</description>
+      <scope>system</scope>
+      <gid>1999</gid>
+      <member>0</member>
+      <member>2000</member>
+      <priv>page-all</priv>
+    </group>
+    <user>
+      <name>root</name>
+      <descr>System Administrator</descr>
+      <scope>system</scope>
+      <groupname>admins</groupname>
+      <password>$2y$10$5555555555o8dj21980j1doiOIJDIOASJOID!jidjeue19812y</password>
+      <uid>0</uid>
+      <expires/>
+      <authorizedkeys/>
+      <ipsecpsk/>
+      <otp_seed/>
+    </user>
+    <user>
+      <password>$2y$11$55555555556D8198uOASIDJaiojdjd1oijdijosaoijdaoidOIASJDoijdoiadOASdoiK</password>
+      <scope>user</scope>
+      <name>someuser</name>
+      <descr/>
+      <expires/>
+      <authorizedkeys/>
+      <ipsecpsk/>
+      <otp_seed/>
+      <shell>/bin/sh</shell>
+      <uid>2000</uid>
+    </user>
+    <nextuid>2001</nextuid>
+    <nextgid>2000</nextgid>
+    <timezone>Etc/UTC</timezone>
+    <timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
+    <webgui>
+      <protocol>https</protocol>
+      <ssl-certref>6155aba4c9375</ssl-certref>
+      <port/>
+      <ssl-ciphers/>
+      <interfaces/>
+      <compression/>
+    </webgui>
+    <usevirtualterminal>1</usevirtualterminal>
+    <disableconsolemenu>1</disableconsolemenu>
+    <disablevlanhwfilter>1</disablevlanhwfilter>
+    <disablechecksumoffloading>1</disablechecksumoffloading>
+    <disablesegmentationoffloading>1</disablesegmentationoffloading>
+    <disablelargereceiveoffloading>1</disablelargereceiveoffloading>
+    <ipv6allow>1</ipv6allow>
+    <powerd_ac_mode>hadp</powerd_ac_mode>
+    <powerd_battery_mode>hadp</powerd_battery_mode>
+    <powerd_normal_mode>hadp</powerd_normal_mode>
+    <bogons>
+      <interval>monthly</interval>
+    </bogons>
+    <crypto_hardware>aesni</crypto_hardware>
+    <pf_share_forward>1</pf_share_forward>
+    <lb_use_sticky>1</lb_use_sticky>
+    <kill_states>1</kill_states>
+    <ssh>
+      <group>admins</group>
+      <noauto>1</noauto>
+      <interfaces/>
+      <kex/>
+      <ciphers/>
+      <macs/>
+      <keys/>
+      <enabled>enabled</enabled>
+      <passwordauth>1</passwordauth>
+      <keysig/>
+      <permitrootlogin>1</permitrootlogin>
+    </ssh>
+    <firmware version="1.0.1">
+      <mirror/>
+      <flavour/>
+      <plugins>os-ddclient,os-dyndns,os-haproxy,os-wireguard</plugins>
+      <type/>
+      <subscription/>
+    </firmware>
+    <sudo_allow_wheel>1</sudo_allow_wheel>
+    <sudo_allow_group>admins</sudo_allow_group>
+    <enablenatreflectionhelper>yes</enablenatreflectionhelper>
+    <rulesetoptimization>basic</rulesetoptimization>
+    <maximumstates/>
+    <maximumfrags/>
+    <aliasesresolveinterval/>
+    <maximumtableentries/>
+    <language>en_US</language>
+    <dnsserver/>
+    <dns1gw>none</dns1gw>
+    <dns2gw>none</dns2gw>
+    <dns3gw>none</dns3gw>
+    <dns4gw>none</dns4gw>
+    <dns5gw>none</dns5gw>
+    <dns6gw>none</dns6gw>
+    <dns7gw>none</dns7gw>
+    <dns8gw>none</dns8gw>
+    <dnsallowoverride>1</dnsallowoverride>
+    <dnsallowoverride_exclude/>
+  </system>
+  <interfaces>
+    <wan>
+      <if>pppoe0</if>
+      <descr>WAN</descr>
+      <enable>1</enable>
+      <lock>1</lock>
+      <spoofmac/>
+      <blockpriv>1</blockpriv>
+      <blockbogons>1</blockbogons>
+      <ipaddr>pppoe</ipaddr>
+    </wan>
+    <lan>
+      <if>em1</if>
+      <descr>LAN</descr>
+      <enable>1</enable>
+      <spoofmac/>
+      <ipaddr>192.168.20.1</ipaddr>
+      <subnet>24</subnet>
+      <ipaddrv6>track6</ipaddrv6>
+      <track6-interface/>
+      <track6-prefix-id>0</track6-prefix-id>
+    </lan>
+    <lo0>
+      <internal_dynamic>1</internal_dynamic>
+      <descr>Loopback</descr>
+      <enable>1</enable>
+      <if>lo0</if>
+      <ipaddr>127.0.0.1</ipaddr>
+      <ipaddrv6>::1</ipaddrv6>
+      <subnet>8</subnet>
+      <subnetv6>128</subnetv6>
+      <type>none</type>
+      <virtual>1</virtual>
+    </lo0>
+    <opt1>
+      <if>em5</if>
+      <descr>backup_sync</descr>
+      <enable>1</enable>
+      <lock>1</lock>
+      <spoofmac/>
+      <ipaddr>10.10.5.1</ipaddr>
+      <subnet>24</subnet>
+    </opt1>
+    <wireguard>
+      <internal_dynamic>1</internal_dynamic>
+      <descr>WireGuard (Group)</descr>
+      <if>wireguard</if>
+      <virtual>1</virtual>
+      <enable>1</enable>
+      <type>group</type>
+      <networks/>
+    </wireguard>
+    <openvpn>
+      <internal_dynamic>1</internal_dynamic>
+      <enable>1</enable>
+      <if>openvpn</if>
+      <descr>OpenVPN</descr>
+      <type>group</type>
+      <virtual>1</virtual>
+      <networks/>
+    </openvpn>
+  </interfaces>
+  <dhcpd>
+    <lan>
+      <enable>1</enable>
+      <gateway>192.168.20.1</gateway>
+      <domain>somedomain.yourlocal.mcd</domain>
+      <ddnsdomainalgorithm>hmac-md5</ddnsdomainalgorithm>
+      <numberoptions>
+        <item/>
+      </numberoptions>
+      <range>
+        <from>192.168.20.50</from>
+        <to>192.168.20.200</to>
+      </range>
+      <winsserver/>
+      <dnsserver>192.168.20.1</dnsserver>
+      <ntpserver/>
+      <staticmap>
+        <mac>55:55:55:55:55:1c</mac>
+        <ipaddr>192.168.20.160</ipaddr>
+        <hostname>somehost983</hostname>
+        <descr>someservire8</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>55:55:55:55:55:1c</mac>
+        <ipaddr>192.168.20.155</ipaddr>
+        <hostname>somehost893</hostname>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>55:55:55:55:55:1c</mac>
+        <ipaddr>192.168.20.50</ipaddr>
+        <hostname>hostswitch2</hostname>
+        <descr>switch-2 (bottom)</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <pool/>
+    </lan>
+  </dhcpd>
+  <snmpd>
+    <syslocation/>
+    <syscontact/>
+    <rocommunity>public</rocommunity>
+  </snmpd>
+  <syslog>
+    <reverse/>
+    <preservelogs>3</preservelogs>
+  </syslog>
+  <nat>
+    <outbound>
+      <mode>automatic</mode>
+    </outbound>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr/>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_618812d37b8193.31302503</associated-rule-id>
+      <target>host_3</target>
+      <local-port>22</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>55555</port>
+      </destination>
+      <updated>
+        <username>root@192.168.1.118</username>
+        <time>1636307667.506</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.1.118</username>
+        <time>1636307667.506</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr/>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_651ffc35e573d9.09092618</associated-rule-id>
+      <target>192.168.20.140</target>
+      <local-port>22</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>30140</port>
+      </destination>
+      <updated>
+        <username>root@172.12.0.11</username>
+        <time>1696594997.9399</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@172.12.0.11</username>
+        <time>1696594997.9399</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+  </nat>
+  <filter>
+    <rule uuid="36bf9a49-7705-40d4-9ea8-815a215ce007">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>allow public connections to vpn</descr>
+      <direction>in</direction>
+      <category>wireguard</category>
+      <quick>1</quick>
+      <protocol>udp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>51820</port>
+      </destination>
+      <updated>
+        <username>root@192.168.1.118</username>
+        <time>1636306863.2747</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.1.118</username>
+        <time>1636305029.8036</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <associated-rule-id>nat_670979b3279551.73601303</associated-rule-id>
+      <source>
+        <any>1</any>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>192.168.20.1</address>
+        <port>55555</port>
+      </destination>
+      <descr>port forwarding for virtual ip for someservice2 servers</descr>
+      <category/>
+      <created>
+        <username>root@172.12.0.12</username>
+        <time>1728674227.1622</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+      <disabled>1</disabled>
+    </rule>
+  </filter>
+  <load_balancer>
+    <monitor_type>
+      <name>ICMP</name>
+      <type>icmp</type>
+      <descr>ICMP</descr>
+      <options/>
+    </monitor_type>
+    <monitor_type>
+      <name>TCP</name>
+      <type>tcp</type>
+      <descr>Generic TCP</descr>
+      <options/>
+    </monitor_type>
+    <monitor_type>
+      <name>HTTP</name>
+      <type>http</type>
+      <descr>Generic HTTP</descr>
+      <options>
+        <path>/</path>
+        <host/>
+        <code>200</code>
+      </options>
+    </monitor_type>
+  </load_balancer>
+  <ntpd>
+    <prefer>0.opnsense.pool.ntp.org</prefer>
+  </ntpd>
+  <widgets>
+    <sequence>system_information-container:00000000-col3:show,traffic_graphs-container:00000001-col3:show,thermal_sensors-container:00000002-col3:show,log-container:00000003-col3:show,services_status-container:00000004-col4:show,gateways-container:00000005-col4:show,interface_list-container:00000006-col4:show,carp_status-container:00000007-col4:show,wireguard-container:00000008-col4:show,dyn_dns_status-container:00000009-col4:show,system_log-container:00000010-col4:show</sequence>
+    <column_count>2</column_count>
+  </widgets>
+  <revision>
+    <username>root@172.12.0.12</username>
+    <time>1728676391.9878</time>
+    <description>/firewall_nat.php made changes</description>
+  </revision>
+  <OPNsense>
+    <captiveportal version="1.0.1">
+      <zones/>
+      <templates/>
+    </captiveportal>
+    <cron version="1.0.4">
+      <jobs/>
+    </cron>
+    <Netflow version="1.0.1">
+      <capture>
+        <interfaces/>
+        <egress_only/>
+        <version>v9</version>
+        <targets/>
+      </capture>
+      <collect>
+        <enable>0</enable>
+      </collect>
+      <activeTimeout>1800</activeTimeout>
+      <inactiveTimeout>15</inactiveTimeout>
+    </Netflow>
+    <Firewall>
+      <Lvtemplate version="0.0.1">
+        <templates/>
+      </Lvtemplate>
+      <Category version="1.0.0">
+        <categories>
+          <category uuid="1d91d52b-7588-40c5-8c2c-05acdfcf8c1e">
+            <name>wireguard</name>
+            <auto>1</auto>
+            <color/>
+          </category>
+        </categories>
+      </Category>
+      <Alias version="1.0.1">
+        <geoip>
+          <url/>
+        </geoip>
+        <aliases>
+          <alias uuid="298089ad-f84a-4dda-9c10-6653a7464294">
+            <enabled>1</enabled>
+            <name>x3690_3</name>
+            <type>host</type>
+            <proto/>
+            <interface/>
+            <counters>0</counters>
+            <updatefreq/>
+            <content>192.168.1.136</content>
+            <categories/>
+            <description/>
+          </alias>
+          <alias uuid="e80d6d23-a0b0-4432-aff5-b5be0557eb01">
+            <enabled>1</enabled>
+            <name>someservice2_vip</name>
+            <type>host</type>
+            <proto/>
+            <interface/>
+            <counters>0</counters>
+            <updatefreq/>
+            <content>192.168.20.225</content>
+            <categories/>
+            <description>alias for someservice2 vip</description>
+          </alias>
+        </aliases>
+      </Alias>
+    </Firewall>
+    <IDS version="1.0.9">
+      <rules/>
+      <policies/>
+      <userDefinedRules/>
+      <files/>
+      <fileTags/>
+      <general>
+        <enabled>0</enabled>
+        <ips>0</ips>
+        <promisc>0</promisc>
+        <interfaces>wan</interfaces>
+        <homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
+        <defaultPacketSize/>
+        <UpdateCron/>
+        <AlertLogrotate>W0D23</AlertLogrotate>
+        <AlertSaveLogs>4</AlertSaveLogs>
+        <MPMAlgo>ac</MPMAlgo>
+        <detect>
+          <Profile>medium</Profile>
+          <toclient_groups/>
+          <toserver_groups/>
+        </detect>
+        <syslog>0</syslog>
+        <syslog_eve>0</syslog_eve>
+        <LogPayload>0</LogPayload>
+        <verbosity/>
+      </general>
+    </IDS>
+    <IPsec version="1.0.1">
+      <general>
+        <enabled/>
+      </general>
+      <keyPairs/>
+      <preSharedKeys/>
+    </IPsec>
+    <Interfaces>
+      <vxlans version="1.0.1"/>
+      <loopbacks version="1.0.0"/>
+    </Interfaces>
+    <monit version="1.0.12">
+      <general>
+        <enabled>0</enabled>
+        <interval>120</interval>
+        <startdelay>120</startdelay>
+        <mailserver>127.0.0.1</mailserver>
+        <port>25</port>
+        <username/>
+        <password/>
+        <ssl>0</ssl>
+        <sslversion>auto</sslversion>
+        <sslverify>1</sslverify>
+        <logfile>syslog facility log_daemon</logfile>
+        <statefile/>
+        <eventqueuePath/>
+        <eventqueueSlots/>
+        <httpdEnabled>0</httpdEnabled>
+        <httpdUsername>root</httpdUsername>
+        <httpdPassword>oiujds9889DSIJSDIJSDIjdj</httpdPassword>
+        <httpdPort>2812</httpdPort>
+        <httpdAllow/>
+        <mmonitUrl/>
+        <mmonitTimeout>5</mmonitTimeout>
+        <mmonitRegisterCredentials>1</mmonitRegisterCredentials>
+      </general>
+      <alert uuid="d307f1df-e759-4262-a4cd-7b9673f0ad36">
+        <enabled>0</enabled>
+        <recipient>root@localhost.local</recipient>
+        <noton>0</noton>
+        <events/>
+        <format/>
+        <reminder>10</reminder>
+        <description/>
+      </alert>
+      <service uuid="9f01617b-08c1-487d-9c8a-fa1340add37e">
+        <enabled>1</enabled>
+        <name>$HOST</name>
+        <description/>
+        <type>system</type>
+        <pidfile/>
+        <match/>
+        <path/>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>da6083fd-852c-44af-9ae7-8c9de443bbc9,4f18b847-c2ab-4707-9686-bf656e187ab8,62ea6632-3554-43be-bb0b-ceceab685338,f543f50a-4e52-4afd-85ce-95fe6d61dc54</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <test uuid="93365006-3a70-4d80-bab8-72fb9214a51b">
+        <name>Ping</name>
+        <type>NetworkPing</type>
+        <condition>failed ping</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="48a4ae66-c879-40fe-a554-0f354ee67770">
+        <name>NetworkLink</name>
+        <type>NetworkInterface</type>
+        <condition>failed link</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+    </monit>
+    <OpenVPNExport version="0.0.1">
+      <servers/>
+    </OpenVPNExport>
+    <proxy version="1.0.6">
+      <general>
+        <enabled>0</enabled>
+        <error_pages>opnsense</error_pages>
+        <icpPort/>
+        <logging>
+          <enable>
+            <accessLog>1</accessLog>
+            <storeLog>1</storeLog>
+          </enable>
+          <ignoreLogACL/>
+          <target/>
+        </logging>
+        <alternateDNSservers/>
+        <dnsV4First>0</dnsV4First>
+        <forwardedForHandling>on</forwardedForHandling>
+        <uriWhitespaceHandling>strip</uriWhitespaceHandling>
+        <enablePinger>1</enablePinger>
+        <useViaHeader>1</useViaHeader>
+        <suppressVersion>0</suppressVersion>
+        <connecttimeout/>
+        <VisibleEmail>admin@localhost.local</VisibleEmail>
+        <VisibleHostname/>
+        <cache>
+          <local>
+            <enabled>0</enabled>
+            <directory>/var/squid/cache</directory>
+            <cache_mem>256</cache_mem>
+            <maximum_object_size/>
+            <maximum_object_size_in_memory/>
+            <memory_cache_mode>always</memory_cache_mode>
+            <size>100</size>
+            <l1>16</l1>
+            <l2>256</l2>
+            <cache_linux_packages>0</cache_linux_packages>
+            <cache_windows_updates>0</cache_windows_updates>
+          </local>
+        </cache>
+        <traffic>
+          <enabled>0</enabled>
+          <maxDownloadSize>2048</maxDownloadSize>
+          <maxUploadSize>1024</maxUploadSize>
+          <OverallBandwidthTrotteling>1024</OverallBandwidthTrotteling>
+          <perHostTrotteling>256</perHostTrotteling>
+        </traffic>
+        <parentproxy>
+          <enabled>0</enabled>
+          <host/>
+          <enableauth>0</enableauth>
+          <user>username</user>
+          <password>password</password>
+          <port/>
+          <localdomains/>
+          <localips/>
+        </parentproxy>
+      </general>
+      <forward>
+        <interfaces>lan</interfaces>
+        <port>3128</port>
+        <sslbumpport>3129</sslbumpport>
+        <sslbump>0</sslbump>
+        <sslurlonly>0</sslurlonly>
+        <sslcertificate/>
+        <sslnobumpsites/>
+        <ssl_crtd_storage_max_size>4</ssl_crtd_storage_max_size>
+        <sslcrtd_children>5</sslcrtd_children>
+        <snmp_enable>0</snmp_enable>
+        <snmp_port>3401</snmp_port>
+        <snmp_password>public</snmp_password>
+        <ftpInterfaces/>
+        <ftpPort>2121</ftpPort>
+        <ftpTransparentMode>0</ftpTransparentMode>
+        <addACLforInterfaceSubnets>1</addACLforInterfaceSubnets>
+        <transparentMode>0</transparentMode>
+        <acl>
+          <allowedSubnets/>
+          <unrestricted/>
+          <bannedHosts/>
+          <whiteList/>
+          <blackList/>
+          <browser/>
+          <mimeType/>
+          <googleapps/>
+          <youtube/>
+          <safePorts>80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http</safePorts>
+          <sslPorts>443:https</sslPorts>
+          <remoteACLs>
+            <blacklists/>
+            <UpdateCron/>
+          </remoteACLs>
+        </acl>
+        <icap>
+          <enable>0</enable>
+          <RequestURL>icap://[::1]:1344/avscan</RequestURL>
+          <ResponseURL>icap://[::1]:1344/avscan</ResponseURL>
+          <SendClientIP>1</SendClientIP>
+          <SendUsername>0</SendUsername>
+          <EncodeUsername>0</EncodeUsername>
+          <UsernameHeader>X-Username</UsernameHeader>
+          <EnablePreview>1</EnablePreview>
+          <PreviewSize>1024</PreviewSize>
+          <OptionsTTL>60</OptionsTTL>
+          <exclude/>
+        </icap>
+        <authentication>
+          <method/>
+          <authEnforceGroup/>
+          <realm>OPNsense proxy authentication</realm>
+          <credentialsttl>2</credentialsttl>
+          <children>5</children>
+        </authentication>
+      </forward>
+      <pac/>
+      <error_pages>
+        <template/>
+      </error_pages>
+    </proxy>
+    <Syslog version="1.0.1">
+      <general>
+        <enabled>1</enabled>
+      </general>
+      <destinations/>
+    </Syslog>
+    <TrafficShaper version="1.0.3">
+      <pipes/>
+      <queues/>
+      <rules/>
+    </TrafficShaper>
+    <unboundplus version="1.0.8">
+      <general>
+        <enabled>1</enabled>
+        <port>53</port>
+        <stats/>
+        <active_interface/>
+        <dnssec/>
+        <dns64/>
+        <dns64prefix/>
+        <noarecords/>
+        <regdhcp>1</regdhcp>
+        <regdhcpdomain/>
+        <regdhcpstatic>1</regdhcpstatic>
+        <noreglladdr6/>
+        <noregrecords/>
+        <txtsupport/>
+        <cacheflush/>
+        <local_zone_type>transparent</local_zone_type>
+        <outgoing_interface/>
+        <enable_wpad/>
+      </general>
+      <advanced>
+        <hideidentity>0</hideidentity>
+        <hideversion>0</hideversion>
+        <prefetch>0</prefetch>
+        <prefetchkey>0</prefetchkey>
+        <dnssecstripped>0</dnssecstripped>
+        <serveexpired>0</serveexpired>
+        <serveexpiredreplyttl/>
+        <serveexpiredttl/>
+        <serveexpiredttlreset>0</serveexpiredttlreset>
+        <serveexpiredclienttimeout/>
+        <qnameminstrict>0</qnameminstrict>
+        <extendedstatistics>0</extendedstatistics>
+        <logqueries>0</logqueries>
+        <logreplies>0</logreplies>
+        <logtagqueryreply>0</logtagqueryreply>
+        <logservfail/>
+        <loglocalactions/>
+        <logverbosity>1</logverbosity>
+        <valloglevel>0</valloglevel>
+        <privatedomain/>
+        <privateaddress>0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10</privateaddress>
+        <insecuredomain/>
+        <msgcachesize/>
+        <rrsetcachesize/>
+        <outgoingnumtcp/>
+        <incomingnumtcp/>
+        <numqueriesperthread/>
+        <outgoingrange/>
+        <jostletimeout/>
+        <cachemaxttl/>
+        <cachemaxnegativettl/>
+        <cacheminttl/>
+        <infrahostttl/>
+        <infrakeepprobing/>
+        <infracachenumhosts/>
+        <unwantedreplythreshold/>
+      </advanced>
+      <acls>
+        <default_action>allow</default_action>
+      </acls>
+      <dnsbl>
+        <enabled>0</enabled>
+        <safesearch/>
+        <type/>
+        <lists/>
+        <whitelists/>
+        <blocklists/>
+        <wildcards/>
+        <address/>
+        <nxdomain>0</nxdomain>
+      </dnsbl>
+      <forwarding>
+        <enabled>0</enabled>
+      </forwarding>
+      <dots/>
+      <hosts>
+        <host uuid="a681fc39-70fa-4cf1-9331-79f5cbf9048f">
+          <enabled>1</enabled>
+          <hostname>api</hostname>
+          <domain>someapp.yourdomain.local.mcd</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <server>192.168.20.161</server>
+          <description>Some app local</description>
+        </host>
+        <host uuid="dd593e95-02bc-476f-8610-fa1ee454e950">
+          <enabled>1</enabled>
+          <hostname>api-int</hostname>
+          <domain>someapp.yourdomain.local.mcd</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <server>192.168.20.161</server>
+          <description>Some app local</description>
+        </host>
+        <host uuid="e1606f96-dd38-471f-a3d7-ad25e41e810d">
+          <enabled>1</enabled>
+          <hostname>*</hostname>
+          <domain>someapp.yourdomain.local.mcd</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <server>192.168.20.161</server>
+          <description>Some app local</description>
+        </host>
+      </hosts>
+      <aliases/>
+      <domains/>
+    </unboundplus>
+    <wireguard>
+      <general version="0.0.1">
+        <enabled>1</enabled>
+      </general>
+      <server version="0.0.4">
+        <servers>
+          <server uuid="3ec7bf83-b3b7-4fba-b4f2-a96dafbfb162">
+            <enabled>1</enabled>
+            <name>publicwg</name>
+            <instance>0</instance>
+            <pubkey>89udsjiuod109jadsSUIDSAUIduhashuiauas/asdkj=</pubkey>
+            <privkey>eH555555555555555+892jdjiodsjiodsoijsdjiodj=</privkey>
+            <port>51820</port>
+            <mtu/>
+            <dns/>
+            <tunneladdress>172.12.0.1/24</tunneladdress>
+            <disableroutes>0</disableroutes>
+            <gateway/>
+            <carp_depend_on/>
+            <peers>03031aec-2e84-462e-9eab-57762dde667a,98e6ca3d-1de9-449b-be80-77022221b509,67c0ace5-e802-4d2b-a536-f8b7a2db6f99,74b60fff-7844-4097-9966-f1c2b1ad29ff,3de82ad5-bc1b-4b91-9598-f906e58ac937,a95e6b5e-24a4-40b5-bb41-b79e784f6f1c,6c9a12c6-c1ca-4c14-866b-975406a30590,c33b308b-7125-4688-9561-989ace8787b5,e43f004a-23bf-4027-8fb0-953fbb40479f</peers>
+          </server>
+        </servers>
+      </server>
+      <client version="0.0.7">
+        <clients>
+          <client uuid="98e6ca3d-1de9-449b-be80-77022221b509">
+            <enabled>1</enabled>
+            <name>some-laptop</name>
+            <pubkey>95555555555555555555555555555FN2aCHemL3RjA8=</pubkey>
+            <psk/>
+            <tunneladdress>172.12.0.8/32</tunneladdress>
+            <serveraddress/>
+            <serverport/>
+            <keepalive/>
+          </client>
+          <client uuid="74b60fff-7844-4097-9966-f1c2b1ad29ff">
+            <enabled>1</enabled>
+            <name>user2</name>
+            <pubkey>pJ555555555555555555xiUxuJof78XXugx1KUrrYg8=</pubkey>
+            <psk/>
+            <tunneladdress>172.12.0.6/32</tunneladdress>
+            <serveraddress/>
+            <serverport/>
+            <keepalive/>
+          </client>
+          <client uuid="67c0ace5-e802-4d2b-a536-f8b7a2db6f99">
+            <enabled>1</enabled>
+            <name>some-phone</name>
+            <pubkey>SLQXdM/555555555555555555MWhR2WSEkaSXh1ZpXU=</pubkey>
+            <psk/>
+            <tunneladdress>172.12.0.9/32</tunneladdress>
+            <serveraddress/>
+            <serverport/>
+            <keepalive/>
+          </client>
+        </clients>
+      </client>
+    </wireguard>
+    <Swanctl version="1.0.0">
+      <Connections/>
+      <locals/>
+      <remotes/>
+      <children/>
+      <Pools/>
+      <VTIs/>
+      <SPDs/>
+    </Swanctl>
+    <DynDNS version="1.5.1">
+      <general>
+        <enabled>1</enabled>
+        <verbose>0</verbose>
+        <allowipv6>0</allowipv6>
+        <daemon_delay>300</daemon_delay>
+        <backend>ddclient</backend>
+      </general>
+      <accounts>
+        <account uuid="5be8a905-3cde-4e34-b16c-e53623146c95">
+          <enabled>1</enabled>
+          <service>someddnsprovider</service>
+          <protocol/>
+          <server/>
+          <username>someusername.com</username>
+          <password>55555555555555555555555555555dsi</password>
+          <resourceId/>
+          <hostnames>yourpublic.host.com</hostnames>
+          <wildcard>0</wildcard>
+          <zone/>
+          <checkip>if</checkip>
+          <checkip_timeout>10</checkip_timeout>
+          <force_ssl>1</force_ssl>
+          <ttl>300</ttl>
+          <interface>wan</interface>
+          <description>yourpublic.host.com</description>
+        </account>
+      </accounts>
+    </DynDNS>
+    <OpenVPN version="1.0.0">
+      <Overwrites/>
+      <Instances/>
+      <StaticKeys/>
+    </OpenVPN>
+    <Gateways version="0.0.1"/>
+    <HAProxy version="4.0.0">
+      <general>
+        <enabled>1</enabled>
+        <gracefulStop>0</gracefulStop>
+        <hardStopAfter>60s</hardStopAfter>
+        <closeSpreadTime/>
+        <seamlessReload>0</seamlessReload>
+        <storeOcsp>0</storeOcsp>
+        <showIntro>1</showIntro>
+        <peers>
+          <enabled>0</enabled>
+          <name1/>
+          <listen1/>
+          <port1>1024</port1>
+          <name2/>
+          <listen2/>
+          <port2>1024</port2>
+        </peers>
+        <tuning>
+          <root>0</root>
+          <maxConnections/>
+          <nbthread>1</nbthread>
+          <sslServerVerify>ignore</sslServerVerify>
+          <maxDHSize>2048</maxDHSize>
+          <bufferSize>16384</bufferSize>
+          <spreadChecks>2</spreadChecks>
+          <bogusProxyEnabled>0</bogusProxyEnabled>
+          <luaMaxMem>0</luaMaxMem>
+          <customOptions/>
+          <ssl_defaultsEnabled>0</ssl_defaultsEnabled>
+          <ssl_bindOptions>prefer-client-ciphers</ssl_bindOptions>
+          <ssl_minVersion>TLSv1.2</ssl_minVersion>
+          <ssl_maxVersion/>
+          <ssl_cipherList>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256</ssl_cipherList>
+          <ssl_cipherSuites>TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256</ssl_cipherSuites>
+        </tuning>
+        <defaults>
+          <maxConnections/>
+          <maxConnectionsServers/>
+          <timeoutClient>30s</timeoutClient>
+          <timeoutConnect>30s</timeoutConnect>
+          <timeoutCheck/>
+          <timeoutServer>30s</timeoutServer>
+          <retries>3</retries>
+          <redispatch>x-1</redispatch>
+          <init_addr>last,libc</init_addr>
+          <customOptions/>
+        </defaults>
+        <logging>
+          <host>127.0.0.1</host>
+          <facility>local0</facility>
+          <level>info</level>
+          <length/>
+        </logging>
+        <stats>
+          <enabled>0</enabled>
+          <port>8822</port>
+          <remoteEnabled>0</remoteEnabled>
+          <remoteBind/>
+          <authEnabled>0</authEnabled>
+          <users/>
+          <allowedUsers/>
+          <allowedGroups/>
+          <customOptions/>
+          <prometheus_enabled>0</prometheus_enabled>
+          <prometheus_bind>*:8404</prometheus_bind>
+          <prometheus_path>/metrics</prometheus_path>
+        </stats>
+        <cache>
+          <enabled>0</enabled>
+          <totalMaxSize>4</totalMaxSize>
+          <maxAge>60</maxAge>
+          <maxObjectSize/>
+          <processVary>0</processVary>
+          <maxSecondaryEntries>10</maxSecondaryEntries>
+        </cache>
+      </general>
+      <frontends>
+        <frontend uuid="379ce7bf-4df6-4b12-8aee-a32cff084d92">
+          <id>6707fe74642f67.52019899</id>
+          <enabled>1</enabled>
+          <name>some-ingress</name>
+          <description>public service redirecting traffic</description>
+          <bind>192.168.20.55:55555</bind>
+          <bindOptions/>
+          <mode>tcp</mode>
+          <defaultBackend>f0c76bef-8623-4fa8-a992-61f83d504b87</defaultBackend>
+          <ssl_enabled>0</ssl_enabled>
+          <ssl_certificates/>
+          <ssl_default_certificate/>
+          <ssl_customOptions/>
+          <ssl_advancedEnabled>0</ssl_advancedEnabled>
+          <ssl_bindOptions>prefer-client-ciphers</ssl_bindOptions>
+          <ssl_minVersion>TLSv1.2</ssl_minVersion>
+          <ssl_maxVersion/>
+          <ssl_cipherList>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256</ssl_cipherList>
+          <ssl_cipherSuites>TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256</ssl_cipherSuites>
+          <ssl_hstsEnabled>1</ssl_hstsEnabled>
+          <ssl_hstsIncludeSubDomains>0</ssl_hstsIncludeSubDomains>
+          <ssl_hstsPreload>0</ssl_hstsPreload>
+          <ssl_hstsMaxAge>15768000</ssl_hstsMaxAge>
+          <ssl_clientAuthEnabled>0</ssl_clientAuthEnabled>
+          <ssl_clientAuthVerify>required</ssl_clientAuthVerify>
+          <ssl_clientAuthCAs/>
+          <ssl_clientAuthCRLs/>
+          <basicAuthEnabled>0</basicAuthEnabled>
+          <basicAuthUsers/>
+          <basicAuthGroups/>
+          <tuning_maxConnections/>
+          <tuning_timeoutClient/>
+          <tuning_timeoutHttpReq/>
+          <tuning_timeoutHttpKeepAlive/>
+          <linkedCpuAffinityRules/>
+          <tuning_shards/>
+          <logging_dontLogNull>0</logging_dontLogNull>
+          <logging_dontLogNormal>0</logging_dontLogNormal>
+          <logging_logSeparateErrors>0</logging_logSeparateErrors>
+          <logging_detailedLog>0</logging_detailedLog>
+          <logging_socketStats>0</logging_socketStats>
+          <stickiness_pattern/>
+          <stickiness_dataTypes/>
+          <stickiness_expire>30m</stickiness_expire>
+          <stickiness_size>50k</stickiness_size>
+          <stickiness_counter>1</stickiness_counter>
+          <stickiness_counter_key>src</stickiness_counter_key>
+          <stickiness_length/>
+          <stickiness_connRatePeriod>10s</stickiness_connRatePeriod>
+          <stickiness_sessRatePeriod>10s</stickiness_sessRatePeriod>
+          <stickiness_httpReqRatePeriod>10s</stickiness_httpReqRatePeriod>
+          <stickiness_httpErrRatePeriod>10s</stickiness_httpErrRatePeriod>
+          <stickiness_bytesInRatePeriod>1m</stickiness_bytesInRatePeriod>
+          <stickiness_bytesOutRatePeriod>1m</stickiness_bytesOutRatePeriod>
+          <http2Enabled>0</http2Enabled>
+          <http2Enabled_nontls>0</http2Enabled_nontls>
+          <advertised_protocols>h2,http11</advertised_protocols>
+          <forwardFor>0</forwardFor>
+          <prometheus_enabled>0</prometheus_enabled>
+          <prometheus_path>/metrics</prometheus_path>
+          <connectionBehaviour>http-keep-alive</connectionBehaviour>
+          <customOptions/>
+          <linkedActions/>
+          <linkedErrorfiles/>
+        </frontend>
+        <frontend uuid="e5cdd687-92a0-46a1-93c0-7b26431fea92">
+          <id>670979396dea69.72299427</id>
+          <enabled>0</enabled>
+          <name>another-ingress</name>
+          <description>public service redirecting traffic with non descriptive description</description>
+          <bind>192.168.20.1:55555</bind>
+          <bindOptions/>
+          <mode>tcp</mode>
+          <defaultBackend>f0c76bef-8623-4fa8-a992-61f83d504b87</defaultBackend>
+          <ssl_enabled>0</ssl_enabled>
+          <ssl_certificates/>
+          <ssl_default_certificate/>
+          <ssl_customOptions/>
+          <ssl_advancedEnabled>0</ssl_advancedEnabled>
+          <ssl_bindOptions>prefer-client-ciphers</ssl_bindOptions>
+          <ssl_minVersion>TLSv1.2</ssl_minVersion>
+          <ssl_maxVersion/>
+          <ssl_cipherList>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256</ssl_cipherList>
+          <ssl_cipherSuites>TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256</ssl_cipherSuites>
+          <ssl_hstsEnabled>1</ssl_hstsEnabled>
+          <ssl_hstsIncludeSubDomains>0</ssl_hstsIncludeSubDomains>
+          <ssl_hstsPreload>0</ssl_hstsPreload>
+          <ssl_hstsMaxAge>15768000</ssl_hstsMaxAge>
+          <ssl_clientAuthEnabled>0</ssl_clientAuthEnabled>
+          <ssl_clientAuthVerify>required</ssl_clientAuthVerify>
+          <ssl_clientAuthCAs/>
+          <ssl_clientAuthCRLs/>
+          <basicAuthEnabled>0</basicAuthEnabled>
+          <basicAuthUsers/>
+          <basicAuthGroups/>
+          <tuning_maxConnections/>
+          <tuning_timeoutClient/>
+          <tuning_timeoutHttpReq/>
+          <tuning_timeoutHttpKeepAlive/>
+          <linkedCpuAffinityRules/>
+          <tuning_shards/>
+          <logging_dontLogNull>0</logging_dontLogNull>
+          <logging_dontLogNormal>0</logging_dontLogNormal>
+          <logging_logSeparateErrors>0</logging_logSeparateErrors>
+          <logging_detailedLog>0</logging_detailedLog>
+          <logging_socketStats>0</logging_socketStats>
+          <stickiness_pattern/>
+          <stickiness_dataTypes/>
+          <stickiness_expire>30m</stickiness_expire>
+          <stickiness_size>50k</stickiness_size>
+          <stickiness_counter>1</stickiness_counter>
+          <stickiness_counter_key>src</stickiness_counter_key>
+          <stickiness_length/>
+          <stickiness_connRatePeriod>10s</stickiness_connRatePeriod>
+          <stickiness_sessRatePeriod>10s</stickiness_sessRatePeriod>
+          <stickiness_httpReqRatePeriod>10s</stickiness_httpReqRatePeriod>
+          <stickiness_httpErrRatePeriod>10s</stickiness_httpErrRatePeriod>
+          <stickiness_bytesInRatePeriod>1m</stickiness_bytesInRatePeriod>
+          <stickiness_bytesOutRatePeriod>1m</stickiness_bytesOutRatePeriod>
+          <http2Enabled>0</http2Enabled>
+          <http2Enabled_nontls>0</http2Enabled_nontls>
+          <advertised_protocols>h2,http11</advertised_protocols>
+          <forwardFor>0</forwardFor>
+          <prometheus_enabled>0</prometheus_enabled>
+          <prometheus_path>/metrics</prometheus_path>
+          <connectionBehaviour>http-keep-alive</connectionBehaviour>
+          <customOptions/>
+          <linkedActions/>
+          <linkedErrorfiles/>
+        </frontend>
+      </frontends>
+      <backends>
+        <backend uuid="f0c76bef-8623-4fa8-a992-61f83d504b87">
+          <id>6707fa71c3cb99.64451664</id>
+          <enabled>1</enabled>
+          <name>some_servers</name>
+          <description/>
+          <mode>tcp</mode>
+          <algorithm>roundrobin</algorithm>
+          <random_draws>2</random_draws>
+          <proxyProtocol/>
+          <linkedServers>c0364e69-459d-48b2-a1d1-808324fea9cb,187d8b79-4376-45fc-9fd7-476074a7a577</linkedServers>
+          <linkedFcgi/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <source/>
+          <healthCheckEnabled>1</healthCheckEnabled>
+          <healthCheck>5110db0c-afa9-4bad-bbbe-5bbeb52262bb</healthCheck>
+          <healthCheckLogStatus>0</healthCheckLogStatus>
+          <checkInterval/>
+          <checkDownInterval/>
+          <healthCheckFall/>
+          <healthCheckRise/>
+          <linkedMailer/>
+          <http2Enabled>0</http2Enabled>
+          <http2Enabled_nontls>0</http2Enabled_nontls>
+          <ba_advertised_protocols>h2,http11</ba_advertised_protocols>
+          <persistence>sticktable</persistence>
+          <persistence_cookiemode>piggyback</persistence_cookiemode>
+          <persistence_cookiename>SRVCOOKIE</persistence_cookiename>
+          <persistence_stripquotes>1</persistence_stripquotes>
+          <stickiness_pattern>sourceipv4</stickiness_pattern>
+          <stickiness_dataTypes/>
+          <stickiness_expire>30m</stickiness_expire>
+          <stickiness_size>50k</stickiness_size>
+          <stickiness_cookiename/>
+          <stickiness_cookielength/>
+          <stickiness_connRatePeriod>10s</stickiness_connRatePeriod>
+          <stickiness_sessRatePeriod>10s</stickiness_sessRatePeriod>
+          <stickiness_httpReqRatePeriod>10s</stickiness_httpReqRatePeriod>
+          <stickiness_httpErrRatePeriod>10s</stickiness_httpErrRatePeriod>
+          <stickiness_bytesInRatePeriod>1m</stickiness_bytesInRatePeriod>
+          <stickiness_bytesOutRatePeriod>1m</stickiness_bytesOutRatePeriod>
+          <basicAuthEnabled>0</basicAuthEnabled>
+          <basicAuthUsers/>
+          <basicAuthGroups/>
+          <tuning_timeoutConnect/>
+          <tuning_timeoutCheck/>
+          <tuning_timeoutServer/>
+          <tuning_retries/>
+          <customOptions/>
+          <tuning_defaultserver/>
+          <tuning_noport>0</tuning_noport>
+          <tuning_httpreuse>safe</tuning_httpreuse>
+          <tuning_caching>0</tuning_caching>
+          <linkedActions/>
+          <linkedErrorfiles/>
+        </backend>
+      </backends>
+      <servers>
+        <server uuid="c0364e69-459d-48b2-a1d1-808324fea9cb">
+          <id>6707f9a980b271.59222580</id>
+          <enabled>1</enabled>
+          <name>server1</name>
+          <description>server running on host</description>
+          <address>192.168.20.55</address>
+          <port>55555</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol>unspecified</multiplexer_protocol>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>1</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <weight>33</weight>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+        <server uuid="187d8b79-4376-45fc-9fd7-476074a7a577">
+          <id>6707faa46d5f57.14318783</id>
+          <enabled>1</enabled>
+          <name>server2</name>
+          <description>server running something</description>
+          <address>192.168.20.155</address>
+          <port>55555</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol>unspecified</multiplexer_protocol>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>1</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <weight>67</weight>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+      </servers>
+      <healthchecks>
+        <healthcheck uuid="5110db0c-afa9-4bad-bbbe-5bbeb52262bb">
+          <name>server-loadbalancer-monitor</name>
+          <description/>
+          <type>tcp</type>
+          <interval>2s</interval>
+          <ssl>nopref</ssl>
+          <sslSNI/>
+          <force_ssl>0</force_ssl>
+          <checkport/>
+          <http_method>options</http_method>
+          <http_uri>/</http_uri>
+          <http_version>http10</http_version>
+          <http_host>localhost</http_host>
+          <http_expressionEnabled>0</http_expressionEnabled>
+          <http_expression/>
+          <http_negate>0</http_negate>
+          <http_value/>
+          <tcp_enabled>0</tcp_enabled>
+          <tcp_sendValue/>
+          <tcp_matchType>string</tcp_matchType>
+          <tcp_negate>0</tcp_negate>
+          <tcp_matchValue/>
+          <agentPort/>
+          <mysql_user/>
+          <mysql_post41>0</mysql_post41>
+          <pgsql_user/>
+          <smtp_domain/>
+          <esmtp_domain/>
+          <dbUser/>
+        </healthcheck>
+      </healthchecks>
+      <acls/>
+      <actions/>
+      <luas/>
+      <fcgis/>
+      <errorfiles/>
+      <mapfiles/>
+      <groups/>
+      <users/>
+      <cpus/>
+      <resolvers/>
+      <mailers/>
+      <maintenance>
+        <cronjobs>
+          <syncCerts>0</syncCerts>
+          <syncCertsCron/>
+          <updateOcsp>0</updateOcsp>
+          <updateOcspCron/>
+          <reloadService>0</reloadService>
+          <reloadServiceCron/>
+          <restartService>0</restartService>
+          <restartServiceCron/>
+        </cronjobs>
+      </maintenance>
+    </HAProxy>
+  </OPNsense>
+  <staticroutes version="1.0.0">
+    <route/>
+  </staticroutes>
+  <ca/>
+  <gateways>
+    <gateway_item/>
+  </gateways>
+  <cert>
+    <refid>6155aba4c9375</refid>
+    <descr>Web GUI TLS certificate</descr>
+    <crt>LtCg==</crt>
+    <prv>L22o=</prv>
+  </cert>
+  <dhcpdv6/>
+  <virtualip version="1.0.0">
+    <vip uuid="756c3b4a-f61a-4406-8776-383bc429a5b3">
+      <interface>wan</interface>
+      <mode>ipalias</mode>
+      <subnet>192.168.20.155</subnet>
+      <subnet_bits>32</subnet_bits>
+      <gateway>10.11.16.17</gateway>
+      <noexpand>0</noexpand>
+      <nobind>0</nobind>
+      <password/>
+      <vhid/>
+      <advbase>1</advbase>
+      <advskew>0</advskew>
+      <descr>virtual ip for service</descr>
+    </vip>
+  </virtualip>
+  <openvpn>
+    <openvpn-server/>
+    <openvpn-client/>
+  </openvpn>
+  <ppps>
+    <ppp>
+      <ptpid>0</ptpid>
+      <type>pppoe</type>
+      <if>pppoe0</if>
+      <ports>em0</ports>
+      <username>someuser@ppoeserver.com</username>
+      <password>5555555555AyNA==</password>
+    </ppp>
+  </ppps>
+  <dyndnses>
+    <dyndns>
+      <type>someddnsprovider</type>
+      <username/>
+      <password>5555555555ee479874398u1298e98u18</password>
+      <host>yourpublic.host.com</host>
+      <mx/>
+      <interface>wan</interface>
+      <zoneid/>
+      <resourceid/>
+      <ttl/>
+      <updateurl/>
+      <resultmatch/>
+      <requestif>wan</requestif>
+      <descr/>
+      <id>0</id>
+    </dyndns>
+  </dyndnses>
+  <vlans version="1.0.0">
+    <vlan/>
+  </vlans>
+  <bridges>
+    <bridged/>
+  </bridges>
+  <gifs>
+    <gif/>
+  </gifs>
+  <gres>
+    <gre/>
+  </gres>
+  <laggs version="1.0.0"/>
+  <wireless>
+    <clone/>
+  </wireless>
+  <hasync>
+    <synchronizealiases>on</synchronizealiases>
+    <synchronizeauthservers>on</synchronizeauthservers>
+    <synchronizecerts>on</synchronizecerts>
+    <synchronizedhcpd>on</synchronizedhcpd>
+    <synchronizenat>on</synchronizenat>
+    <synchronizerules>on</synchronizerules>
+    <synchronizeschedules>on</synchronizeschedules>
+    <synchronizestaticroutes>on</synchronizestaticroutes>
+    <synchronizeusers>on</synchronizeusers>
+    <synchronizevirtualip>on</synchronizevirtualip>
+    <synchronizewidgets>on</synchronizewidgets>
+    <synchronizedhcrelay>on</synchronizedhcrelay>
+    <synchronizedhcpdv6>on</synchronizedhcpdv6>
+    <synchronizedhcrelay6>on</synchronizedhcrelay6>
+    <synchronizentpd>on</synchronizentpd>
+    <synchronizesyslog>on</synchronizesyslog>
+    <synchronizecron>on</synchronizecron>
+    <synchronizesysctl>on</synchronizesysctl>
+    <synchronizewebgui>on</synchronizewebgui>
+    <synchronizednsforwarder>on</synchronizednsforwarder>
+    <synchronizeshaper>on</synchronizeshaper>
+    <synchronizecaptiveportal>on</synchronizecaptiveportal>
+    <synchronizeipsec>on</synchronizeipsec>
+    <synchronizemonit>on</synchronizemonit>
+    <synchronizessh>on</synchronizessh>
+    <synchronizeopenvpn>on</synchronizeopenvpn>
+    <synchronizeifgroups>on</synchronizeifgroups>
+    <synchronizecategories>on</synchronizecategories>
+    <synchronizelvtemplate>on</synchronizelvtemplate>
+    <synchronizesquid>on</synchronizesquid>
+    <synchronizesuricata>on</synchronizesuricata>
+    <synchronizednsresolver>on</synchronizednsresolver>
+    <pfsyncinterface>opt1</pfsyncinterface>
+    <synchronizetoip>10.10.5.2</synchronizetoip>
+    <username>root</username>
+    <password>555555555</password>
+    <pfsyncenabled>on</pfsyncenabled>
+    <disablepreempt>on</disablepreempt>
+    <disconnectppps>on</disconnectppps>
+  </hasync>
+  <ifgroups version="1.0.0"/>
+</opnsense>

From ebdc83b21b881ecd98c0a9ed8172602701ec0247 Mon Sep 17 00:00:00 2001
From: Jean-Gabriel Gill-Couture <jeangabriel.gc@gmail.com>
Date: Sun, 20 Oct 2024 07:39:41 -0400
Subject: [PATCH 08/19] wip: RawXml ser/de works well, still a few more complex
 cases to test but seems good wnough for the opnsense config case

---
 harmony-rs/opnsense-config/src/config.rs      |  11 +-
 .../opnsense-config/src/infra/generic_xml.rs  | 249 ++++++++++++++++++
 harmony-rs/opnsense-config/src/infra/mod.rs   |   3 +
 harmony-rs/opnsense-config/src/lib.rs         |   1 +
 .../src/modules/deserializer/interfaces.rs    |   5 +-
 .../opnsense-config/src/modules/opnsense.rs   |  70 ++---
 6 files changed, 302 insertions(+), 37 deletions(-)
 create mode 100644 harmony-rs/opnsense-config/src/infra/generic_xml.rs
 create mode 100644 harmony-rs/opnsense-config/src/infra/mod.rs

diff --git a/harmony-rs/opnsense-config/src/config.rs b/harmony-rs/opnsense-config/src/config.rs
index 6d26b65..79829c6 100644
--- a/harmony-rs/opnsense-config/src/config.rs
+++ b/harmony-rs/opnsense-config/src/config.rs
@@ -181,11 +181,20 @@ mod tests {
         let config_file_path = test_file_path.to_str().unwrap().to_string();
         println!("File path {config_file_path}");
         let repository = Box::new(LocalFileConfigRepository::new(config_file_path));
+        let config_file_str = repository.load().await.unwrap();
         let config = Config::new(repository)
             .await
             .expect("Failed to load config");
 
         println!("Config {:?}", config);
-        assert!(false);
+
+        let yaserde_cfg = yaserde::ser::Config { perform_indent: true,
+        .. Default::default()
+        };
+        let serialized = yaserde::ser::to_string_with_config(&config.opnsense, &yaserde_cfg).unwrap();
+
+        fs::write("/tmp/serialized.xml", &serialized).unwrap();
+        assert_eq!(config_file_str, serialized);
     }
+
 }
diff --git a/harmony-rs/opnsense-config/src/infra/generic_xml.rs b/harmony-rs/opnsense-config/src/infra/generic_xml.rs
new file mode 100644
index 0000000..6e1d1a5
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/infra/generic_xml.rs
@@ -0,0 +1,249 @@
+use xml::reader::{EventReader, XmlEvent as ReadEvent};
+use xml::writer::{EventWriter, XmlEvent as WriteEvent};
+use yaserde::{ser, YaDeserialize as YaDeserializeTrait, YaSerialize as YaSerializeTrait};
+use yaserde_derive::{YaDeserialize, YaSerialize};
+
+#[derive(Debug, PartialEq, Default, YaDeserialize)]
+pub struct Parent {
+    //    pub rawxml_child: RawXml,
+    pub string_child: String,
+    pub child_child: Child,
+}
+
+#[derive(Debug, PartialEq, Default, YaDeserialize)]
+pub struct Child {
+    pub child_val: String,
+    pub child_val2: String,
+    pub child_option: Option<String>,
+}
+
+#[derive(Debug, PartialEq, Default)]
+pub struct RawXml(String);
+
+impl YaDeserializeTrait for RawXml {
+    fn deserialize<R: std::io::Read>(
+        reader: &mut yaserde::de::Deserializer<R>,
+    ) -> Result<Self, String> {
+        let mut buffer = String::new();
+        let mut depth = 0;
+
+        let own_name = match reader.peek()? {
+            ReadEvent::StartElement { name, .. } => name.local_name.clone(),
+            _ => return Err("RawXml Should start deserializing with StartElement".to_string()),
+        };
+        println!("RawXml deserialize from root element name : {own_name}");
+        loop {
+            let current_event = reader.peek()?.to_owned();
+            match current_event.clone() {
+                ReadEvent::StartElement {
+                    name, attributes, ..
+                } => {
+                    println!("StartElement {name} depth {depth}");
+                    depth += 1;
+                    let mut attr_string = String::new();
+                    attributes.iter().for_each(|a| {
+                        attr_string.push_str(&format!(r#" {}="{}""#, &a.name, &a.value));
+                    });
+                    buffer.push_str(&format!("<{}{}>", name, attr_string));
+                    let _event = reader.next_event()?;
+                }
+                ReadEvent::EndElement { name } => {
+                    println!("EndElement {name} depth {depth}");
+                    depth -= 1;
+                    buffer.push_str(&format!("</{}>", name));
+                    println!(
+                        "Checking if name.local_name {} matches own_name {} at depth {depth}",
+                        &name.local_name, &own_name
+                    );
+                    if name.local_name == own_name && depth == 0 {
+                        println!(
+                            "Found next EndElement is closing my struct, breaking out of loop"
+                        );
+                        break;
+                    } else {
+                        let _event = reader.next_event()?;
+                    }
+                }
+                ReadEvent::Characters(content) => {
+                    println!("Characters {content} depth {depth}");
+                    buffer.push_str(&content);
+                    let _event = reader.next_event()?;
+                }
+                ReadEvent::StartDocument {
+                    version,
+                    encoding,
+                    standalone,
+                } => todo!(
+                    "StartDocument {:?} {:?} {:?}",
+                    version,
+                    encoding,
+                    standalone
+                ),
+                ReadEvent::EndDocument => todo!(),
+                ReadEvent::ProcessingInstruction { name, data } => {
+                    todo!("ProcessingInstruction {:?}, {:?}", name, data)
+                }
+                ReadEvent::CData(cdata) => todo!("CData, {:?}", cdata),
+                ReadEvent::Comment(comment) => todo!("Comment, {:?}", comment),
+                ReadEvent::Whitespace(whitespace) => todo!("Whitespace, {:?}", whitespace),
+            }
+            let next = reader.peek()?;
+            println!(
+                "Processing done on \ncurrent_event : {:?} \nnext : {:?}",
+                &current_event, &next
+            );
+        }
+
+        println!("buffered events {buffer}");
+
+        Ok(RawXml(buffer))
+    }
+}
+
+impl YaSerializeTrait for RawXml {
+    fn serialize<W: std::io::Write>(&self, writer: &mut ser::Serializer<W>) -> Result<(), String> {
+        let content = self.0.clone();
+        let content = xml::EventReader::from_str(content.as_str());
+        let mut reader = yaserde::de::Deserializer::new(content);
+        loop {
+            let e = reader.next_event()?;
+            if let ReadEvent::EndDocument = e {
+                break;
+            }
+            writer
+                .write(e.as_writer_event().unwrap())
+                .expect("Writer should write write event");
+        }
+        Ok(())
+    }
+
+    fn serialize_attributes(
+        &self,
+        attributes: Vec<xml::attribute::OwnedAttribute>,
+        namespace: xml::namespace::Namespace,
+    ) -> Result<
+        (
+            Vec<xml::attribute::OwnedAttribute>,
+            xml::namespace::Namespace,
+        ),
+        String,
+    > {
+        todo!()
+    }
+}
+// impl YaSerializeTrait for RawXml {
+//     fn serialize<W: std::io::Write>(
+//         &self,
+//         writer: &mut yaserde::ser::Serializer<W>,
+//     ) -> Result<(), String> {
+//         let mut reader = EventReader::from_str(&self.0);
+//         loop {
+//             match reader.next() {
+//                 Ok(ReadEvent::StartElement {
+//                     name,
+//                     attributes,
+//                     namespace,
+//                 }) => {
+//                     let write = WriteEvent::from(reader.next().unwrap());
+//                     writer
+//                         .write(WriteEvent::StartElement {
+//                             name: name.clone(),
+//                             attributes: attributes.clone(),
+//                             namespace: namespace.clone(),
+//                         })
+//                         .map_err(|e| e.to_string())?;
+//                 }
+//                 Ok(ReadEvent::EndElement { name }) => {
+//                     writer
+//                         .write(WriteEvent::EndElement { name: Some(name) })
+//                         .map_err(|e| e.to_string())?;
+//                 }
+//                 Ok(ReadEvent::Characters(content)) => {
+//                     writer
+//                         .write(WriteEvent::Characters(&content))
+//                         .map_err(|e| e.to_string())?;
+//                 }
+//                 Ok(ReadEvent::Eof) => break,
+//                 Err(e) => return Err(e.to_string()),
+//                 _ => {}
+//             }
+//         }
+//         Ok(())
+//     }
+// }
+//
+#[test]
+fn rawxml_should_buffer_empty_element() {
+    let rawxml: RawXml = yaserde::de::from_str("<something/>").unwrap();
+    assert_eq!(rawxml.0, String::from("<something></something>"));
+}
+
+#[test]
+fn rawxml_should_buffer_elements_with_different_case_as_they_are() {
+    let xml = "<xml><Some_thing></Some_thing><something></something></xml>";
+    let rawxml: RawXml = yaserde::de::from_str(xml).unwrap();
+    assert_eq!(rawxml.0, String::from(xml));
+}
+
+#[test]
+fn rawxml_should_buffer_elements_with_attributes() {
+    let xml = r#"<xml version="ababa"><Some_thing></Some_thing><something></something></xml>"#;
+    let rawxml: RawXml = yaserde::de::from_str(xml).unwrap();
+    assert_eq!(rawxml.0, String::from(xml));
+}
+
+#[test]
+fn rawxml_should_handle_complex_documents() {
+    let xml = r#"<xml><OpenVPN version="1.0.0"><Overwrites></Overwrites><Instances></Instances><StaticKeys></StaticKeys></OpenVPN><Gateways version="0.0.1"></Gateways><HAProxy version="4.0.0"><general><enabled>1</enabled><gracefulStop>0</gracefulStop><hardStopAfter>60s</hardStopAfter><closeSpreadTime></closeSpreadTime><seamlessReload>0</seamlessReload><storeOcsp>0</storeOcsp><showIntro>1</showIntro><peers><enabled>0</enabled><name1></name1><listen1></listen1><port1>1024</port1><name2></name2><listen2></listen2><port2>1024</port2></peers><tuning><root>0</root><maxConnections></maxConnections><nbthread>1</nbthread><sslServerVerify>ignore</sslServerVerify><maxDHSize>2048</maxDHSize><bufferSize>16384</bufferSize></tuning></general></HAProxy></xml>"#;
+    let rawxml: RawXml = yaserde::de::from_str(xml).unwrap();
+    assert_eq!(rawxml.0, String::from(xml));
+}
+
+#[test]
+fn rawxml_should_serialize_simple_documents() {
+    let xml = r#"<?xml version="1.0" encoding="utf-8"?><xml />"#;
+    let rawxml: RawXml = yaserde::de::from_str(xml).unwrap();
+    assert_eq!(yaserde::ser::to_string(&rawxml).unwrap(), xml);
+}
+
+#[test]
+fn rawxml_should_serialize_complex_documents() {
+    let xml = r#"<?xml version="1.0" encoding="utf-8"?><xml><OpenVPN version="1.0.0"><Overwrites /><Instances /><StaticKeys /></OpenVPN><Gateways version="0.0.1" /><HAProxy version="4.0.0"><general><enabled>1</enabled><gracefulStop>0</gracefulStop><hardStopAfter>60s</hardStopAfter><closeSpreadTime /><seamlessReload>0</seamlessReload><storeOcsp>0</storeOcsp><showIntro>1</showIntro><peers><enabled>0</enabled><name1 /><listen1 /><port1>1024</port1><name2 /><listen2 /><port2>1024</port2></peers><tuning><root>0</root><maxConnections /><nbthread>1</nbthread><sslServerVerify>ignore</sslServerVerify><maxDHSize>2048</maxDHSize><bufferSize>16384</bufferSize></tuning></general></HAProxy></xml>"#;
+    let rawxml: RawXml = yaserde::de::from_str(xml).unwrap();
+    assert_eq!(yaserde::ser::to_string(&rawxml).unwrap(), xml);
+}
+
+#[test]
+fn rawxml_should_allow_siblings_before() {
+    #[derive(YaDeserialize, YaSerialize)]
+    struct Config {
+        paul: Vec<String>,
+        raw: RawXml,
+    }
+    let xml = r#"<?xml version="1.0" encoding="utf-8"?><Config><paul>bobob</paul><paul>patate</paul><raw>allo something</raw></Config>"#;
+    let config: Config = yaserde::de::from_str(xml).unwrap();
+    assert_eq!(yaserde::ser::to_string(&config).unwrap(), xml);
+}
+
+#[test]
+fn rawxml_should_allow_siblings_after() {
+    #[derive(YaDeserialize, YaSerialize)]
+    struct Config {
+        raw: RawXml,
+        paul: Vec<String>,
+    }
+    let xml = r#"<?xml version="1.0" encoding="utf-8"?><Config><raw>allo something</raw><paul>bobob</paul><paul>patate</paul></Config>"#;
+    let config: Config = yaserde::de::from_str(xml).unwrap();
+    assert_eq!(config.paul.get(0).unwrap(), "bobob");
+    assert_eq!(config.paul.get(1).unwrap(), "patate");
+    assert_eq!(config.paul.len(), 2);
+    assert_eq!(config.raw.0, "<raw>allo something</raw>");
+    assert_eq!(yaserde::ser::to_string(&config).unwrap(), xml);
+}
+
+#[test]
+fn rawxml_should_allow_being_end_of_document() {
+    let xml = r#"<?xml version="1.0" encoding="utf-8"?><Config><raw>allo something</raw><paul>bobob</paul><paul>patate</paul></Config>"#;
+    let config: RawXml = yaserde::de::from_str(xml).unwrap();
+    assert_eq!(yaserde::ser::to_string(&config).unwrap(), xml);
+}
diff --git a/harmony-rs/opnsense-config/src/infra/mod.rs b/harmony-rs/opnsense-config/src/infra/mod.rs
new file mode 100644
index 0000000..66b22fc
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/infra/mod.rs
@@ -0,0 +1,3 @@
+
+pub mod generic_xml;
+
diff --git a/harmony-rs/opnsense-config/src/lib.rs b/harmony-rs/opnsense-config/src/lib.rs
index 7673ffc..e0e5967 100644
--- a/harmony-rs/opnsense-config/src/lib.rs
+++ b/harmony-rs/opnsense-config/src/lib.rs
@@ -1,6 +1,7 @@
 pub mod config;
 pub mod modules;
 pub mod error;
+pub mod infra;
 
 pub use config::Config;
 pub use error::Error;
diff --git a/harmony-rs/opnsense-config/src/modules/deserializer/interfaces.rs b/harmony-rs/opnsense-config/src/modules/deserializer/interfaces.rs
index ee20f80..277048f 100644
--- a/harmony-rs/opnsense-config/src/modules/deserializer/interfaces.rs
+++ b/harmony-rs/opnsense-config/src/modules/deserializer/interfaces.rs
@@ -8,7 +8,8 @@ impl YaSerialize for Interfaces {
         &self,
         writer: &mut yaserde::ser::Serializer<W>,
     ) -> Result<(), String> {
-        todo!()
+        writer.write("Interfaces serializer TODO");
+        Ok(())
     }
 
     fn serialize_attributes(
@@ -88,7 +89,7 @@ impl YaDeserialize for Interfaces {
             }
             let peek = reader.peek()?;
 
-            let mut read_next = true;
+            let read_next = true;
             if let XmlEvent::EndElement { name } = peek {
                 if name.local_name == "interfaces" {
                     println!("Got endElement interfaces, not reading next event");
diff --git a/harmony-rs/opnsense-config/src/modules/opnsense.rs b/harmony-rs/opnsense-config/src/modules/opnsense.rs
index d7c2730..6b2c602 100644
--- a/harmony-rs/opnsense-config/src/modules/opnsense.rs
+++ b/harmony-rs/opnsense-config/src/modules/opnsense.rs
@@ -6,7 +6,7 @@ pub struct OPNsense {
     pub dhcpd: Dhcpd,
     pub theme: String,
     pub sysctl: Sysctl,
-    pub system: System,
+    pub system: RawXml,
     pub interfaces: Interfaces,
     pub snmpd: Snmpd,
     pub syslog: Syslog,
@@ -107,7 +107,7 @@ pub struct Rule {
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Source {
-    pub any: Option<bool>,
+    pub any: Option<u8>,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -168,24 +168,24 @@ pub struct System {
     pub timezone: String,
     pub timeservers: String,
     pub webgui: WebGui,
-    pub usevirtualterminal: bool,
-    pub disableconsolemenu: bool,
-    pub disablevlanhwfilter: bool,
-    pub disablechecksumoffloading: bool,
-    pub disablesegmentationoffloading: bool,
-    pub disablelargereceiveoffloading: bool,
-    pub ipv6allow: bool,
+    pub usevirtualterminal: u8,
+    pub disableconsolemenu: u8,
+    pub disablevlanhwfilter: u8,
+    pub disablechecksumoffloading: u8,
+    pub disablesegmentationoffloading: u8,
+    pub disablelargereceiveoffloading: u8,
+    pub ipv6allow: u8,
     pub powerd_ac_mode: String,
     pub powerd_battery_mode: String,
     pub powerd_normal_mode: String,
     pub bogons: Bogons,
     pub crypto_hardware: String,
-    pub pf_share_forward: bool,
-    pub lb_use_sticky: bool,
-    pub kill_states: bool,
+    pub pf_share_forward: u8,
+    pub lb_use_sticky: u8,
+    pub kill_states: u8,
     pub ssh: Ssh,
     pub firmware: Firmware,
-    pub sudo_allow_wheel: bool,
+    pub sudo_allow_wheel: u8,
     pub sudo_allow_group: String,
     pub enablenatreflectionhelper: String,
     pub rulesetoptimization: String,
@@ -211,23 +211,23 @@ pub struct System {
     pub dns7gw: String,
     #[yaserde(rename = "dns8gw")]
     pub dns8gw: String,
-    pub dnsallowoverride: bool,
+    pub dnsallowoverride: u8,
     pub dnsallowoverride_exclude: Option<String>,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Ssh {
     pub group: String,
-    pub noauto: bool,
+    pub noauto: u8,
     pub interfaces: Option<String>,
     pub kex: Option<String>,
     pub ciphers: Option<String>,
     pub macs: Option<String>,
     pub keys: Option<String>,
     pub enabled: String,
-    pub passwordauth: bool,
+    pub passwordauth: u8,
     pub keysig: Option<String>,
-    pub permitrootlogin: bool,
+    pub permitrootlogin: u8,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -288,6 +288,8 @@ pub struct WebGui {
 
 use std::collections::HashMap;
 
+use crate::infra::generic_xml::RawXml;
+
 #[derive(Default, PartialEq, Debug)]
 pub struct Interfaces {
     pub interfaces: HashMap<String, Interface>,
@@ -313,7 +315,7 @@ pub struct Interface {
     #[yaserde(rename = "virtual")]
     pub r#virtual: Option<String>,
     pub subnet: Option<String>,
-    pub networks: Option<bool>,
+    pub networks: Option<u8>,
     pub subnetv6: Option<String>,
     pub ipaddrv6: Option<String>,
     #[yaserde(rename = "track6-interface")]
@@ -374,7 +376,7 @@ pub struct Snmpd {
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Syslog {
-    pub reverse: Option<bool>,
+    pub reverse: Option<u8>,
     pub preservelogs: i32,
 }
 
@@ -399,7 +401,7 @@ pub struct NatRule {
     pub ipprotocol: String,
     pub descr: Option<String>,
     pub tag: Option<String>,
-    pub tagged: Option<bool>,
+    pub tagged: Option<u8>,
     pub poolopts: PoolOpts,
     #[yaserde(rename = "associated-rule-id")]
     pub associated_rule_id: String,
@@ -666,7 +668,7 @@ pub struct Capture {
     #[yaserde(rename = "interfaces")]
     pub interfaces: Option<String>,
     #[yaserde(rename = "egress_only")]
-    pub egress_only: Option<bool>,
+    pub egress_only: Option<u8>,
     #[yaserde(rename = "version")]
     pub version: Option<String>,
     #[yaserde(rename = "targets")]
@@ -1536,7 +1538,7 @@ pub struct Backend {
     #[yaserde(rename = "id")]
     pub id: String,
     #[yaserde(rename = "enabled")]
-    pub enabled: bool,
+    pub enabled: u8,
     #[yaserde(rename = "name")]
     pub name: String,
     #[yaserde(rename = "description")]
@@ -1562,11 +1564,11 @@ pub struct Backend {
     #[yaserde(rename = "source")]
     pub source: Option<String>,
     #[yaserde(rename = "healthCheckEnabled")]
-    pub health_check_enabled: bool,
+    pub health_check_enabled: u8,
     #[yaserde(rename = "healthCheck")]
     pub health_check: Option<String>,
     #[yaserde(rename = "healthCheckLogStatus")]
-    pub health_check_log_status: bool,
+    pub health_check_log_status: u8,
     #[yaserde(rename = "checkInterval")]
     pub check_interval: Option<String>,
     #[yaserde(rename = "checkDownInterval")]
@@ -1578,9 +1580,9 @@ pub struct Backend {
     #[yaserde(rename = "linkedMailer")]
     pub linked_mailer: Option<String>,
     #[yaserde(rename = "http2Enabled")]
-    pub http2_enabled: bool,
+    pub http2_enabled: u8,
     #[yaserde(rename = "http2Enabled_nontls")]
-    pub http2_enabled_nontls: bool,
+    pub http2_enabled_nontls: u8,
     #[yaserde(rename = "ba_advertised_protocols")]
     pub ba_advertised_protocols: String,
     #[yaserde(rename = "persistence")]
@@ -1590,7 +1592,7 @@ pub struct Backend {
     #[yaserde(rename = "persistence_cookiename")]
     pub persistence_cookiename: Option<String>,
     #[yaserde(rename = "persistence_stripquotes")]
-    pub persistence_stripquotes: bool,
+    pub persistence_stripquotes: u8,
     #[yaserde(rename = "stickiness_pattern")]
     pub stickiness_pattern: String,
     #[yaserde(rename = "stickiness_dataTypes")]
@@ -1616,7 +1618,7 @@ pub struct Backend {
     #[yaserde(rename = "stickiness_bytesOutRatePeriod")]
     pub stickiness_bytes_out_rate_period: String,
     #[yaserde(rename = "basicAuthEnabled")]
-    pub basic_auth_enabled: bool,
+    pub basic_auth_enabled: u8,
     #[yaserde(rename = "basicAuthUsers")]
     pub basic_auth_users: Option<String>,
     #[yaserde(rename = "basicAuthGroups")]
@@ -1634,11 +1636,11 @@ pub struct Backend {
     #[yaserde(rename = "tuning_defaultserver")]
     pub tuning_defaultserver: Option<String>,
     #[yaserde(rename = "tuning_noport")]
-    pub tuning_noport: bool,
+    pub tuning_noport: u8,
     #[yaserde(rename = "tuning_httpreuse")]
     pub tuning_httpreuse: Option<String>,
     #[yaserde(rename = "tuning_caching")]
-    pub tuning_caching: bool,
+    pub tuning_caching: u8,
     #[yaserde(rename = "linkedActions")]
     pub linked_actions: Option<String>,
     #[yaserde(rename = "linkedErrorfiles")]
@@ -1658,7 +1660,7 @@ pub struct HAProxyServer {
     #[yaserde(rename = "id")]
     pub id: String,
     #[yaserde(rename = "enabled")]
-    pub enabled: bool,
+    pub enabled: u8,
     #[yaserde(rename = "name")]
     pub name: String,
     #[yaserde(rename = "description")]
@@ -1686,11 +1688,11 @@ pub struct HAProxyServer {
     #[yaserde(rename = "resolvePrefer")]
     pub resolve_prefer: Option<String>,
     #[yaserde(rename = "ssl")]
-    pub ssl: bool,
+    pub ssl: u8,
     #[yaserde(rename = "sslSNI")]
     pub ssl_sni: Option<String>,
     #[yaserde(rename = "sslVerify")]
-    pub ssl_verify: bool,
+    pub ssl_verify: u8,
     #[yaserde(rename = "sslCA")]
     pub ssl_ca: Option<String>,
     #[yaserde(rename = "sslCRL")]
@@ -1731,7 +1733,7 @@ pub struct HAProxyHealthCheck {
     pub ssl: String,
     #[yaserde(rename = "sslSNI")]
     pub ssl_sni: Option<String>,
-    pub force_ssl: bool,
+    pub force_ssl: u8,
     pub checkport: Option<String>,
     pub http_method: String,
     pub http_uri: String,

From ab59923dae646cc0a0f76a286dca115e62a337bc Mon Sep 17 00:00:00 2001
From: Jean-Gabriel Gill-Couture <jeangabriel.gc@gmail.com>
Date: Sat, 2 Nov 2024 13:51:12 -0400
Subject: [PATCH 09/19] feat(opnsense-config): Add MaybeString type to preserve
 xml serialization of empty elements

---
 harmony-rs/Cargo.lock                         |  23 +
 harmony-rs/opnsense-config/Cargo.toml         |   3 +
 harmony-rs/opnsense-config/src/config.rs      |   2 +
 .../opnsense-config/src/infra/generic_xml.rs  | 217 ++---
 .../opnsense-config/src/infra/maybe_string.rs | 173 ++++
 harmony-rs/opnsense-config/src/infra/mod.rs   |   1 +
 .../opnsense-config/src/modules/dhcp.rs       | 124 ++-
 .../opnsense-config/src/modules/opnsense.rs   | 778 +++++++++---------
 8 files changed, 780 insertions(+), 541 deletions(-)
 create mode 100644 harmony-rs/opnsense-config/src/infra/maybe_string.rs

diff --git a/harmony-rs/Cargo.lock b/harmony-rs/Cargo.lock
index a115db3..57e2bb8 100644
--- a/harmony-rs/Cargo.lock
+++ b/harmony-rs/Cargo.lock
@@ -440,6 +440,12 @@ dependencies = [
  "cipher",
 ]
 
+[[package]]
+name = "diff"
+version = "0.1.13"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "56254986775e3233ffa9c4d7d3faaf6d36a2c09d30b20687e9f88bc8bafc16c8"
+
 [[package]]
 name = "digest"
 version = "0.10.7"
@@ -1242,6 +1248,7 @@ dependencies = [
  "async-trait",
  "env_logger",
  "log",
+ "pretty_assertions",
  "russh",
  "russh-keys",
  "serde",
@@ -1426,6 +1433,16 @@ dependencies = [
  "zerocopy",
 ]
 
+[[package]]
+name = "pretty_assertions"
+version = "1.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3ae130e2f271fbc2ac3a40fb1d07180839cdbbe443c7a27e1e3c13c5cac0116d"
+dependencies = [
+ "diff",
+ "yansi",
+]
+
 [[package]]
 name = "primeorder"
 version = "0.13.6"
@@ -2594,6 +2611,12 @@ dependencies = [
  "tracing",
 ]
 
+[[package]]
+name = "yansi"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cfe53a6657fd280eaa890a3bc59152892ffa3e30101319d168b781ed6529b049"
+
 [[package]]
 name = "yaserde"
 version = "0.11.1"
diff --git a/harmony-rs/opnsense-config/Cargo.toml b/harmony-rs/opnsense-config/Cargo.toml
index 7f6894d..ca7a3ea 100644
--- a/harmony-rs/opnsense-config/Cargo.toml
+++ b/harmony-rs/opnsense-config/Cargo.toml
@@ -17,3 +17,6 @@ xml-rs = "0.8"
 thiserror = "1.0"
 async-trait = { workspace = true }
 tokio = { workspace = true }
+
+[dev-dependencies]
+pretty_assertions = "1.4.1"
diff --git a/harmony-rs/opnsense-config/src/config.rs b/harmony-rs/opnsense-config/src/config.rs
index 79829c6..233ae69 100644
--- a/harmony-rs/opnsense-config/src/config.rs
+++ b/harmony-rs/opnsense-config/src/config.rs
@@ -194,6 +194,8 @@ mod tests {
         let serialized = yaserde::ser::to_string_with_config(&config.opnsense, &yaserde_cfg).unwrap();
 
         fs::write("/tmp/serialized.xml", &serialized).unwrap();
+        std::process::Command::new("xmllint").arg("/tmp/serialized.xml").arg("--output").arg("/tmp/serialized.xmllint.xml").status().expect("xmllint failed");
+
         assert_eq!(config_file_str, serialized);
     }
 
diff --git a/harmony-rs/opnsense-config/src/infra/generic_xml.rs b/harmony-rs/opnsense-config/src/infra/generic_xml.rs
index 6e1d1a5..1e70a71 100644
--- a/harmony-rs/opnsense-config/src/infra/generic_xml.rs
+++ b/harmony-rs/opnsense-config/src/infra/generic_xml.rs
@@ -1,21 +1,5 @@
-use xml::reader::{EventReader, XmlEvent as ReadEvent};
-use xml::writer::{EventWriter, XmlEvent as WriteEvent};
+use xml::reader::XmlEvent as ReadEvent;
 use yaserde::{ser, YaDeserialize as YaDeserializeTrait, YaSerialize as YaSerializeTrait};
-use yaserde_derive::{YaDeserialize, YaSerialize};
-
-#[derive(Debug, PartialEq, Default, YaDeserialize)]
-pub struct Parent {
-    //    pub rawxml_child: RawXml,
-    pub string_child: String,
-    pub child_child: Child,
-}
-
-#[derive(Debug, PartialEq, Default, YaDeserialize)]
-pub struct Child {
-    pub child_val: String,
-    pub child_val2: String,
-    pub child_option: Option<String>,
-}
 
 #[derive(Debug, PartialEq, Default)]
 pub struct RawXml(String);
@@ -131,119 +115,100 @@ impl YaSerializeTrait for RawXml {
         todo!()
     }
 }
-// impl YaSerializeTrait for RawXml {
-//     fn serialize<W: std::io::Write>(
-//         &self,
-//         writer: &mut yaserde::ser::Serializer<W>,
-//     ) -> Result<(), String> {
-//         let mut reader = EventReader::from_str(&self.0);
-//         loop {
-//             match reader.next() {
-//                 Ok(ReadEvent::StartElement {
-//                     name,
-//                     attributes,
-//                     namespace,
-//                 }) => {
-//                     let write = WriteEvent::from(reader.next().unwrap());
-//                     writer
-//                         .write(WriteEvent::StartElement {
-//                             name: name.clone(),
-//                             attributes: attributes.clone(),
-//                             namespace: namespace.clone(),
-//                         })
-//                         .map_err(|e| e.to_string())?;
-//                 }
-//                 Ok(ReadEvent::EndElement { name }) => {
-//                     writer
-//                         .write(WriteEvent::EndElement { name: Some(name) })
-//                         .map_err(|e| e.to_string())?;
-//                 }
-//                 Ok(ReadEvent::Characters(content)) => {
-//                     writer
-//                         .write(WriteEvent::Characters(&content))
-//                         .map_err(|e| e.to_string())?;
-//                 }
-//                 Ok(ReadEvent::Eof) => break,
-//                 Err(e) => return Err(e.to_string()),
-//                 _ => {}
-//             }
-//         }
-//         Ok(())
-//     }
-// }
-//
-#[test]
-fn rawxml_should_buffer_empty_element() {
-    let rawxml: RawXml = yaserde::de::from_str("<something/>").unwrap();
-    assert_eq!(rawxml.0, String::from("<something></something>"));
-}
 
-#[test]
-fn rawxml_should_buffer_elements_with_different_case_as_they_are() {
-    let xml = "<xml><Some_thing></Some_thing><something></something></xml>";
-    let rawxml: RawXml = yaserde::de::from_str(xml).unwrap();
-    assert_eq!(rawxml.0, String::from(xml));
-}
+#[cfg(test)]
+mod test {
+    use super::*;
+    use yaserde_derive::YaDeserialize;
+    use yaserde_derive::YaSerialize;
 
-#[test]
-fn rawxml_should_buffer_elements_with_attributes() {
-    let xml = r#"<xml version="ababa"><Some_thing></Some_thing><something></something></xml>"#;
-    let rawxml: RawXml = yaserde::de::from_str(xml).unwrap();
-    assert_eq!(rawxml.0, String::from(xml));
-}
-
-#[test]
-fn rawxml_should_handle_complex_documents() {
-    let xml = r#"<xml><OpenVPN version="1.0.0"><Overwrites></Overwrites><Instances></Instances><StaticKeys></StaticKeys></OpenVPN><Gateways version="0.0.1"></Gateways><HAProxy version="4.0.0"><general><enabled>1</enabled><gracefulStop>0</gracefulStop><hardStopAfter>60s</hardStopAfter><closeSpreadTime></closeSpreadTime><seamlessReload>0</seamlessReload><storeOcsp>0</storeOcsp><showIntro>1</showIntro><peers><enabled>0</enabled><name1></name1><listen1></listen1><port1>1024</port1><name2></name2><listen2></listen2><port2>1024</port2></peers><tuning><root>0</root><maxConnections></maxConnections><nbthread>1</nbthread><sslServerVerify>ignore</sslServerVerify><maxDHSize>2048</maxDHSize><bufferSize>16384</bufferSize></tuning></general></HAProxy></xml>"#;
-    let rawxml: RawXml = yaserde::de::from_str(xml).unwrap();
-    assert_eq!(rawxml.0, String::from(xml));
-}
-
-#[test]
-fn rawxml_should_serialize_simple_documents() {
-    let xml = r#"<?xml version="1.0" encoding="utf-8"?><xml />"#;
-    let rawxml: RawXml = yaserde::de::from_str(xml).unwrap();
-    assert_eq!(yaserde::ser::to_string(&rawxml).unwrap(), xml);
-}
-
-#[test]
-fn rawxml_should_serialize_complex_documents() {
-    let xml = r#"<?xml version="1.0" encoding="utf-8"?><xml><OpenVPN version="1.0.0"><Overwrites /><Instances /><StaticKeys /></OpenVPN><Gateways version="0.0.1" /><HAProxy version="4.0.0"><general><enabled>1</enabled><gracefulStop>0</gracefulStop><hardStopAfter>60s</hardStopAfter><closeSpreadTime /><seamlessReload>0</seamlessReload><storeOcsp>0</storeOcsp><showIntro>1</showIntro><peers><enabled>0</enabled><name1 /><listen1 /><port1>1024</port1><name2 /><listen2 /><port2>1024</port2></peers><tuning><root>0</root><maxConnections /><nbthread>1</nbthread><sslServerVerify>ignore</sslServerVerify><maxDHSize>2048</maxDHSize><bufferSize>16384</bufferSize></tuning></general></HAProxy></xml>"#;
-    let rawxml: RawXml = yaserde::de::from_str(xml).unwrap();
-    assert_eq!(yaserde::ser::to_string(&rawxml).unwrap(), xml);
-}
-
-#[test]
-fn rawxml_should_allow_siblings_before() {
-    #[derive(YaDeserialize, YaSerialize)]
-    struct Config {
-        paul: Vec<String>,
-        raw: RawXml,
+    #[derive(Debug, PartialEq, Default, YaDeserialize)]
+    pub struct Parent {
+        //    pub rawxml_child: RawXml,
+        pub string_child: String,
+        pub child_child: Child,
     }
-    let xml = r#"<?xml version="1.0" encoding="utf-8"?><Config><paul>bobob</paul><paul>patate</paul><raw>allo something</raw></Config>"#;
-    let config: Config = yaserde::de::from_str(xml).unwrap();
-    assert_eq!(yaserde::ser::to_string(&config).unwrap(), xml);
-}
 
-#[test]
-fn rawxml_should_allow_siblings_after() {
-    #[derive(YaDeserialize, YaSerialize)]
-    struct Config {
-        raw: RawXml,
-        paul: Vec<String>,
+    #[derive(Debug, PartialEq, Default, YaDeserialize)]
+    pub struct Child {
+        pub child_val: String,
+        pub child_val2: String,
+        pub child_option: Option<String>,
     }
-    let xml = r#"<?xml version="1.0" encoding="utf-8"?><Config><raw>allo something</raw><paul>bobob</paul><paul>patate</paul></Config>"#;
-    let config: Config = yaserde::de::from_str(xml).unwrap();
-    assert_eq!(config.paul.get(0).unwrap(), "bobob");
-    assert_eq!(config.paul.get(1).unwrap(), "patate");
-    assert_eq!(config.paul.len(), 2);
-    assert_eq!(config.raw.0, "<raw>allo something</raw>");
-    assert_eq!(yaserde::ser::to_string(&config).unwrap(), xml);
-}
 
-#[test]
-fn rawxml_should_allow_being_end_of_document() {
-    let xml = r#"<?xml version="1.0" encoding="utf-8"?><Config><raw>allo something</raw><paul>bobob</paul><paul>patate</paul></Config>"#;
-    let config: RawXml = yaserde::de::from_str(xml).unwrap();
-    assert_eq!(yaserde::ser::to_string(&config).unwrap(), xml);
+    #[test]
+    fn rawxml_should_buffer_empty_element() {
+        let rawxml: RawXml = yaserde::de::from_str("<something/>").unwrap();
+        assert_eq!(rawxml.0, String::from("<something></something>"));
+    }
+
+    #[test]
+    fn rawxml_should_buffer_elements_with_different_case_as_they_are() {
+        let xml = "<xml><Some_thing></Some_thing><something></something></xml>";
+        let rawxml: RawXml = yaserde::de::from_str(xml).unwrap();
+        assert_eq!(rawxml.0, String::from(xml));
+    }
+
+    #[test]
+    fn rawxml_should_buffer_elements_with_attributes() {
+        let xml = r#"<xml version="ababa"><Some_thing></Some_thing><something></something></xml>"#;
+        let rawxml: RawXml = yaserde::de::from_str(xml).unwrap();
+        assert_eq!(rawxml.0, String::from(xml));
+    }
+
+    #[test]
+    fn rawxml_should_handle_complex_documents() {
+        let xml = r#"<xml><OpenVPN version="1.0.0"><Overwrites></Overwrites><Instances></Instances><StaticKeys></StaticKeys></OpenVPN><Gateways version="0.0.1"></Gateways><HAProxy version="4.0.0"><general><enabled>1</enabled><gracefulStop>0</gracefulStop><hardStopAfter>60s</hardStopAfter><closeSpreadTime></closeSpreadTime><seamlessReload>0</seamlessReload><storeOcsp>0</storeOcsp><showIntro>1</showIntro><peers><enabled>0</enabled><name1></name1><listen1></listen1><port1>1024</port1><name2></name2><listen2></listen2><port2>1024</port2></peers><tuning><root>0</root><maxConnections></maxConnections><nbthread>1</nbthread><sslServerVerify>ignore</sslServerVerify><maxDHSize>2048</maxDHSize><bufferSize>16384</bufferSize></tuning></general></HAProxy></xml>"#;
+        let rawxml: RawXml = yaserde::de::from_str(xml).unwrap();
+        assert_eq!(rawxml.0, String::from(xml));
+    }
+
+    #[test]
+    fn rawxml_should_serialize_simple_documents() {
+        let xml = r#"<?xml version="1.0" encoding="utf-8"?><xml />"#;
+        let rawxml: RawXml = yaserde::de::from_str(xml).unwrap();
+        assert_eq!(yaserde::ser::to_string(&rawxml).unwrap(), xml);
+    }
+
+    #[test]
+    fn rawxml_should_serialize_complex_documents() {
+        let xml = r#"<?xml version="1.0" encoding="utf-8"?><xml><OpenVPN version="1.0.0"><Overwrites /><Instances /><StaticKeys /></OpenVPN><Gateways version="0.0.1" /><HAProxy version="4.0.0"><general><enabled>1</enabled><gracefulStop>0</gracefulStop><hardStopAfter>60s</hardStopAfter><closeSpreadTime /><seamlessReload>0</seamlessReload><storeOcsp>0</storeOcsp><showIntro>1</showIntro><peers><enabled>0</enabled><name1 /><listen1 /><port1>1024</port1><name2 /><listen2 /><port2>1024</port2></peers><tuning><root>0</root><maxConnections /><nbthread>1</nbthread><sslServerVerify>ignore</sslServerVerify><maxDHSize>2048</maxDHSize><bufferSize>16384</bufferSize></tuning></general></HAProxy></xml>"#;
+        let rawxml: RawXml = yaserde::de::from_str(xml).unwrap();
+        assert_eq!(yaserde::ser::to_string(&rawxml).unwrap(), xml);
+    }
+
+    #[test]
+    fn rawxml_should_allow_siblings_before() {
+        #[derive(YaDeserialize, YaSerialize)]
+        struct Config {
+            paul: Vec<String>,
+            raw: RawXml,
+        }
+        let xml = r#"<?xml version="1.0" encoding="utf-8"?><Config><paul>bobob</paul><paul>patate</paul><raw>allo something</raw></Config>"#;
+        let config: Config = yaserde::de::from_str(xml).unwrap();
+        assert_eq!(yaserde::ser::to_string(&config).unwrap(), xml);
+    }
+
+    #[test]
+    fn rawxml_should_allow_siblings_after() {
+        #[derive(YaDeserialize, YaSerialize)]
+        struct Config {
+            raw: RawXml,
+            paul: Vec<String>,
+        }
+        let xml = r#"<?xml version="1.0" encoding="utf-8"?><Config><raw>allo something</raw><paul>bobob</paul><paul>patate</paul></Config>"#;
+        let config: Config = yaserde::de::from_str(xml).unwrap();
+        assert_eq!(config.paul.get(0).unwrap(), "bobob");
+        assert_eq!(config.paul.get(1).unwrap(), "patate");
+        assert_eq!(config.paul.len(), 2);
+        assert_eq!(config.raw.0, "<raw>allo something</raw>");
+        assert_eq!(yaserde::ser::to_string(&config).unwrap(), xml);
+    }
+
+    #[test]
+    fn rawxml_should_allow_being_end_of_document() {
+        let xml = r#"<?xml version="1.0" encoding="utf-8"?><Config><raw>allo something</raw><paul>bobob</paul><paul>patate</paul></Config>"#;
+        let config: RawXml = yaserde::de::from_str(xml).unwrap();
+        assert_eq!(yaserde::ser::to_string(&config).unwrap(), xml);
+    }
 }
diff --git a/harmony-rs/opnsense-config/src/infra/maybe_string.rs b/harmony-rs/opnsense-config/src/infra/maybe_string.rs
new file mode 100644
index 0000000..7c7f4c9
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/infra/maybe_string.rs
@@ -0,0 +1,173 @@
+use xml::reader::XmlEvent as ReadEvent;
+use xml::writer::XmlEvent as WriteEvent;
+use yaserde::{ser, YaDeserialize as YaDeserializeTrait, YaSerialize as YaSerializeTrait};
+
+#[derive(Debug, PartialEq, Default)]
+pub struct MaybeString {
+    field_name: String,
+    content: Option<String>,
+}
+
+impl YaDeserializeTrait for MaybeString {
+    fn deserialize<R: std::io::Read>(
+        reader: &mut yaserde::de::Deserializer<R>,
+    ) -> Result<Self, String> {
+        let field_name = match reader.peek()? {
+            ReadEvent::StartElement {
+                name, attributes, ..
+            } => {
+                if attributes.len() > 0 {
+                    return Err(String::from(
+                        "Attributes not currently supported by MaybeString",
+                    ));
+                }
+
+                name.local_name.clone()
+            }
+            _ => return Err(String::from("Unsupporte ReadEvent type")),
+        };
+        reader.next_event()?;
+
+        let content = match reader.peek()? {
+            ReadEvent::Characters(content) => Some(content.clone()),
+            ReadEvent::EndElement { name } => {
+                if name.local_name != field_name {
+                    return Err(format!(
+                        "Invalid EndElement, expected {field_name} but got {}",
+                        name.local_name
+                    ));
+                }
+                None
+            }
+            _ => return Err(String::from("Unsupporte ReadEvent type")),
+        };
+
+        Ok(Self {
+            field_name,
+            content,
+        })
+    }
+}
+
+impl YaSerializeTrait for MaybeString {
+    fn serialize<W: std::io::Write>(&self, writer: &mut ser::Serializer<W>) -> Result<(), String> {
+        let start_element_event = WriteEvent::start_element(self.field_name.as_str());
+        writer.write(start_element_event).expect("Writer failed");
+        match &self.content {
+            Some(content) => {
+                writer
+                    .write(WriteEvent::characters(content))
+                    .expect("Writer failed");
+            }
+            None => {}
+        };
+
+        writer
+            .write(WriteEvent::end_element())
+            .expect("Writer failed");
+        Ok(())
+    }
+
+    fn serialize_attributes(
+        &self,
+        _attributes: Vec<xml::attribute::OwnedAttribute>,
+        _namespace: xml::namespace::Namespace,
+    ) -> Result<
+        (
+            Vec<xml::attribute::OwnedAttribute>,
+            xml::namespace::Namespace,
+        ),
+        String,
+    > {
+        unimplemented!("MaybeString does not currently support attributes")
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use super::*;
+    use pretty_assertions::assert_eq;
+    use yaserde_derive::YaDeserialize;
+    use yaserde_derive::YaSerialize;
+
+    #[derive(Debug, PartialEq, Default, YaDeserialize, YaSerialize)]
+    struct TestStruct {
+        maybe: MaybeString,
+    }
+
+    #[test]
+    fn maybe_string_should_deserialize_empty_element() {
+        let initial_xml = "<struct><maybe/></struct>";
+        let test_struct: TestStruct =
+            yaserde::de::from_str(initial_xml).expect("Shoudl deserialize teststruct");
+        println!("Got test_struct {:?}", test_struct);
+        assert_eq!(
+            test_struct,
+            TestStruct {
+                maybe: MaybeString {
+                    field_name: String::from("maybe"),
+                    content: None
+                }
+            }
+        );
+    }
+
+    #[test]
+    fn maybe_string_should_deserialize_content() {
+        let initial_xml = "<struct><maybe>some content</maybe></struct>";
+        let test_struct: TestStruct =
+            yaserde::de::from_str(initial_xml).expect("Shoudl deserialize teststruct");
+        println!("Got test_struct {:?}", test_struct);
+        assert_eq!(
+            test_struct,
+            TestStruct {
+                maybe: MaybeString {
+                    field_name: String::from("maybe"),
+                    content: Some(String::from("some content"))
+                }
+            }
+        );
+    }
+
+    #[test]
+    fn maybe_string_should_deserialize_empty_long_format() {
+        let initial_xml = "<struct><maybe></maybe></struct>";
+        let test_struct: TestStruct =
+            yaserde::de::from_str(initial_xml).expect("Shoudl deserialize teststruct");
+        println!("Got test_struct {:?}", test_struct);
+        assert_eq!(
+            test_struct,
+            TestStruct {
+                maybe: MaybeString {
+                    field_name: String::from("maybe"),
+                    content: None
+                }
+            }
+        );
+    }
+
+    #[test]
+    fn maybe_string_should_serialize_to_empty_element() {
+        let initial_xml =
+            r#"<?xml version="1.0" encoding="utf-8"?><TestStruct><maybe /></TestStruct>"#;
+        let test_struct: TestStruct =
+            yaserde::de::from_str(initial_xml).expect("Shoudl deserialize teststruct");
+        println!("Got test_struct {:?}", test_struct);
+        assert_eq!(
+            yaserde::ser::to_string(&test_struct).expect("should serialize teststruct"),
+            initial_xml
+        );
+    }
+
+    #[test]
+    fn maybe_string_should_serialize_content() {
+        let initial_xml = r#"<?xml version="1.0" encoding="utf-8"?><TestStruct><maybe>some content</maybe></TestStruct>"#;
+        let test_struct: TestStruct =
+            yaserde::de::from_str(initial_xml).expect("Shoudl deserialize teststruct");
+        println!("Got test_struct {:?}", test_struct);
+        assert_eq!(
+            yaserde::ser::to_string(&test_struct).expect("should serialize teststruct"),
+            initial_xml
+        );
+    }
+}
diff --git a/harmony-rs/opnsense-config/src/infra/mod.rs b/harmony-rs/opnsense-config/src/infra/mod.rs
index 66b22fc..2563d9c 100644
--- a/harmony-rs/opnsense-config/src/infra/mod.rs
+++ b/harmony-rs/opnsense-config/src/infra/mod.rs
@@ -1,3 +1,4 @@
 
 pub mod generic_xml;
+pub mod maybe_string;
 
diff --git a/harmony-rs/opnsense-config/src/modules/dhcp.rs b/harmony-rs/opnsense-config/src/modules/dhcp.rs
index 8d7172a..92972dc 100644
--- a/harmony-rs/opnsense-config/src/modules/dhcp.rs
+++ b/harmony-rs/opnsense-config/src/modules/dhcp.rs
@@ -1,4 +1,8 @@
 use super::opnsense::{OPNsense, StaticMap};
+use crate::infra::maybe_string::MaybeString;
+use crate::modules::opnsense::NumberOption;
+use crate::modules::opnsense::Range;
+use yaserde_derive::{YaDeserialize, YaSerialize};
 
 pub struct DhcpConfig<'a> {
     opnsense: &'a mut OPNsense,
@@ -14,10 +18,10 @@ impl<'a> DhcpConfig<'a> {
             mac,
             ipaddr,
             hostname,
-            descr: Some("Automatically generated".into()),
-            winsserver: None,
-            dnsserver: None,
-            ntpserver: None,
+            descr: Default::default(),
+            winsserver: Default::default(),
+            dnsserver: Default::default(),
+            ntpserver: Default::default(),
         };
         self.opnsense.dhcpd.lan.staticmaps.push(static_map);
     }
@@ -26,3 +30,115 @@ impl<'a> DhcpConfig<'a> {
         &self.opnsense.dhcpd.lan.staticmaps
     }
 }
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+#[yaserde(rename = "dhcpd")]
+pub struct Dhcpd {
+    #[yaserde(rename = "lan")]
+    pub lan: DhcpInterface,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct DhcpInterface {
+    pub enable: i32,
+    pub gateway: String,
+    pub domain: String,
+    #[yaserde(rename = "ddnsdomainalgorithm")]
+    pub ddns_domain_algorithm: String,
+    #[yaserde(rename = "numberoptions")]
+    pub number_options: Vec<NumberOption>,
+    #[yaserde(rename = "range")]
+    pub range: Range,
+    pub winsserver: MaybeString,
+    pub dnsserver: MaybeString,
+    pub ntpserver: MaybeString,
+    #[yaserde(rename = "staticmap")]
+    pub staticmaps: Vec<StaticMap>,
+    pub pool: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct DhcpRange {
+    #[yaserde(rename = "from")]
+    pub from: String,
+    #[yaserde(rename = "to")]
+    pub to: String,
+}
+
+#[cfg(test)]
+mod test {
+    use super::*;
+    use pretty_assertions::assert_eq;
+
+    #[test]
+    fn dhcpd_should_deserialize_serialize_identical() {
+        let dhcpd: Dhcpd =
+            yaserde::de::from_str(SERIALIZED_DHCPD).expect("Deserialize Dhcpd failed");
+
+        let yaserde_cfg = yaserde::ser::Config {
+            perform_indent: true,
+            write_document_declaration: false,
+            ..Default::default()
+        };
+        assert_eq!(
+            yaserde::ser::to_string_with_config(&dhcpd, &yaserde_cfg)
+                .expect("Serialize Dhcpd failed"),
+            SERIALIZED_DHCPD
+        );
+    }
+
+    const SERIALIZED_DHCPD: &str = "<dhcpd>
+  <lan>
+    <enable>1</enable>
+    <gateway>192.168.20.1</gateway>
+    <domain>somedomain.yourlocal.mcd</domain>
+    <ddnsdomainalgorithm>hmac-md5</ddnsdomainalgorithm>
+    <numberoptions>
+      <item/>
+    </numberoptions>
+    <range>
+      <from>192.168.20.50</from>
+      <to>192.168.20.200</to>
+    </range>
+    <winsserver/>
+    <dnsserver>192.168.20.1</dnsserver>
+    <ntpserver/>
+    <staticmap>
+      <mac>55:55:55:55:55:1c</mac>
+      <ipaddr>192.168.20.160</ipaddr>
+      <hostname>somehost983</hostname>
+      <descr>someservire8</descr>
+      <winsserver/>
+      <dnsserver/>
+      <ntpserver/>
+    </staticmap>
+    <staticmap>
+      <mac>55:55:55:55:55:1c</mac>
+      <ipaddr>192.168.20.155</ipaddr>
+      <hostname>somehost893</hostname>
+      <winsserver/>
+      <dnsserver/>
+      <ntpserver/>
+    </staticmap>
+    <staticmap>
+      <mac>55:55:55:55:55:1c</mac>
+      <ipaddr>192.168.20.165</ipaddr>
+      <hostname>somehost893</hostname>
+      <descr/>
+      <winsserver/>
+      <dnsserver/>
+      <ntpserver/>
+    </staticmap>
+    <staticmap>
+      <mac>55:55:55:55:55:1c</mac>
+      <ipaddr>192.168.20.50</ipaddr>
+      <hostname>hostswitch2</hostname>
+      <descr>switch-2 (bottom)</descr>
+      <winsserver/>
+      <dnsserver/>
+      <ntpserver/>
+    </staticmap>
+    <pool/>
+  </lan>
+</dhcpd>";
+}
diff --git a/harmony-rs/opnsense-config/src/modules/opnsense.rs b/harmony-rs/opnsense-config/src/modules/opnsense.rs
index 6b2c602..9daa437 100644
--- a/harmony-rs/opnsense-config/src/modules/opnsense.rs
+++ b/harmony-rs/opnsense-config/src/modules/opnsense.rs
@@ -1,13 +1,15 @@
+use super::dhcp::Dhcpd;
+use crate::infra::{generic_xml::RawXml, maybe_string::MaybeString};
 use yaserde_derive::{YaDeserialize, YaSerialize};
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 #[yaserde(rename = "opnsense")]
 pub struct OPNsense {
-    pub dhcpd: Dhcpd,
     pub theme: String,
     pub sysctl: Sysctl,
     pub system: RawXml,
-    pub interfaces: Interfaces,
+    pub interfaces: RawXml,
+    pub dhcpd: Dhcpd,
     pub snmpd: Snmpd,
     pub syslog: Syslog,
     pub nat: Nat,
@@ -19,7 +21,7 @@ pub struct OPNsense {
     #[yaserde(rename = "OPNsense")]
     pub opnsense: OPNsenseConfig,
     pub staticroutes: StaticRoutes,
-    pub ca: Option<String>,
+    pub ca: MaybeString,
     pub gateways: Gateways,
     pub cert: Cert,
     pub dhcpdv6: DhcpDv6,
@@ -71,9 +73,9 @@ pub struct Revision {
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Options {
-    pub path: Option<String>,
-    pub host: Option<String>,
-    pub code: Option<String>,
+    pub path: MaybeString,
+    pub host: MaybeString,
+    pub code: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -85,18 +87,18 @@ pub struct Filters {
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Rule {
     #[yaserde(attribute)]
-    pub uuid: Option<String>,
+    pub uuid: MaybeString,
     #[yaserde(rename = "associated-rule-id")]
-    pub associated_rule_id: Option<String>,
+    pub associated_rule_id: MaybeString,
     #[yaserde(rename = "type")]
-    pub r#type: Option<String>,
+    pub r#type: MaybeString,
     pub interface: String,
     pub ipprotocol: String,
     pub statetype: String,
     pub descr: String,
-    pub direction: Option<String>,
-    pub category: Option<String>,
-    pub quick: Option<String>,
+    pub direction: MaybeString,
+    pub category: MaybeString,
+    pub quick: MaybeString,
     pub protocol: String,
     pub source: Source,
     pub destination: Destination,
@@ -112,8 +114,8 @@ pub struct Source {
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Destination {
-    pub network: Option<String>,
-    pub address: Option<String>,
+    pub network: MaybeString,
+    pub address: MaybeString,
     pub port: Option<u16>,
 }
 
@@ -125,7 +127,7 @@ pub struct Username {
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Sysctl {
-    pub item: SysctlItem,
+    pub item: Vec<SysctlItem>,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -135,26 +137,12 @@ pub struct SysctlItem {
     pub value: String,
 }
 
-#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
-pub struct Dhcpd {
-    #[yaserde(rename = "lan")]
-    pub lan: DhcpInterface,
-}
-
-#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
-pub struct DhcpRange {
-    #[yaserde(rename = "from")]
-    pub from: String,
-    #[yaserde(rename = "to")]
-    pub to: String,
-}
-
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct System {
     #[yaserde(rename = "use_mfs_tmp")]
-    pub use_mfs_tmp: Option<String>,
+    pub use_mfs_tmp: MaybeString,
     #[yaserde(rename = "use_mfs_var")]
-    pub use_mfs_var: Option<String>,
+    pub use_mfs_var: MaybeString,
     pub serialspeed: u32,
     pub primaryconsole: String,
     pub secondaryconsole: String,
@@ -189,12 +177,12 @@ pub struct System {
     pub sudo_allow_group: String,
     pub enablenatreflectionhelper: String,
     pub rulesetoptimization: String,
-    pub maximumstates: Option<String>,
-    pub maximumfrags: Option<String>,
-    pub aliasesresolveinterval: Option<String>,
-    pub maximumtableentries: Option<String>,
+    pub maximumstates: MaybeString,
+    pub maximumfrags: MaybeString,
+    pub aliasesresolveinterval: MaybeString,
+    pub maximumtableentries: MaybeString,
     pub language: String,
-    pub dnsserver: Option<String>,
+    pub dnsserver: MaybeString,
     #[yaserde(rename = "dns1gw")]
     pub dns1gw: String,
     #[yaserde(rename = "dns2gw")]
@@ -212,21 +200,21 @@ pub struct System {
     #[yaserde(rename = "dns8gw")]
     pub dns8gw: String,
     pub dnsallowoverride: u8,
-    pub dnsallowoverride_exclude: Option<String>,
+    pub dnsallowoverride_exclude: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Ssh {
     pub group: String,
     pub noauto: u8,
-    pub interfaces: Option<String>,
-    pub kex: Option<String>,
-    pub ciphers: Option<String>,
-    pub macs: Option<String>,
-    pub keys: Option<String>,
+    pub interfaces: MaybeString,
+    pub kex: MaybeString,
+    pub ciphers: MaybeString,
+    pub macs: MaybeString,
+    pub keys: MaybeString,
     pub enabled: String,
     pub passwordauth: u8,
-    pub keysig: Option<String>,
+    pub keysig: MaybeString,
     pub permitrootlogin: u8,
 }
 
@@ -234,12 +222,12 @@ pub struct Ssh {
 pub struct Firmware {
     #[yaserde(attribute)]
     pub version: String,
-    pub mirror: Option<String>,
-    pub flavour: Option<String>,
+    pub mirror: MaybeString,
+    pub flavour: MaybeString,
     pub plugins: String,
     #[yaserde(rename = "type")]
-    pub firmware_type: Option<String>,
-    pub subscription: Option<String>,
+    pub firmware_type: MaybeString,
+    pub subscription: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -261,16 +249,16 @@ pub struct Group {
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct User {
     pub name: String,
-    pub descr: Option<String>,
+    pub descr: MaybeString,
     pub scope: String,
-    pub groupname: Option<String>,
+    pub groupname: MaybeString,
     pub password: String,
     pub uid: u32,
-    pub expires: Option<String>,
-    pub authorizedkeys: Option<String>,
-    pub ipsecpsk: Option<String>,
-    pub otp_seed: Option<String>,
-    pub shell: Option<String>,
+    pub expires: MaybeString,
+    pub authorizedkeys: MaybeString,
+    pub ipsecpsk: MaybeString,
+    pub otp_seed: MaybeString,
+    pub shell: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -278,18 +266,16 @@ pub struct WebGui {
     pub protocol: String,
     #[yaserde(rename = "ssl-certref")]
     pub ssl_certref: String,
-    pub port: Option<String>,
+    pub port: MaybeString,
     #[yaserde(rename = "ssl-ciphers")]
-    pub ssl_ciphers: Option<String>,
-    pub interfaces: Option<String>,
+    pub ssl_ciphers: MaybeString,
+    pub interfaces: MaybeString,
 
-    pub compression: Option<String>,
+    pub compression: MaybeString,
 }
 
 use std::collections::HashMap;
 
-use crate::infra::generic_xml::RawXml;
-
 #[derive(Default, PartialEq, Debug)]
 pub struct Interfaces {
     pub interfaces: HashMap<String, Interface>,
@@ -302,50 +288,31 @@ pub struct Interface {
     pub descr: String,
     pub enable: u8,
     #[yaserde(rename = "spoofmac")]
-    pub spoof_mac: Option<String>,
+    pub spoof_mac: MaybeString,
     pub internal_dynamic: Option<u8>,
-    pub ipaddr: Option<String>,
+    pub ipaddr: MaybeString,
     #[yaserde(rename = "blockpriv")]
     pub block_priv: Option<u8>,
     #[yaserde(rename = "blockbogons")]
     pub block_bogons: Option<u8>,
     pub lock: Option<u8>,
     #[yaserde(rename = "type")]
-    pub r#type: Option<String>,
+    pub r#type: MaybeString,
     #[yaserde(rename = "virtual")]
-    pub r#virtual: Option<String>,
-    pub subnet: Option<String>,
+    pub r#virtual: MaybeString,
+    pub subnet: MaybeString,
     pub networks: Option<u8>,
-    pub subnetv6: Option<String>,
-    pub ipaddrv6: Option<String>,
+    pub subnetv6: MaybeString,
+    pub ipaddrv6: MaybeString,
     #[yaserde(rename = "track6-interface")]
-    pub track6_interface: Option<String>,
+    pub track6_interface: MaybeString,
     #[yaserde(rename = "track6-prefix-id")]
-    pub track6_prefix_id: Option<String>,
-}
-
-#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
-pub struct DhcpInterface {
-    pub enable: i32,
-    pub gateway: String,
-    pub pool: Option<String>,
-    pub domain: String,
-    #[yaserde(rename = "ddnsdomainalgorithm")]
-    pub ddns_domain_algorithm: String,
-    #[yaserde(rename = "numberoptions")]
-    pub number_options: Vec<NumberOption>,
-    #[yaserde(rename = "range")]
-    pub range: Range,
-    pub winsserver: Option<String>,
-    pub dnsserver: String,
-    pub ntpserver: Option<String>,
-    #[yaserde(rename = "staticmap")]
-    pub staticmaps: Vec<StaticMap>,
+    pub track6_prefix_id: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct NumberOption {
-    item: Option<String>,
+    item: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -361,16 +328,16 @@ pub struct StaticMap {
     pub mac: String,
     pub ipaddr: String,
     pub hostname: String,
-    pub descr: Option<String>,
-    pub winsserver: Option<String>,
-    pub dnsserver: Option<String>,
-    pub ntpserver: Option<String>,
+    pub descr: Option<MaybeString>,
+    pub winsserver: MaybeString,
+    pub dnsserver: MaybeString,
+    pub ntpserver: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Snmpd {
-    pub syslocation: Option<String>,
-    pub syscontact: Option<String>,
+    pub syslocation: MaybeString,
+    pub syscontact: MaybeString,
     pub rocommunity: String,
 }
 
@@ -397,10 +364,10 @@ pub struct Outbound {
 pub struct NatRule {
     pub protocol: String,
     pub interface: String,
-    pub category: Option<String>,
+    pub category: MaybeString,
     pub ipprotocol: String,
-    pub descr: Option<String>,
-    pub tag: Option<String>,
+    pub descr: MaybeString,
+    pub tag: MaybeString,
     pub tagged: Option<u8>,
     pub poolopts: PoolOpts,
     #[yaserde(rename = "associated-rule-id")]
@@ -423,14 +390,14 @@ pub struct PoolOpts {
 pub struct Updated {
     pub username: String,
     pub time: f64,
-    pub description: Option<String>,
+    pub description: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Created {
     pub username: String,
     pub time: f64,
-    pub description: Option<String>,
+    pub description: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -455,8 +422,8 @@ pub struct OPNsenseConfig {
     #[yaserde(rename = "Syslog")]
     pub syslog: Option<ConfigSyslog>,
     #[yaserde(rename = "TrafficShaper")]
-    pub traffic_shaper: Option<TrafficShaper>,
-    pub unboundplus: Option<UnboundPlus>,
+    pub traffic_shaper: Option<RawXml>,
+    pub unboundplus: Option<RawXml>,
     pub wireguard: Option<Wireguard>,
     #[yaserde(rename = "Swanctl")]
     pub swanctl: Swanctl,
@@ -475,13 +442,13 @@ pub struct OPNsenseConfig {
 struct IDS {
     #[yaserde(attribute)]
     version: String,
-    rules: Option<String>,
-    policies: Option<String>,
+    rules: MaybeString,
+    policies: MaybeString,
     #[yaserde(rename = "userDefinedRules")]
-    user_defined_rules: Option<String>,
-    files: Option<String>,
+    user_defined_rules: MaybeString,
+    files: MaybeString,
     #[yaserde(rename = "fileTags")]
-    file_tags: Option<String>,
+    file_tags: MaybeString,
     general: IDSGeneral,
 }
 
@@ -492,8 +459,8 @@ pub struct IDSGeneral {
     promisc: Option<u8>,
     interfaces: String,
     homenet: String,
-    defaultPacketSize: Option<String>,
-    UpdateCron: Option<String>,
+    defaultPacketSize: MaybeString,
+    UpdateCron: MaybeString,
     AlertLogrotate: String,
     AlertSaveLogs: u8,
     MPMAlgo: String,
@@ -501,14 +468,14 @@ pub struct IDSGeneral {
     syslog: Option<u8>,
     syslog_eve: Option<u8>,
     LogPayload: Option<u8>,
-    verbosity: Option<String>,
+    verbosity: MaybeString,
 }
 
 #[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
 pub struct Detect {
     Profile: String,
-    toclient_groups: Option<String>,
-    toserver_groups: Option<String>,
+    toclient_groups: MaybeString,
+    toserver_groups: MaybeString,
 }
 
 #[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
@@ -517,13 +484,13 @@ pub struct IPsec {
     #[yaserde(attribute)]
     version: String,
     general: GeneralIpsec,
-    keyPairs: Option<String>,
-    preSharedKeys: Option<String>,
+    keyPairs: MaybeString,
+    preSharedKeys: MaybeString,
 }
 
 #[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
 pub struct GeneralIpsec {
-    enabled: Option<String>,
+    enabled: MaybeString,
 }
 
 #[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
@@ -563,21 +530,21 @@ struct GeneralMonit {
     startdelay: u32,
     mailserver: String,
     port: u16,
-    username: Option<String>,
-    password: Option<String>,
+    username: MaybeString,
+    password: MaybeString,
     ssl: u8,
     sslversion: String,
     sslverify: u8,
     logfile: String,
-    statefile: Option<String>,
-    eventqueuePath: Option<String>,
-    eventqueueSlots: Option<String>,
+    statefile: MaybeString,
+    eventqueuePath: MaybeString,
+    eventqueueSlots: MaybeString,
     httpdEnabled: u8,
     httpdUsername: String,
     httpdPassword: String,
     httpdPort: u16,
-    httpdAllow: Option<String>,
-    mmonitUrl: Option<String>,
+    httpdAllow: MaybeString,
+    mmonitUrl: MaybeString,
     mmonitTimeout: u32,
     mmonitRegisterCredentials: u8,
 }
@@ -589,10 +556,10 @@ struct Alert {
     enabled: u8,
     recipient: String,
     noton: u8,
-    events: Option<String>,
-    format: Option<String>,
+    events: MaybeString,
+    format: MaybeString,
     reminder: u32,
-    description: Option<String>,
+    description: MaybeString,
 }
 
 #[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
@@ -601,22 +568,22 @@ struct Service {
     uuid: String,
     enabled: u8,
     name: String,
-    description: Option<String>,
+    description: MaybeString,
     #[yaserde(rename = "type")]
     r#type: String,
-    pidfile: Option<String>,
+    pidfile: MaybeString,
     #[yaserde(rename = "match")]
-    r#match: Option<String>,
-    path: Option<String>,
+    r#match: MaybeString,
+    path: MaybeString,
     timeout: u32,
     starttimeout: u32,
-    address: Option<String>,
-    interface: Option<String>,
-    start: Option<String>,
-    stop: Option<String>,
+    address: MaybeString,
+    interface: MaybeString,
+    start: MaybeString,
+    stop: MaybeString,
     tests: String,
-    depends: Option<String>,
-    polltime: Option<String>,
+    depends: MaybeString,
+    polltime: MaybeString,
 }
 
 #[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
@@ -628,7 +595,7 @@ struct Test {
     r#type: String,
     condition: String,
     action: String,
-    path: Option<String>,
+    path: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -666,11 +633,11 @@ pub struct Netflow {
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Capture {
     #[yaserde(rename = "interfaces")]
-    pub interfaces: Option<String>,
+    pub interfaces: MaybeString,
     #[yaserde(rename = "egress_only")]
     pub egress_only: Option<u8>,
     #[yaserde(rename = "version")]
-    pub version: Option<String>,
+    pub version: MaybeString,
     #[yaserde(rename = "targets")]
     pub targets: Option<Targets>,
 }
@@ -691,9 +658,9 @@ pub struct Zones {
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Zone {
     #[yaserde(attribute)]
-    pub uuid: Option<String>,
+    pub uuid: MaybeString,
     #[yaserde(rename = "name")]
-    pub name: Option<String>,
+    pub name: MaybeString,
     // Add other fields as needed
 }
 
@@ -707,9 +674,9 @@ pub struct Templates {
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Template {
     #[yaserde(attribute)]
-    pub uuid: Option<String>,
+    pub uuid: MaybeString,
     #[yaserde(rename = "name")]
-    pub name: Option<String>,
+    pub name: MaybeString,
     // Add other fields as needed
 }
 
@@ -723,9 +690,9 @@ pub struct Jobs {
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Job {
     #[yaserde(attribute)]
-    pub uuid: Option<String>,
+    pub uuid: MaybeString,
     #[yaserde(rename = "name")]
-    pub name: Option<String>,
+    pub name: MaybeString,
     // Add other fields as needed
 }
 
@@ -739,9 +706,9 @@ pub struct Targets {
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Target {
     #[yaserde(attribute)]
-    pub uuid: Option<String>,
+    pub uuid: MaybeString,
     #[yaserde(rename = "name")]
-    pub name: Option<String>,
+    pub name: MaybeString,
     // Add other fields as needed
 }
 
@@ -758,7 +725,7 @@ pub struct Firewall {
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct LvTemplate {
     #[yaserde(attribute)]
-    pub version: Option<String>,
+    pub version: MaybeString,
     #[yaserde(rename = "templates")]
     pub templates: Option<Templates>,
 }
@@ -766,7 +733,7 @@ pub struct LvTemplate {
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Category {
     #[yaserde(attribute)]
-    pub version: Option<String>,
+    pub version: MaybeString,
     #[yaserde(rename = "categories")]
     pub categories: Option<Categories>,
 }
@@ -780,19 +747,19 @@ pub struct Categories {
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct CategoryItem {
     #[yaserde(attribute)]
-    pub uuid: Option<String>,
+    pub uuid: MaybeString,
     #[yaserde(rename = "name")]
-    pub name: Option<String>,
+    pub name: MaybeString,
     #[yaserde(rename = "auto")]
     pub auto: Option<u8>,
     #[yaserde(rename = "color")]
-    pub color: Option<String>,
+    pub color: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Alias {
     #[yaserde(attribute)]
-    pub version: Option<String>,
+    pub version: MaybeString,
     #[yaserde(rename = "geoip")]
     pub geoip: Option<GeoIP>,
     #[yaserde(rename = "aliases")]
@@ -802,7 +769,7 @@ pub struct Alias {
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct GeoIP {
     #[yaserde(rename = "url")]
-    pub url: Option<String>,
+    pub url: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -819,13 +786,13 @@ pub struct AliasItem {
     pub name: String,
     #[yaserde(rename = "type")]
     pub r#type: String,
-    pub interface: Option<String>,
+    pub interface: MaybeString,
     pub counters: String,
-    pub updatefreq: Option<String>,
+    pub updatefreq: MaybeString,
     pub content: String,
-    pub categories: Option<String>,
-    pub description: Option<String>,
-    pub proto: Option<String>,
+    pub categories: MaybeString,
+    pub description: MaybeString,
+    pub proto: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -855,20 +822,20 @@ pub struct ConfigGeneral {
     pub enabled: i32,
     #[yaserde(rename = "error_pages")]
     pub error_pages: String,
-    pub icpPort: Option<String>,
+    pub icpPort: MaybeString,
     pub logging: Logging,
-    pub alternateDNSservers: Option<String>,
+    pub alternateDNSservers: MaybeString,
     pub dnsV4First: i32,
     pub forwardedForHandling: String,
     pub uriWhitespaceHandling: String,
     pub enablePinger: i32,
     pub useViaHeader: i32,
     pub suppressVersion: i32,
-    pub connecttimeout: Option<String>,
+    pub connecttimeout: MaybeString,
     #[yaserde(rename = "VisibleEmail")]
     pub visible_email: String,
     #[yaserde(rename = "VisibleHostname")]
-    pub visible_hostname: Option<String>,
+    pub visible_hostname: MaybeString,
     pub cache: Cache,
     pub traffic: Traffic,
     pub parentproxy: ParentProxy,
@@ -877,8 +844,8 @@ pub struct ConfigGeneral {
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Logging {
     pub enable: Enable,
-    pub ignoreLogACL: Option<String>,
-    pub target: Option<String>,
+    pub ignoreLogACL: MaybeString,
+    pub target: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -897,8 +864,8 @@ pub struct LocalCache {
     pub enabled: i32,
     pub directory: String,
     pub cache_mem: i32,
-    pub maximum_object_size: Option<String>,
-    pub maximum_object_size_in_memory: Option<String>,
+    pub maximum_object_size: MaybeString,
+    pub maximum_object_size_in_memory: MaybeString,
     pub memory_cache_mode: String,
     pub size: i32,
     pub l1: i32,
@@ -919,13 +886,13 @@ pub struct Traffic {
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct ParentProxy {
     pub enabled: i32,
-    pub host: Option<String>,
+    pub host: MaybeString,
     pub enableauth: i32,
-    pub user: Option<String>,
-    pub password: Option<String>,
-    pub port: Option<String>,
-    pub localdomains: Option<String>,
-    pub localips: Option<String>,
+    pub user: MaybeString,
+    pub password: MaybeString,
+    pub port: MaybeString,
+    pub localdomains: MaybeString,
+    pub localips: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -935,14 +902,14 @@ pub struct Forward {
     pub sslbumpport: i32,
     pub sslbump: i32,
     pub sslurlonly: i32,
-    pub sslcertificate: Option<String>,
-    pub sslnobumpsites: Option<String>,
+    pub sslcertificate: MaybeString,
+    pub sslnobumpsites: MaybeString,
     pub ssl_crtd_storage_max_size: i32,
     pub sslcrtd_children: i32,
     pub snmp_enable: i32,
     pub snmp_port: i32,
     pub snmp_password: String,
-    pub ftpInterfaces: Option<String>,
+    pub ftpInterfaces: MaybeString,
     pub ftpPort: i32,
     pub ftpTransparentMode: i32,
     pub addACLforInterfaceSubnets: i32,
@@ -954,15 +921,15 @@ pub struct Forward {
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Acl {
-    pub allowedSubnets: Option<String>,
-    pub unrestricted: Option<String>,
-    pub bannedHosts: Option<String>,
-    pub whiteList: Option<String>,
-    pub blackList: Option<String>,
-    pub browser: Option<String>,
-    pub mimeType: Option<String>,
-    pub googleapps: Option<String>,
-    pub youtube: Option<String>,
+    pub allowedSubnets: MaybeString,
+    pub unrestricted: MaybeString,
+    pub bannedHosts: MaybeString,
+    pub whiteList: MaybeString,
+    pub blackList: MaybeString,
+    pub browser: MaybeString,
+    pub mimeType: MaybeString,
+    pub googleapps: MaybeString,
+    pub youtube: MaybeString,
     pub safePorts: String,
     pub sslPorts: String,
     pub remoteACLs: RemoteAcls,
@@ -970,8 +937,8 @@ pub struct Acl {
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct RemoteAcls {
-    pub blacklists: Option<String>,
-    pub UpdateCron: Option<String>,
+    pub blacklists: MaybeString,
+    pub UpdateCron: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -986,13 +953,13 @@ pub struct Icap {
     pub EnablePreview: i32,
     pub PreviewSize: i32,
     pub OptionsTTL: i32,
-    pub exclude: Option<String>,
+    pub exclude: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Authentication {
-    pub method: Option<String>,
-    pub authEnforceGroup: Option<String>,
+    pub method: MaybeString,
+    pub authEnforceGroup: MaybeString,
     pub realm: String,
     pub credentialsttl: i32,
     pub children: i32,
@@ -1003,7 +970,7 @@ pub struct Pac {}
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct ErrorPages {
-    pub template: Option<String>,
+    pub template: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -1011,7 +978,7 @@ pub struct ConfigSyslog {
     #[yaserde(attribute)]
     pub version: String,
     pub general: SyslogGeneral,
-    pub destinations: Option<String>,
+    pub destinations: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -1019,16 +986,6 @@ pub struct SyslogGeneral {
     pub enabled: i32,
 }
 
-#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
-#[yaserde(rename = "TrafficShaper")]
-pub struct TrafficShaper {
-    #[yaserde(attribute)]
-    pub version: String,
-    pub pipes: Option<String>,
-    pub queues: Option<String>,
-    pub rules: Option<String>,
-}
-
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct UnboundPlus {
     #[yaserde(attribute)]
@@ -1038,32 +995,32 @@ pub struct UnboundPlus {
     pub acls: Acls,
     pub dnsbl: Dnsbl,
     pub forwarding: Forwarding,
-    pub dots: Option<String>,
+    pub dots: MaybeString,
     pub hosts: Hosts,
-    pub aliases: Option<String>,
-    pub domains: Option<String>,
+    pub aliases: MaybeString,
+    pub domains: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct UnboundGeneral {
     pub enabled: i32,
     pub port: i32,
-    pub stats: Option<String>,
-    pub active_interface: Option<String>,
-    pub dnssec: Option<String>,
-    pub dns64: Option<String>,
-    pub dns64prefix: Option<String>,
-    pub noarecords: Option<String>,
+    pub stats: MaybeString,
+    pub active_interface: MaybeString,
+    pub dnssec: MaybeString,
+    pub dns64: MaybeString,
+    pub dns64prefix: MaybeString,
+    pub noarecords: MaybeString,
     pub regdhcp: i32,
-    pub regdhcpdomain: Option<String>,
+    pub regdhcpdomain: MaybeString,
     pub regdhcpstatic: i32,
-    pub noreglladdr6: Option<String>,
-    pub noregrecords: Option<String>,
-    pub txtsupport: Option<String>,
-    pub cacheflush: Option<String>,
+    pub noreglladdr6: MaybeString,
+    pub noregrecords: MaybeString,
+    pub txtsupport: MaybeString,
+    pub cacheflush: MaybeString,
     pub local_zone_type: String,
-    pub outgoing_interface: Option<String>,
-    pub enable_wpad: Option<String>,
+    pub outgoing_interface: MaybeString,
+    pub enable_wpad: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -1074,36 +1031,36 @@ pub struct Advanced {
     pub prefetchkey: i32,
     pub dnssecstripped: i32,
     pub serveexpired: i32,
-    pub serveexpiredreplyttl: Option<String>,
-    pub serveexpiredttl: Option<String>,
+    pub serveexpiredreplyttl: MaybeString,
+    pub serveexpiredttl: MaybeString,
     pub serveexpiredttlreset: i32,
-    pub serveexpiredclienttimeout: Option<String>,
+    pub serveexpiredclienttimeout: MaybeString,
     pub qnameminstrict: i32,
     pub extendedstatistics: i32,
     pub logqueries: i32,
     pub logreplies: i32,
     pub logtagqueryreply: i32,
-    pub logservfail: Option<String>,
-    pub loglocalactions: Option<String>,
+    pub logservfail: MaybeString,
+    pub loglocalactions: MaybeString,
     pub logverbosity: i32,
     pub valloglevel: i32,
-    pub privatedomain: Option<String>,
-    pub privateaddress: Option<String>,
-    pub insecuredomain: Option<String>,
-    pub msgcachesize: Option<String>,
-    pub rrsetcachesize: Option<String>,
-    pub outgoingnumtcp: Option<String>,
-    pub incomingnumtcp: Option<String>,
-    pub numqueriesperthread: Option<String>,
-    pub outgoingrange: Option<String>,
-    pub jostletimeout: Option<String>,
-    pub cachemaxttl: Option<String>,
-    pub cachemaxnegativettl: Option<String>,
-    pub cacheminttl: Option<String>,
-    pub infrahostttl: Option<String>,
-    pub infrakeepprobing: Option<String>,
-    pub infracachenumhosts: Option<String>,
-    pub unwantedreplythreshold: Option<String>,
+    pub privatedomain: MaybeString,
+    pub privateaddress: MaybeString,
+    pub insecuredomain: MaybeString,
+    pub msgcachesize: MaybeString,
+    pub rrsetcachesize: MaybeString,
+    pub outgoingnumtcp: MaybeString,
+    pub incomingnumtcp: MaybeString,
+    pub numqueriesperthread: MaybeString,
+    pub outgoingrange: MaybeString,
+    pub jostletimeout: MaybeString,
+    pub cachemaxttl: MaybeString,
+    pub cachemaxnegativettl: MaybeString,
+    pub cacheminttl: MaybeString,
+    pub infrahostttl: MaybeString,
+    pub infrakeepprobing: MaybeString,
+    pub infracachenumhosts: MaybeString,
+    pub unwantedreplythreshold: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -1115,14 +1072,14 @@ pub struct Acls {
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Dnsbl {
     pub enabled: i32,
-    pub safesearch: Option<String>,
+    pub safesearch: MaybeString,
     #[yaserde(rename = "type")]
-    pub r#type: Option<String>,
-    pub lists: Option<String>,
-    pub whitelists: Option<String>,
-    pub blocklists: Option<String>,
-    pub wildcards: Option<String>,
-    pub address: Option<String>,
+    pub r#type: MaybeString,
+    pub lists: MaybeString,
+    pub whitelists: MaybeString,
+    pub blocklists: MaybeString,
+    pub wildcards: MaybeString,
+    pub address: MaybeString,
     pub nxdomain: i32,
 }
 
@@ -1145,8 +1102,8 @@ pub struct Host {
     pub hostname: String,
     pub domain: String,
     pub rr: String,
-    pub mxprio: Option<String>,
-    pub mx: Option<String>,
+    pub mxprio: MaybeString,
+    pub mx: MaybeString,
     pub server: String,
     pub description: String,
 }
@@ -1187,12 +1144,12 @@ pub struct WireguardServerItem {
     pub pubkey: String,
     pub privkey: String,
     pub port: i32,
-    pub mtu: Option<String>,
-    pub dns: Option<String>,
+    pub mtu: MaybeString,
+    pub dns: MaybeString,
     pub tunneladdress: String,
     pub disableroutes: i32,
-    pub gateway: Option<String>,
-    pub carp_depend_on: Option<String>,
+    pub gateway: MaybeString,
+    pub carp_depend_on: MaybeString,
     pub peers: String,
 }
 
@@ -1215,11 +1172,11 @@ pub struct WireguardClientItem {
     pub enabled: i32,
     pub name: String,
     pub pubkey: String,
-    pub psk: Option<String>,
+    pub psk: MaybeString,
     pub tunneladdress: String,
-    pub serveraddress: Option<String>,
-    pub serverport: Option<String>,
-    pub keepalive: Option<String>,
+    pub serveraddress: MaybeString,
+    pub serverport: MaybeString,
+    pub keepalive: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -1227,16 +1184,16 @@ pub struct Swanctl {
     #[yaserde(attribute)]
     pub version: String,
     #[yaserde(rename = "Connections")]
-    pub connections: Option<String>,
-    pub locals: Option<String>,
-    pub remotes: Option<String>,
-    pub children: Option<String>,
+    pub connections: MaybeString,
+    pub locals: MaybeString,
+    pub remotes: MaybeString,
+    pub children: MaybeString,
     #[yaserde(rename = "Pools")]
-    pub pools: Option<String>,
+    pub pools: MaybeString,
     #[yaserde(rename = "VTIs")]
-    pub vtis: Option<String>,
+    pub vtis: MaybeString,
     #[yaserde(rename = "SPDs")]
-    pub spds: Option<String>,
+    pub spds: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -1269,15 +1226,15 @@ pub struct Account {
     pub uuid: String,
     pub enabled: i32,
     pub service: String,
-    pub protocol: Option<String>,
-    pub server: Option<String>,
+    pub protocol: MaybeString,
+    pub server: MaybeString,
     pub username: String,
     pub password: String,
     #[yaserde(rename = "resourceId")]
-    pub resource_id: Option<String>,
+    pub resource_id: MaybeString,
     pub hostnames: String,
     pub wildcard: i32,
-    pub zone: Option<String>,
+    pub zone: MaybeString,
     pub checkip: String,
     #[yaserde(rename = "checkip_timeout")]
     pub checkip_timeout: i32,
@@ -1292,9 +1249,9 @@ pub struct Account {
 pub struct ConfigOpenVPN {
     #[yaserde(attribute)]
     pub version: String,
-    pub Overwrites: Option<String>,
-    pub Instances: Option<String>,
-    pub StaticKeys: Option<String>,
+    pub Overwrites: MaybeString,
+    pub Instances: MaybeString,
+    pub StaticKeys: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -1313,17 +1270,17 @@ pub struct HAProxy {
     pub backends: HAProxyBackends,
     pub servers: HAProxyServers,
     pub healthchecks: HAProxyHealthChecks,
-    pub acls: Option<String>,
-    pub actions: Option<String>,
-    pub luas: Option<String>,
-    pub fcgis: Option<String>,
-    pub errorfiles: Option<String>,
-    pub mapfiles: Option<String>,
-    pub groups: Option<String>,
-    pub users: Option<String>,
-    pub cpus: Option<String>,
-    pub resolvers: Option<String>,
-    pub mailers: Option<String>,
+    pub acls: MaybeString,
+    pub actions: MaybeString,
+    pub luas: MaybeString,
+    pub fcgis: MaybeString,
+    pub errorfiles: MaybeString,
+    pub mapfiles: MaybeString,
+    pub groups: MaybeString,
+    pub users: MaybeString,
+    pub cpus: MaybeString,
+    pub resolvers: MaybeString,
+    pub mailers: MaybeString,
     pub maintenance: Maintenance,
 }
 
@@ -1338,19 +1295,19 @@ pub struct CronJobs {
     #[yaserde(rename = "syncCerts")]
     pub sync_certs: u32,
     #[yaserde(rename = "syncCertsCron")]
-    pub sync_certs_cron: Option<String>,
+    pub sync_certs_cron: MaybeString,
     #[yaserde(rename = "updateOcsp")]
     pub update_ocsp: u32,
     #[yaserde(rename = "updateOcspCron")]
-    pub update_ocsp_cron: Option<String>,
+    pub update_ocsp_cron: MaybeString,
     #[yaserde(rename = "reloadService")]
     pub reload_service: u32,
     #[yaserde(rename = "reloadServiceCron")]
-    pub reload_service_cron: Option<String>,
+    pub reload_service_cron: MaybeString,
     #[yaserde(rename = "restartService")]
     pub restart_service: u32,
     #[yaserde(rename = "restartServiceCron")]
-    pub restart_service_cron: Option<String>,
+    pub restart_service_cron: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -1358,7 +1315,7 @@ pub struct HaProxyGeneral {
     pub enabled: i32,
     pub gracefulStop: i32,
     pub hardStopAfter: String,
-    pub closeSpreadTime: Option<String>,
+    pub closeSpreadTime: MaybeString,
     pub seamlessReload: i32,
     pub storeOcsp: i32,
     pub showIntro: i32,
@@ -1373,18 +1330,18 @@ pub struct HaProxyGeneral {
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Peers {
     pub enabled: i32,
-    pub name1: Option<String>,
-    pub listen1: Option<String>,
+    pub name1: MaybeString,
+    pub listen1: MaybeString,
     pub port1: i32,
-    pub name2: Option<String>,
-    pub listen2: Option<String>,
+    pub name2: MaybeString,
+    pub listen2: MaybeString,
     pub port2: i32,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Tuning {
     pub root: i32,
-    pub maxConnections: Option<String>,
+    pub maxConnections: MaybeString,
     pub nbthread: i32,
     pub sslServerVerify: String,
     pub maxDHSize: i32,
@@ -1392,28 +1349,28 @@ pub struct Tuning {
     pub spreadChecks: i32,
     pub bogusProxyEnabled: i32,
     pub luaMaxMem: i32,
-    pub customOptions: Option<String>,
+    pub customOptions: MaybeString,
     #[yaserde(rename = "ssl_defaultsEnabled")]
     pub ssl_defaults_enabled: i32,
     pub ssl_bindOptions: String,
     pub ssl_minVersion: String,
-    pub ssl_maxVersion: Option<String>,
+    pub ssl_maxVersion: MaybeString,
     pub ssl_cipherList: String,
     pub ssl_cipherSuites: String,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct HaProxyDefaults {
-    pub maxConnections: Option<String>,
-    pub maxConnectionsServers: Option<String>,
+    pub maxConnections: MaybeString,
+    pub maxConnectionsServers: MaybeString,
     pub timeoutClient: String,
     pub timeoutConnect: String,
-    pub timeoutCheck: Option<String>,
+    pub timeoutCheck: MaybeString,
     pub timeoutServer: String,
     pub retries: i32,
     pub redispatch: String,
     pub init_addr: String,
-    pub customOptions: Option<String>,
+    pub customOptions: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -1421,7 +1378,7 @@ pub struct HaProxyLogging {
     pub host: String,
     pub facility: String,
     pub level: String,
-    pub length: Option<String>,
+    pub length: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -1429,12 +1386,12 @@ pub struct Stats {
     pub enabled: i32,
     pub port: i32,
     pub remoteEnabled: i32,
-    pub remoteBind: Option<String>,
+    pub remoteBind: MaybeString,
     pub authEnabled: i32,
-    pub users: Option<String>,
-    pub allowedUsers: Option<String>,
-    pub allowedGroups: Option<String>,
-    pub customOptions: Option<String>,
+    pub users: MaybeString,
+    pub allowedUsers: MaybeString,
+    pub allowedGroups: MaybeString,
+    pub customOptions: MaybeString,
     pub prometheus_enabled: i32,
     pub prometheus_bind: String,
     pub prometheus_path: String,
@@ -1445,7 +1402,7 @@ pub struct HaProxyCache {
     pub enabled: i32,
     pub totalMaxSize: i32,
     pub maxAge: i32,
-    pub maxObjectSize: Option<String>,
+    pub maxObjectSize: MaybeString,
     pub processVary: i32,
     pub maxSecondaryEntries: i32,
 }
@@ -1465,17 +1422,17 @@ pub struct Frontend {
     pub name: String,
     pub description: String,
     pub bind: String,
-    pub bindOptions: Option<String>,
+    pub bindOptions: MaybeString,
     pub mode: String,
     pub defaultBackend: String,
     pub ssl_enabled: i32,
-    pub ssl_certificates: Option<String>,
-    pub ssl_default_certificate: Option<String>,
-    pub ssl_customOptions: Option<String>,
+    pub ssl_certificates: MaybeString,
+    pub ssl_default_certificate: MaybeString,
+    pub ssl_customOptions: MaybeString,
     pub ssl_advancedEnabled: i32,
     pub ssl_bindOptions: String,
     pub ssl_minVersion: String,
-    pub ssl_maxVersion: Option<String>,
+    pub ssl_maxVersion: MaybeString,
     pub ssl_cipherList: String,
     pub ssl_cipherSuites: String,
     pub ssl_hstsEnabled: i32,
@@ -1484,29 +1441,29 @@ pub struct Frontend {
     pub ssl_hstsMaxAge: i32,
     pub ssl_clientAuthEnabled: i32,
     pub ssl_clientAuthVerify: String,
-    pub ssl_clientAuthCAs: Option<String>,
-    pub ssl_clientAuthCRLs: Option<String>,
+    pub ssl_clientAuthCAs: MaybeString,
+    pub ssl_clientAuthCRLs: MaybeString,
     pub basicAuthEnabled: i32,
-    pub basicAuthUsers: Option<String>,
-    pub basicAuthGroups: Option<String>,
-    pub tuning_maxConnections: Option<String>,
-    pub tuning_timeoutClient: Option<String>,
-    pub tuning_timeoutHttpReq: Option<String>,
-    pub tuning_timeoutHttpKeepAlive: Option<String>,
-    pub linkedCpuAffinityRules: Option<String>,
-    pub tuning_shards: Option<String>,
+    pub basicAuthUsers: MaybeString,
+    pub basicAuthGroups: MaybeString,
+    pub tuning_maxConnections: MaybeString,
+    pub tuning_timeoutClient: MaybeString,
+    pub tuning_timeoutHttpReq: MaybeString,
+    pub tuning_timeoutHttpKeepAlive: MaybeString,
+    pub linkedCpuAffinityRules: MaybeString,
+    pub tuning_shards: MaybeString,
     pub logging_dontLogNull: i32,
     pub logging_dontLogNormal: i32,
     pub logging_logSeparateErrors: i32,
     pub logging_detailedLog: i32,
     pub logging_socketStats: i32,
-    pub stickiness_pattern: Option<String>,
-    pub stickiness_dataTypes: Option<String>,
+    pub stickiness_pattern: MaybeString,
+    pub stickiness_dataTypes: MaybeString,
     pub stickiness_expire: String,
     pub stickiness_size: String,
     pub stickiness_counter: i32,
     pub stickiness_counter_key: String,
-    pub stickiness_length: Option<String>,
+    pub stickiness_length: MaybeString,
     pub stickiness_connRatePeriod: String,
     pub stickiness_sessRatePeriod: String,
     pub stickiness_httpReqRatePeriod: String,
@@ -1520,9 +1477,9 @@ pub struct Frontend {
     pub prometheus_enabled: i32,
     pub prometheus_path: String,
     pub connectionBehaviour: String,
-    pub customOptions: Option<String>,
-    pub linkedActions: Option<String>,
-    pub linkedErrorfiles: Option<String>,
+    pub customOptions: MaybeString,
+    pub linkedActions: MaybeString,
+    pub linkedErrorfiles: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -1542,7 +1499,7 @@ pub struct Backend {
     #[yaserde(rename = "name")]
     pub name: String,
     #[yaserde(rename = "description")]
-    pub description: Option<String>,
+    pub description: MaybeString,
     #[yaserde(rename = "mode")]
     pub mode: String,
     #[yaserde(rename = "algorithm")]
@@ -1550,35 +1507,35 @@ pub struct Backend {
     #[yaserde(rename = "random_draws")]
     pub random_draws: Option<u32>,
     #[yaserde(rename = "proxyProtocol")]
-    pub proxy_protocol: Option<String>,
+    pub proxy_protocol: MaybeString,
     #[yaserde(rename = "linkedServers")]
-    pub linked_servers: Option<String>,
+    pub linked_servers: MaybeString,
     #[yaserde(rename = "linkedFcgi")]
-    pub linked_fcgi: Option<String>,
+    pub linked_fcgi: MaybeString,
     #[yaserde(rename = "linkedResolver")]
-    pub linked_resolver: Option<String>,
+    pub linked_resolver: MaybeString,
     #[yaserde(rename = "resolverOpts")]
-    pub resolver_opts: Option<String>,
+    pub resolver_opts: MaybeString,
     #[yaserde(rename = "resolvePrefer")]
-    pub resolve_prefer: Option<String>,
+    pub resolve_prefer: MaybeString,
     #[yaserde(rename = "source")]
-    pub source: Option<String>,
+    pub source: MaybeString,
     #[yaserde(rename = "healthCheckEnabled")]
     pub health_check_enabled: u8,
     #[yaserde(rename = "healthCheck")]
-    pub health_check: Option<String>,
+    pub health_check: MaybeString,
     #[yaserde(rename = "healthCheckLogStatus")]
     pub health_check_log_status: u8,
     #[yaserde(rename = "checkInterval")]
-    pub check_interval: Option<String>,
+    pub check_interval: MaybeString,
     #[yaserde(rename = "checkDownInterval")]
-    pub check_down_interval: Option<String>,
+    pub check_down_interval: MaybeString,
     #[yaserde(rename = "healthCheckFall")]
-    pub health_check_fall: Option<String>,
+    pub health_check_fall: MaybeString,
     #[yaserde(rename = "healthCheckRise")]
-    pub health_check_rise: Option<String>,
+    pub health_check_rise: MaybeString,
     #[yaserde(rename = "linkedMailer")]
-    pub linked_mailer: Option<String>,
+    pub linked_mailer: MaybeString,
     #[yaserde(rename = "http2Enabled")]
     pub http2_enabled: u8,
     #[yaserde(rename = "http2Enabled_nontls")]
@@ -1590,21 +1547,21 @@ pub struct Backend {
     #[yaserde(rename = "persistence_cookiemode")]
     pub persistence_cookiemode: String,
     #[yaserde(rename = "persistence_cookiename")]
-    pub persistence_cookiename: Option<String>,
+    pub persistence_cookiename: MaybeString,
     #[yaserde(rename = "persistence_stripquotes")]
     pub persistence_stripquotes: u8,
     #[yaserde(rename = "stickiness_pattern")]
     pub stickiness_pattern: String,
     #[yaserde(rename = "stickiness_dataTypes")]
-    pub stickiness_data_types: Option<String>,
+    pub stickiness_data_types: MaybeString,
     #[yaserde(rename = "stickiness_expire")]
     pub stickiness_expire: String,
     #[yaserde(rename = "stickiness_size")]
     pub stickiness_size: String,
     #[yaserde(rename = "stickiness_cookiename")]
-    pub stickiness_cookiename: Option<String>,
+    pub stickiness_cookiename: MaybeString,
     #[yaserde(rename = "stickiness_cookielength")]
-    pub stickiness_cookielength: Option<String>,
+    pub stickiness_cookielength: MaybeString,
     #[yaserde(rename = "stickiness_connRatePeriod")]
     pub stickiness_conn_rate_period: String,
     #[yaserde(rename = "stickiness_sessRatePeriod")]
@@ -1620,31 +1577,31 @@ pub struct Backend {
     #[yaserde(rename = "basicAuthEnabled")]
     pub basic_auth_enabled: u8,
     #[yaserde(rename = "basicAuthUsers")]
-    pub basic_auth_users: Option<String>,
+    pub basic_auth_users: MaybeString,
     #[yaserde(rename = "basicAuthGroups")]
-    pub basic_auth_groups: Option<String>,
+    pub basic_auth_groups: MaybeString,
     #[yaserde(rename = "tuning_timeoutConnect")]
-    pub tuning_timeout_connect: Option<String>,
+    pub tuning_timeout_connect: MaybeString,
     #[yaserde(rename = "tuning_timeoutCheck")]
-    pub tuning_timeout_check: Option<String>,
+    pub tuning_timeout_check: MaybeString,
     #[yaserde(rename = "tuning_timeoutServer")]
-    pub tuning_timeout_server: Option<String>,
+    pub tuning_timeout_server: MaybeString,
     #[yaserde(rename = "tuning_retries")]
-    pub tuning_retries: Option<String>,
+    pub tuning_retries: MaybeString,
     #[yaserde(rename = "customOptions")]
-    pub custom_options: Option<String>,
+    pub custom_options: MaybeString,
     #[yaserde(rename = "tuning_defaultserver")]
-    pub tuning_defaultserver: Option<String>,
+    pub tuning_defaultserver: MaybeString,
     #[yaserde(rename = "tuning_noport")]
     pub tuning_noport: u8,
     #[yaserde(rename = "tuning_httpreuse")]
-    pub tuning_httpreuse: Option<String>,
+    pub tuning_httpreuse: MaybeString,
     #[yaserde(rename = "tuning_caching")]
     pub tuning_caching: u8,
     #[yaserde(rename = "linkedActions")]
-    pub linked_actions: Option<String>,
+    pub linked_actions: MaybeString,
     #[yaserde(rename = "linkedErrorfiles")]
-    pub linked_errorfiles: Option<String>,
+    pub linked_errorfiles: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -1664,13 +1621,13 @@ pub struct HAProxyServer {
     #[yaserde(rename = "name")]
     pub name: String,
     #[yaserde(rename = "description")]
-    pub description: Option<String>,
+    pub description: MaybeString,
     #[yaserde(rename = "address")]
     pub address: String,
     #[yaserde(rename = "port")]
     pub port: u16,
     #[yaserde(rename = "checkport")]
-    pub checkport: Option<String>,
+    pub checkport: MaybeString,
     #[yaserde(rename = "mode")]
     pub mode: String,
     #[yaserde(rename = "multiplexer_protocol")]
@@ -1678,41 +1635,41 @@ pub struct HAProxyServer {
     #[yaserde(rename = "type")]
     pub server_type: String,
     #[yaserde(rename = "serviceName")]
-    pub service_name: Option<String>,
+    pub service_name: MaybeString,
     #[yaserde(rename = "number")]
-    pub number: Option<String>,
+    pub number: MaybeString,
     #[yaserde(rename = "linkedResolver")]
-    pub linked_resolver: Option<String>,
+    pub linked_resolver: MaybeString,
     #[yaserde(rename = "resolverOpts")]
-    pub resolver_opts: Option<String>,
+    pub resolver_opts: MaybeString,
     #[yaserde(rename = "resolvePrefer")]
-    pub resolve_prefer: Option<String>,
+    pub resolve_prefer: MaybeString,
     #[yaserde(rename = "ssl")]
     pub ssl: u8,
     #[yaserde(rename = "sslSNI")]
-    pub ssl_sni: Option<String>,
+    pub ssl_sni: MaybeString,
     #[yaserde(rename = "sslVerify")]
     pub ssl_verify: u8,
     #[yaserde(rename = "sslCA")]
-    pub ssl_ca: Option<String>,
+    pub ssl_ca: MaybeString,
     #[yaserde(rename = "sslCRL")]
-    pub ssl_crl: Option<String>,
+    pub ssl_crl: MaybeString,
     #[yaserde(rename = "sslClientCertificate")]
-    pub ssl_client_certificate: Option<String>,
+    pub ssl_client_certificate: MaybeString,
     #[yaserde(rename = "maxConnections")]
-    pub max_connections: Option<String>,
+    pub max_connections: MaybeString,
     #[yaserde(rename = "weight")]
     pub weight: u32,
     #[yaserde(rename = "checkInterval")]
-    pub check_interval: Option<String>,
+    pub check_interval: MaybeString,
     #[yaserde(rename = "checkDownInterval")]
-    pub check_down_interval: Option<String>,
+    pub check_down_interval: MaybeString,
     #[yaserde(rename = "source")]
-    pub source: Option<String>,
+    pub source: MaybeString,
     #[yaserde(rename = "advanced")]
-    pub advanced: Option<String>,
+    pub advanced: MaybeString,
     #[yaserde(rename = "unix_socket")]
-    pub unix_socket: Option<String>,
+    pub unix_socket: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -1726,43 +1683,43 @@ pub struct HAProxyHealthCheck {
     #[yaserde(attribute)]
     pub uuid: String,
     pub name: String,
-    pub description: Option<String>,
+    pub description: MaybeString,
     #[yaserde(rename = "type")]
     pub health_check_type: String,
     pub interval: String,
     pub ssl: String,
     #[yaserde(rename = "sslSNI")]
-    pub ssl_sni: Option<String>,
+    pub ssl_sni: MaybeString,
     pub force_ssl: u8,
-    pub checkport: Option<String>,
+    pub checkport: MaybeString,
     pub http_method: String,
     pub http_uri: String,
-    pub http_version: Option<String>,
+    pub http_version: MaybeString,
     #[yaserde(rename = "http_host")]
-    pub http_host: Option<String>,
+    pub http_host: MaybeString,
     #[yaserde(rename = "http_expressionEnabled")]
     pub http_expression_enabled: Option<u8>,
-    pub http_expression: Option<String>,
-    pub http_negate: Option<String>,
-    pub http_value: Option<String>,
-    pub tcp_enabled: Option<String>,
+    pub http_expression: MaybeString,
+    pub http_negate: MaybeString,
+    pub http_value: MaybeString,
+    pub tcp_enabled: MaybeString,
     #[yaserde(rename = "tcp_sendValue")]
-    pub tcp_send_value: Option<String>,
+    pub tcp_send_value: MaybeString,
     #[yaserde(rename = "tcp_matchType")]
-    pub tcp_match_type: Option<String>,
+    pub tcp_match_type: MaybeString,
     #[yaserde(rename = "tcp_matchValue")]
-    pub tcp_match_value: Option<String>,
-    pub tcp_negate: Option<String>,
+    pub tcp_match_value: MaybeString,
+    pub tcp_negate: MaybeString,
     #[yaserde(rename = "agentPort")]
-    pub agent_port: Option<String>,
-    pub mysql_user: Option<String>,
-    pub mysql_post41: Option<String>,
-    pub pgsql_user: Option<String>,
+    pub agent_port: MaybeString,
+    pub mysql_user: MaybeString,
+    pub mysql_post41: MaybeString,
+    pub pgsql_user: MaybeString,
     #[yaserde(alias = "smtpDomain")]
-    pub smtp_domain: Option<String>,
-    pub esmtp_domain: Option<String>,
+    pub smtp_domain: MaybeString,
+    pub esmtp_domain: MaybeString,
     #[yaserde(rename = "dbUser")]
-    pub db_user: Option<String>,
+    pub db_user: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -1770,7 +1727,7 @@ pub struct StaticRoutes {
     #[yaserde(attribute)]
     pub version: String,
     #[yaserde(rename = "route")]
-    pub route: Option<String>, // Assuming it can be empty, use Option
+    pub route: MaybeString, // Assuming it can be empty, use Option
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -1779,7 +1736,7 @@ pub struct Ca {} // Empty struct for <ca/>
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Gateways {
     #[yaserde(rename = "gateway_item")]
-    pub gateway_item: Option<String>, // Assuming it can be empty, use Option
+    pub gateway_item: MaybeString, // Assuming it can be empty, use Option
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -1816,8 +1773,8 @@ pub struct Vip {
     pub gateway: String,
     pub noexpand: u32,
     pub nobind: u32,
-    pub password: Option<String>,
-    pub vhid: Option<String>,
+    pub password: MaybeString,
+    pub vhid: MaybeString,
     pub advbase: u32,
     pub advskew: u32,
     pub descr: String,
@@ -1826,12 +1783,11 @@ pub struct Vip {
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct OpenVpn {
     #[yaserde(rename = "openvpn-server")]
-    pub openvpn_server: Option<String>,
+    pub openvpn_server: MaybeString,
     #[yaserde(rename = "openvpn-client")]
-    pub openvpn_client: Option<String>,
+    pub openvpn_client: MaybeString,
 }
 
-
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Ppps {
     pub ppp: Ppp,
@@ -1858,18 +1814,18 @@ pub struct Dyndnses {
 pub struct Dyndns {
     #[yaserde(rename = "type")]
     pub r#type: String,
-    pub username: Option<String>,
+    pub username: MaybeString,
     pub password: String,
     pub host: String,
-    pub mx: Option<String>,
+    pub mx: MaybeString,
     pub interface: String,
-    pub zoneid: Option<String>,
-    pub resourceid: Option<String>,
-    pub ttl: Option<String>,
-    pub updateurl: Option<String>,
-    pub resultmatch: Option<String>,
+    pub zoneid: MaybeString,
+    pub resourceid: MaybeString,
+    pub ttl: MaybeString,
+    pub updateurl: MaybeString,
+    pub resultmatch: MaybeString,
     pub requestif: String,
-    pub descr: Option<String>,
+    pub descr: MaybeString,
     pub id: u32,
 }
 
@@ -1877,22 +1833,22 @@ pub struct Dyndns {
 pub struct Vlans {
     #[yaserde(attribute)]
     pub version: String,
-    pub vlan: Option<String>,
+    pub vlan: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Bridges {
-    pub bridged: Option<String>,
+    pub bridged: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Gifs {
-    pub gif: Option<String>,
+    pub gif: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Gres {
-    pub gre: Option<String>,
+    pub gre: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -1903,7 +1859,7 @@ pub struct Laggs {
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Wireless {
-    pub clone: Option<String>,
+    pub clone: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]

From 50ca6afb47fb08b63d929ced547935c4937fa23f Mon Sep 17 00:00:00 2001
From: Jean-Gabriel Gill-Couture <jeangabriel.gc@gmail.com>
Date: Wed, 6 Nov 2024 16:23:08 -0500
Subject: [PATCH 10/19] feat(opnsense-config): Xml parsing now works great to
 parse a full production config. Only  some element ordering that is not
 consistent across multiple elements of the same type sometimes does not match
 but moving some stuff around gets us easily to a 100% matching file

---
 harmony-rs/opnsense-config/src/config.rs      |  11 +-
 .../opnsense-config/src/infra/generic_xml.rs  |  44 +++-
 harmony-rs/opnsense-config/src/infra/mod.rs   |   2 +-
 .../opnsense-config/src/infra/yaserde.rs      |  20 ++
 .../opnsense-config/src/modules/dhcp.rs       |  14 +-
 .../opnsense-config/src/modules/opnsense.rs   | 116 ++++----
 .../src/tests/data/config-full-1.xml          | 249 +++++++++---------
 7 files changed, 261 insertions(+), 195 deletions(-)
 create mode 100644 harmony-rs/opnsense-config/src/infra/yaserde.rs

diff --git a/harmony-rs/opnsense-config/src/config.rs b/harmony-rs/opnsense-config/src/config.rs
index 233ae69..947e774 100644
--- a/harmony-rs/opnsense-config/src/config.rs
+++ b/harmony-rs/opnsense-config/src/config.rs
@@ -170,13 +170,16 @@ impl Config {
 
 #[cfg(test)]
 mod tests {
+    use crate::infra::yaserde::to_xml_str;
+
     use super::*;
     use std::path::PathBuf;
+    use pretty_assertions::assert_eq;
 
     #[tokio::test]
     async fn test_load_config_from_local_file() {
         let mut test_file_path = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
-        test_file_path.push("src/tests/data/config-structure.xml");
+        test_file_path.push("src/tests/data/config-full-1.xml");
 
         let config_file_path = test_file_path.to_str().unwrap().to_string();
         println!("File path {config_file_path}");
@@ -188,13 +191,9 @@ mod tests {
 
         println!("Config {:?}", config);
 
-        let yaserde_cfg = yaserde::ser::Config { perform_indent: true,
-        .. Default::default()
-        };
-        let serialized = yaserde::ser::to_string_with_config(&config.opnsense, &yaserde_cfg).unwrap();
+        let serialized = to_xml_str(&config.opnsense).unwrap();
 
         fs::write("/tmp/serialized.xml", &serialized).unwrap();
-        std::process::Command::new("xmllint").arg("/tmp/serialized.xml").arg("--output").arg("/tmp/serialized.xmllint.xml").status().expect("xmllint failed");
 
         assert_eq!(config_file_str, serialized);
     }
diff --git a/harmony-rs/opnsense-config/src/infra/generic_xml.rs b/harmony-rs/opnsense-config/src/infra/generic_xml.rs
index 1e70a71..dfeae73 100644
--- a/harmony-rs/opnsense-config/src/infra/generic_xml.rs
+++ b/harmony-rs/opnsense-config/src/infra/generic_xml.rs
@@ -118,7 +118,10 @@ impl YaSerializeTrait for RawXml {
 
 #[cfg(test)]
 mod test {
+    use crate::infra::yaserde::to_xml_str;
+
     use super::*;
+    use pretty_assertions::assert_eq;
     use yaserde_derive::YaDeserialize;
     use yaserde_derive::YaSerialize;
 
@@ -172,9 +175,46 @@ mod test {
 
     #[test]
     fn rawxml_should_serialize_complex_documents() {
-        let xml = r#"<?xml version="1.0" encoding="utf-8"?><xml><OpenVPN version="1.0.0"><Overwrites /><Instances /><StaticKeys /></OpenVPN><Gateways version="0.0.1" /><HAProxy version="4.0.0"><general><enabled>1</enabled><gracefulStop>0</gracefulStop><hardStopAfter>60s</hardStopAfter><closeSpreadTime /><seamlessReload>0</seamlessReload><storeOcsp>0</storeOcsp><showIntro>1</showIntro><peers><enabled>0</enabled><name1 /><listen1 /><port1>1024</port1><name2 /><listen2 /><port2>1024</port2></peers><tuning><root>0</root><maxConnections /><nbthread>1</nbthread><sslServerVerify>ignore</sslServerVerify><maxDHSize>2048</maxDHSize><bufferSize>16384</bufferSize></tuning></general></HAProxy></xml>"#;
+        let xml = r#"<?xml version="1.0"?>
+<xml>
+  <OpenVPN version="1.0.0">
+    <Overwrites/>
+    <Instances/>
+    <StaticKeys/>
+  </OpenVPN>
+  <Gateways version="0.0.1"/>
+  <HAProxy version="4.0.0">
+    <general>
+      <enabled>1</enabled>
+      <gracefulStop>0</gracefulStop>
+      <hardStopAfter>60s</hardStopAfter>
+      <closeSpreadTime/>
+      <seamlessReload>0</seamlessReload>
+      <storeOcsp>0</storeOcsp>
+      <showIntro>1</showIntro>
+      <peers>
+        <enabled>0</enabled>
+        <name1/>
+        <listen1/>
+        <port1>1024</port1>
+        <name2/>
+        <listen2/>
+        <port2>1024</port2>
+      </peers>
+      <tuning>
+        <root>0</root>
+        <maxConnections/>
+        <nbthread>1</nbthread>
+        <sslServerVerify>ignore</sslServerVerify>
+        <maxDHSize>2048</maxDHSize>
+        <bufferSize>16384</bufferSize>
+      </tuning>
+    </general>
+  </HAProxy>
+</xml>
+"#;
         let rawxml: RawXml = yaserde::de::from_str(xml).unwrap();
-        assert_eq!(yaserde::ser::to_string(&rawxml).unwrap(), xml);
+        assert_eq!(to_xml_str(&rawxml).unwrap(), xml);
     }
 
     #[test]
diff --git a/harmony-rs/opnsense-config/src/infra/mod.rs b/harmony-rs/opnsense-config/src/infra/mod.rs
index 2563d9c..9c67f9a 100644
--- a/harmony-rs/opnsense-config/src/infra/mod.rs
+++ b/harmony-rs/opnsense-config/src/infra/mod.rs
@@ -1,4 +1,4 @@
-
 pub mod generic_xml;
 pub mod maybe_string;
+pub mod yaserde;
 
diff --git a/harmony-rs/opnsense-config/src/infra/yaserde.rs b/harmony-rs/opnsense-config/src/infra/yaserde.rs
new file mode 100644
index 0000000..bdd2fcd
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/infra/yaserde.rs
@@ -0,0 +1,20 @@
+use yaserde::YaSerialize;
+
+pub fn to_xml_str<T: YaSerialize>(model: &T) -> Result<String, String> {
+    let yaserde_cfg = yaserde::ser::Config {
+        perform_indent: true,
+        write_document_declaration: false,
+        pad_self_closing: false,
+        ..Default::default()
+    };
+    let serialized = yaserde::ser::to_string_with_config::<T>(model, &yaserde_cfg)?;
+
+    // Opnsense does not specify encoding in the document declaration
+    //
+    // yaserde / xml-rs does not allow disabling the encoding attribute in the
+    // document declaration
+    //
+    // So here we just manually prefix the xml document with the exact document declaration
+    // that opnsense uses
+    Ok(format!("<?xml version=\"1.0\"?>\n{serialized}\n"))
+}
diff --git a/harmony-rs/opnsense-config/src/modules/dhcp.rs b/harmony-rs/opnsense-config/src/modules/dhcp.rs
index 92972dc..ef18aaf 100644
--- a/harmony-rs/opnsense-config/src/modules/dhcp.rs
+++ b/harmony-rs/opnsense-config/src/modules/dhcp.rs
@@ -67,6 +67,8 @@ pub struct DhcpRange {
 
 #[cfg(test)]
 mod test {
+    use crate::infra::yaserde::to_xml_str;
+
     use super::*;
     use pretty_assertions::assert_eq;
 
@@ -75,19 +77,15 @@ mod test {
         let dhcpd: Dhcpd =
             yaserde::de::from_str(SERIALIZED_DHCPD).expect("Deserialize Dhcpd failed");
 
-        let yaserde_cfg = yaserde::ser::Config {
-            perform_indent: true,
-            write_document_declaration: false,
-            ..Default::default()
-        };
         assert_eq!(
-            yaserde::ser::to_string_with_config(&dhcpd, &yaserde_cfg)
+            to_xml_str(&dhcpd)
                 .expect("Serialize Dhcpd failed"),
             SERIALIZED_DHCPD
         );
     }
 
-    const SERIALIZED_DHCPD: &str = "<dhcpd>
+    const SERIALIZED_DHCPD: &str = "<?xml version=\"1.0\"?>
+<dhcpd>
   <lan>
     <enable>1</enable>
     <gateway>192.168.20.1</gateway>
@@ -140,5 +138,5 @@ mod test {
     </staticmap>
     <pool/>
   </lan>
-</dhcpd>";
+</dhcpd>\n";
 }
diff --git a/harmony-rs/opnsense-config/src/modules/opnsense.rs b/harmony-rs/opnsense-config/src/modules/opnsense.rs
index 9daa437..78011b0 100644
--- a/harmony-rs/opnsense-config/src/modules/opnsense.rs
+++ b/harmony-rs/opnsense-config/src/modules/opnsense.rs
@@ -73,9 +73,11 @@ pub struct Revision {
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Options {
-    pub path: MaybeString,
-    pub host: MaybeString,
-    pub code: MaybeString,
+    pub path: Option<MaybeString>,
+    pub host: Option<MaybeString>,
+    pub code: Option<MaybeString>,
+    pub send: Option<MaybeString>,
+    pub expect: Option<MaybeString>,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -87,36 +89,39 @@ pub struct Filters {
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Rule {
     #[yaserde(attribute)]
-    pub uuid: MaybeString,
+    pub uuid: Option<String>,
     #[yaserde(rename = "associated-rule-id")]
-    pub associated_rule_id: MaybeString,
+    pub associated_rule_id: Option<MaybeString>,
     #[yaserde(rename = "type")]
-    pub r#type: MaybeString,
+    pub r#type: Option<MaybeString>,
     pub interface: String,
     pub ipprotocol: String,
-    pub statetype: String,
-    pub descr: String,
-    pub direction: MaybeString,
-    pub category: MaybeString,
-    pub quick: MaybeString,
-    pub protocol: String,
+    pub statetype: Option<MaybeString>,
+    pub descr: Option<MaybeString>,
+    pub direction: Option<MaybeString>,
+    pub category: Option<MaybeString>,
+    pub quick: Option<MaybeString>,
+    pub protocol: Option<MaybeString>,
     pub source: Source,
+    pub icmptype: Option<MaybeString>,
     pub destination: Destination,
     pub updated: Option<Updated>,
-    pub created: Created,
-    pub disabled: Option<u8>,
+    pub created: Option<Created>,
+    pub disabled: Option<MaybeString>,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Source {
     pub any: Option<u8>,
+    pub network: Option<MaybeString>,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Destination {
-    pub network: MaybeString,
-    pub address: MaybeString,
-    pub port: Option<u16>,
+    pub network: Option<MaybeString>,
+    pub address: Option<MaybeString>,
+    pub port: Option<MaybeString>,
+    pub any: Option<MaybeString>,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -343,7 +348,7 @@ pub struct Snmpd {
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Syslog {
-    pub reverse: Option<u8>,
+    pub reverse: Option<MaybeString>,
     pub preservelogs: i32,
 }
 
@@ -368,10 +373,11 @@ pub struct NatRule {
     pub ipprotocol: String,
     pub descr: MaybeString,
     pub tag: MaybeString,
-    pub tagged: Option<u8>,
+    pub tagged: Option<MaybeString>,
     pub poolopts: PoolOpts,
     #[yaserde(rename = "associated-rule-id")]
-    pub associated_rule_id: String,
+    pub associated_rule_id: Option<MaybeString>,
+    pub disabled: Option<u8>,
     pub target: String,
     #[yaserde(rename = "local-port")]
     pub local_port: i32,
@@ -439,7 +445,7 @@ pub struct OPNsenseConfig {
 
 #[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
 #[yaserde(rename = "IDS")]
-struct IDS {
+pub struct IDS {
     #[yaserde(attribute)]
     version: String,
     rules: MaybeString,
@@ -501,30 +507,30 @@ pub struct ConfigInterfaces {
 }
 
 #[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
-struct Vxlan {
+pub struct Vxlan {
     #[yaserde(attribute)]
     version: String,
 }
 
 #[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
-struct Loopback {
+pub struct Loopback {
     #[yaserde(attribute)]
     version: String,
 }
 
 #[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
 #[yaserde(rename = "monit")]
-struct Monit {
+pub struct Monit {
     #[yaserde(attribute)]
     version: String,
     general: GeneralMonit,
     alert: Option<Alert>,
-    service: Option<Service>,
-    test: Option<Test>,
+    service: Vec<Service>,
+    test: Vec<Test>,
 }
 
 #[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
-struct GeneralMonit {
+pub struct GeneralMonit {
     enabled: u8,
     interval: u32,
     startdelay: u32,
@@ -537,20 +543,30 @@ struct GeneralMonit {
     sslverify: u8,
     logfile: String,
     statefile: MaybeString,
-    eventqueuePath: MaybeString,
-    eventqueueSlots: MaybeString,
-    httpdEnabled: u8,
-    httpdUsername: String,
-    httpdPassword: String,
-    httpdPort: u16,
-    httpdAllow: MaybeString,
-    mmonitUrl: MaybeString,
-    mmonitTimeout: u32,
-    mmonitRegisterCredentials: u8,
+    #[yaserde(rename = "eventqueuePath")]
+    event_queue_path: MaybeString,
+    #[yaserde(rename = "eventqueueSlots")]
+    event_queue_slots: MaybeString,
+    #[yaserde(rename = "httpdEnabled")]
+    httpd_enabled: u8,
+    #[yaserde(rename = "httpdUsername")]
+    httpd_username: String,
+    #[yaserde(rename = "httpdPassword")]
+    httpd_password: String,
+    #[yaserde(rename = "httpdPort")]
+    httpd_port: u16,
+    #[yaserde(rename = "httpdAllow")]
+    httpd_allow: MaybeString,
+    #[yaserde(rename = "mmonitUrl")]
+    mmonit_url: MaybeString,
+    #[yaserde(rename = "mmonitTimeout")]
+    mmonit_timeout: u32,
+    #[yaserde(rename = "mmonitRegisterCredentials")]
+    mmonit_register_credentials: u8,
 }
 
 #[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
-struct Alert {
+pub struct Alert {
     #[yaserde(attribute)]
     uuid: String,
     enabled: u8,
@@ -563,7 +579,7 @@ struct Alert {
 }
 
 #[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
-struct Service {
+pub struct Service {
     #[yaserde(attribute)]
     uuid: String,
     enabled: u8,
@@ -587,7 +603,7 @@ struct Service {
 }
 
 #[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
-struct Test {
+pub struct Test {
     #[yaserde(attribute)]
     uuid: String,
     name: String,
@@ -635,7 +651,7 @@ pub struct Capture {
     #[yaserde(rename = "interfaces")]
     pub interfaces: MaybeString,
     #[yaserde(rename = "egress_only")]
-    pub egress_only: Option<u8>,
+    pub egress_only: MaybeString,
     #[yaserde(rename = "version")]
     pub version: MaybeString,
     #[yaserde(rename = "targets")]
@@ -725,7 +741,7 @@ pub struct Firewall {
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct LvTemplate {
     #[yaserde(attribute)]
-    pub version: MaybeString,
+    pub version: String,
     #[yaserde(rename = "templates")]
     pub templates: Option<Templates>,
 }
@@ -733,7 +749,7 @@ pub struct LvTemplate {
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Category {
     #[yaserde(attribute)]
-    pub version: MaybeString,
+    pub version: String,
     #[yaserde(rename = "categories")]
     pub categories: Option<Categories>,
 }
@@ -747,7 +763,7 @@ pub struct Categories {
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct CategoryItem {
     #[yaserde(attribute)]
-    pub uuid: MaybeString,
+    pub uuid: String,
     #[yaserde(rename = "name")]
     pub name: MaybeString,
     #[yaserde(rename = "auto")]
@@ -759,7 +775,7 @@ pub struct CategoryItem {
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Alias {
     #[yaserde(attribute)]
-    pub version: MaybeString,
+    pub version: String,
     #[yaserde(rename = "geoip")]
     pub geoip: Option<GeoIP>,
     #[yaserde(rename = "aliases")]
@@ -786,13 +802,13 @@ pub struct AliasItem {
     pub name: String,
     #[yaserde(rename = "type")]
     pub r#type: String,
+    pub proto: MaybeString,
     pub interface: MaybeString,
     pub counters: String,
     pub updatefreq: MaybeString,
     pub content: String,
     pub categories: MaybeString,
     pub description: MaybeString,
-    pub proto: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -1707,19 +1723,21 @@ pub struct HAProxyHealthCheck {
     pub tcp_send_value: MaybeString,
     #[yaserde(rename = "tcp_matchType")]
     pub tcp_match_type: MaybeString,
+    pub tcp_negate: MaybeString,
     #[yaserde(rename = "tcp_matchValue")]
     pub tcp_match_value: MaybeString,
-    pub tcp_negate: MaybeString,
-    #[yaserde(rename = "agentPort")]
     pub agent_port: MaybeString,
     pub mysql_user: MaybeString,
     pub mysql_post41: MaybeString,
     pub pgsql_user: MaybeString,
-    #[yaserde(alias = "smtpDomain")]
     pub smtp_domain: MaybeString,
     pub esmtp_domain: MaybeString,
+    #[yaserde(rename = "agentPort")]
+    pub agent_port_uppercase: MaybeString,
     #[yaserde(rename = "dbUser")]
     pub db_user: MaybeString,
+    #[yaserde(rename = "smtpDomain")]
+    pub smtp_domain_uppercase: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
diff --git a/harmony-rs/opnsense-config/src/tests/data/config-full-1.xml b/harmony-rs/opnsense-config/src/tests/data/config-full-1.xml
index 1feaa2e..fd2853d 100644
--- a/harmony-rs/opnsense-config/src/tests/data/config-full-1.xml
+++ b/harmony-rs/opnsense-config/src/tests/data/config-full-1.xml
@@ -28,28 +28,22 @@
       <value>default</value>
     </item>
     <item>
-      <descr>
-        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
+      <descr>Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
         It can also be used to probe for information about your internal networks. These functions come enabled
-        as part of the standard FreeBSD core system.
-      </descr>
+        as part of the standard FreeBSD core system.</descr>
       <tunable>net.inet.ip.sourceroute</tunable>
       <value>default</value>
     </item>
     <item>
-      <descr>
-        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
+      <descr>Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
         It can also be used to probe for information about your internal networks. These functions come enabled
-        as part of the standard FreeBSD core system.
-      </descr>
+        as part of the standard FreeBSD core system.</descr>
       <tunable>net.inet.ip.accept_sourceroute</tunable>
       <value>default</value>
     </item>
     <item>
-      <descr>
-        This option turns off the logging of redirect packets because there is no limit and this could fill
-        up your logs consuming your whole hard drive.
-      </descr>
+      <descr>This option turns off the logging of redirect packets because there is no limit and this could fill
+        up your logs consuming your whole hard drive.</descr>
       <tunable>net.inet.icmp.log_redirect</tunable>
       <value>default</value>
     </item>
@@ -190,17 +184,14 @@
     </item>
     <item>
       <descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
-        and for the sender directly reachable, route and next hop is known.
-      </descr>
+        and for the sender directly reachable, route and next hop is known.</descr>
       <tunable>net.inet.ip.redirect</tunable>
       <value>0</value>
     </item>
     <item>
-      <descr>
-        Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects
+      <descr>Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects
         to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect
-        packets without returning a response.
-      </descr>
+        packets without returning a response.</descr>
       <tunable>net.inet.icmp.drop_redirect</tunable>
       <value>1</value>
     </item>
@@ -1039,10 +1030,10 @@
       <direction>in</direction>
       <quick>1</quick>
       <protocol>icmp</protocol>
-      <icmptype>echoreq</icmptype>
       <source>
         <any>1</any>
       </source>
+      <icmptype>echoreq</icmptype>
       <destination>
         <network>wanip</network>
       </destination>
@@ -1058,20 +1049,20 @@
       </created>
     </rule>
     <rule uuid="492b7596-d929-46cb-a6b9-c9cc34a0ca74">
+      <associated-rule-id>nat_618812d37b8193.31302503</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr/>
+      <category/>
+      <protocol>tcp</protocol>
       <source>
         <any>1</any>
       </source>
-      <interface>wan</interface>
-      <statetype>keep state</statetype>
-      <protocol>tcp</protocol>
-      <ipprotocol>inet</ipprotocol>
       <destination>
         <address>x3690_3</address>
         <port>22</port>
       </destination>
-      <descr/>
-      <category/>
-      <associated-rule-id>nat_618812d37b8193.31302503</associated-rule-id>
       <created>
         <username>root@192.168.1.118</username>
         <time>1636307667.5059</time>
@@ -1079,20 +1070,20 @@
       </created>
     </rule>
     <rule uuid="eeba39a9-d0f6-4b1e-a785-7278b0b241ab">
+      <associated-rule-id>nat_64fa19f4acba11.80049900</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr/>
+      <category/>
+      <protocol>tcp</protocol>
       <source>
         <any>1</any>
       </source>
-      <interface>wan</interface>
-      <statetype>keep state</statetype>
-      <protocol>tcp</protocol>
-      <ipprotocol>inet</ipprotocol>
       <destination>
         <address>192.168.20.150</address>
         <port>7860</port>
       </destination>
-      <descr/>
-      <category/>
-      <associated-rule-id>nat_64fa19f4acba11.80049900</associated-rule-id>
       <created>
         <username>root@172.12.0.10</username>
         <time>1694112244.7075</time>
@@ -1100,20 +1091,20 @@
       </created>
     </rule>
     <rule uuid="c19adc1c-fec2-4183-93ed-5e46efca1adf">
+      <associated-rule-id>nat_64fb1fbba71e29.76190279</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr/>
+      <category/>
+      <protocol>tcp</protocol>
       <source>
         <any>1</any>
       </source>
-      <interface>wan</interface>
-      <statetype>keep state</statetype>
-      <protocol>tcp</protocol>
-      <ipprotocol>inet</ipprotocol>
       <destination>
         <address>192.168.20.150</address>
         <port>7861</port>
       </destination>
-      <descr/>
-      <category/>
-      <associated-rule-id>nat_64fb1fbba71e29.76190279</associated-rule-id>
       <created>
         <username>root@172.12.0.10</username>
         <time>1694179259.6845</time>
@@ -1121,20 +1112,20 @@
       </created>
     </rule>
     <rule uuid="c0831633-8c3b-408e-82d0-3e3f61d0ee3d">
+      <associated-rule-id>nat_64fb1fcea6d8b7.62653343</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr/>
+      <category/>
+      <protocol>tcp</protocol>
       <source>
         <any>1</any>
       </source>
-      <interface>wan</interface>
-      <statetype>keep state</statetype>
-      <protocol>tcp</protocol>
-      <ipprotocol>inet</ipprotocol>
       <destination>
         <address>192.168.20.150</address>
         <port>7862</port>
       </destination>
-      <descr/>
-      <category/>
-      <associated-rule-id>nat_64fb1fcea6d8b7.62653343</associated-rule-id>
       <created>
         <username>root@172.12.0.10</username>
         <time>1694179278.6835</time>
@@ -1142,20 +1133,20 @@
       </created>
     </rule>
     <rule uuid="3f600791-1fa6-4cb4-877d-45fe2ea175a9">
+      <associated-rule-id>nat_64fb1fdb48ff18.28912920</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr/>
+      <category/>
+      <protocol>tcp</protocol>
       <source>
         <any>1</any>
       </source>
-      <interface>wan</interface>
-      <statetype>keep state</statetype>
-      <protocol>tcp</protocol>
-      <ipprotocol>inet</ipprotocol>
       <destination>
         <address>192.168.20.150</address>
         <port>7863</port>
       </destination>
-      <descr/>
-      <category/>
-      <associated-rule-id>nat_64fb1fdb48ff18.28912920</associated-rule-id>
       <created>
         <username>root@172.12.0.10</username>
         <time>1694179291.299</time>
@@ -1163,20 +1154,20 @@
       </created>
     </rule>
     <rule uuid="7dd160f0-663e-465b-be94-a069df112a95">
+      <associated-rule-id>nat_651ffc35e573d9.09092618</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr/>
+      <category/>
+      <protocol>tcp</protocol>
       <source>
         <any>1</any>
       </source>
-      <interface>wan</interface>
-      <statetype>keep state</statetype>
-      <protocol>tcp</protocol>
-      <ipprotocol>inet</ipprotocol>
       <destination>
         <address>192.168.20.140</address>
         <port>22</port>
       </destination>
-      <descr/>
-      <category/>
-      <associated-rule-id>nat_651ffc35e573d9.09092618</associated-rule-id>
       <created>
         <username>root@172.12.0.11</username>
         <time>1696594997.9399</time>
@@ -1185,19 +1176,19 @@
     </rule>
     <rule uuid="1e576704-da50-4dd9-a425-77fa5c4e563a">
       <associated-rule-id>nat_65aed5a66c4f65.25454286</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr/>
+      <category/>
+      <protocol>tcp</protocol>
       <source>
         <any>1</any>
       </source>
-      <interface>wan</interface>
-      <statetype>keep state</statetype>
-      <protocol>tcp</protocol>
-      <ipprotocol>inet</ipprotocol>
       <destination>
         <address>192.168.20.140</address>
         <port>8081</port>
       </destination>
-      <descr/>
-      <category/>
       <created>
         <username>root@192.168.20.100</username>
         <time>1705956774.4437</time>
@@ -1206,19 +1197,19 @@
     </rule>
     <rule uuid="aa41dd13-9c5a-4048-8820-f9558cea8ba3">
       <associated-rule-id>nat_65aed67d497580.58958916</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr/>
+      <category/>
+      <protocol>tcp</protocol>
       <source>
         <any>1</any>
       </source>
-      <interface>wan</interface>
-      <statetype>keep state</statetype>
-      <protocol>tcp</protocol>
-      <ipprotocol>inet</ipprotocol>
       <destination>
         <address>192.168.20.160</address>
         <port>8080</port>
       </destination>
-      <descr/>
-      <category/>
       <created>
         <username>root@192.168.20.100</username>
         <time>1705956989.3009</time>
@@ -1227,19 +1218,19 @@
     </rule>
     <rule uuid="dfd53bf0-cea9-4254-8b0a-106f327d72e5">
       <associated-rule-id>nat_65aed6961c4ea7.81903986</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr/>
+      <category/>
+      <protocol>tcp</protocol>
       <source>
         <any>1</any>
       </source>
-      <interface>wan</interface>
-      <statetype>keep state</statetype>
-      <protocol>tcp</protocol>
-      <ipprotocol>inet</ipprotocol>
       <destination>
         <address>192.168.20.160</address>
         <port>4000</port>
       </destination>
-      <descr/>
-      <category/>
       <created>
         <username>root@192.168.20.100</username>
         <time>1705957014.116</time>
@@ -1248,19 +1239,19 @@
     </rule>
     <rule uuid="777bdd94-51b9-4daf-b744-70b9cb3c9f94">
       <associated-rule-id>nat_65f4a5b928c9a7.52477383</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr/>
+      <category/>
+      <protocol>tcp</protocol>
       <source>
         <any>1</any>
       </source>
-      <interface>wan</interface>
-      <statetype>keep state</statetype>
-      <protocol>tcp</protocol>
-      <ipprotocol>inet</ipprotocol>
       <destination>
         <address>192.168.20.115</address>
         <port>5000</port>
       </destination>
-      <descr/>
-      <category/>
       <created>
         <username>root@192.168.20.100</username>
         <time>1710532025.1671</time>
@@ -1269,19 +1260,19 @@
     </rule>
     <rule uuid="98f400f5-1a91-46aa-8d35-f78b34bc7a04">
       <associated-rule-id>nat_662bb59baf7573.98640354</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Redirecting to someservice1 on somehost9</descr>
+      <category/>
+      <protocol>tcp</protocol>
       <source>
         <any>1</any>
       </source>
-      <interface>wan</interface>
-      <statetype>keep state</statetype>
-      <protocol>tcp</protocol>
-      <ipprotocol>inet</ipprotocol>
       <destination>
         <address>192.168.20.115</address>
         <port>11434</port>
       </destination>
-      <descr>Redirecting to someservice1 on somehost9</descr>
-      <category/>
       <created>
         <username>root@192.168.20.100</username>
         <time>1714140571.7187</time>
@@ -1290,19 +1281,19 @@
     </rule>
     <rule uuid="fef5ec47-f5e7-45cc-a9f7-f8eeb6d1160c">
       <associated-rule-id>nat_663c3458b7b5e4.19986620</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Redirecting to someservice81 on somehost9</descr>
+      <category/>
+      <protocol>tcp</protocol>
       <source>
         <any>1</any>
       </source>
-      <interface>wan</interface>
-      <statetype>keep state</statetype>
-      <protocol>tcp</protocol>
-      <ipprotocol>inet</ipprotocol>
       <destination>
         <address>192.168.20.115</address>
         <port>27017</port>
       </destination>
-      <descr>Redirecting to someservice81 on somehost9</descr>
-      <category/>
       <created>
         <username>root@172.12.0.8</username>
         <time>1715221592.7525</time>
@@ -1311,19 +1302,19 @@
     </rule>
     <rule uuid="4170cf4e-4116-42e9-a3ec-eff6768bca9d">
       <associated-rule-id>nat_663d85b2e3b364.53108170</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Redirecting to someservice858 on somehost545</descr>
+      <category/>
+      <protocol>tcp</protocol>
       <source>
         <any>1</any>
       </source>
-      <interface>wan</interface>
-      <statetype>keep state</statetype>
-      <protocol>tcp</protocol>
-      <ipprotocol>inet</ipprotocol>
       <destination>
         <address>192.168.20.163</address>
         <port>8888</port>
       </destination>
-      <descr>Redirecting to someservice858 on somehost545</descr>
-      <category/>
       <created>
         <username>root@172.12.0.10</username>
         <time>1715307954.9327</time>
@@ -1332,19 +1323,19 @@
     </rule>
     <rule uuid="79e4325d-93af-4af2-9fa0-263c69545eb0">
       <associated-rule-id>nat_666c8932142ed6.34062700</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Redirecting to someservice858 on somehost9</descr>
+      <category/>
+      <protocol>tcp</protocol>
       <source>
         <any>1</any>
       </source>
-      <interface>wan</interface>
-      <statetype>keep state</statetype>
-      <protocol>tcp</protocol>
-      <ipprotocol>inet</ipprotocol>
       <destination>
         <address>192.168.20.115</address>
         <port>8888</port>
       </destination>
-      <descr>Redirecting to someservice858 on somehost9</descr>
-      <category/>
       <created>
         <username>root@192.168.20.100</username>
         <time>1718389042.0827</time>
@@ -1353,19 +1344,19 @@
     </rule>
     <rule uuid="1b68a264-e475-4cc6-b852-0797154fdf2b">
       <associated-rule-id>nat_667cd97504d870.57128970</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Redirecting to someservice858 on somehost545</descr>
+      <category/>
+      <protocol>tcp</protocol>
       <source>
         <any>1</any>
       </source>
-      <interface>wan</interface>
-      <statetype>keep state</statetype>
-      <protocol>tcp</protocol>
-      <ipprotocol>inet</ipprotocol>
       <destination>
         <address>192.168.20.163</address>
         <port>8889</port>
       </destination>
-      <descr>Redirecting to someservice858 on somehost545</descr>
-      <category/>
       <created>
         <username>root@172.12.0.8</username>
         <time>1719458165.0199</time>
@@ -1401,9 +1392,9 @@
     </rule>
     <rule uuid="96d70c20-b78c-4e18-9823-79b71eba964c">
       <type>pass</type>
+      <interface>lan</interface>
       <ipprotocol>inet</ipprotocol>
       <descr>Default allow LAN to any rule</descr>
-      <interface>lan</interface>
       <source>
         <network>lan</network>
       </source>
@@ -1413,9 +1404,9 @@
     </rule>
     <rule uuid="61194fb7-8916-4e30-a32b-a90495987c64">
       <type>pass</type>
+      <interface>lan</interface>
       <ipprotocol>inet6</ipprotocol>
       <descr>Default allow LAN IPv6 to any rule</descr>
-      <interface>lan</interface>
       <source>
         <network>lan</network>
       </source>
@@ -1474,19 +1465,19 @@
     </rule>
     <rule>
       <associated-rule-id>nat_6709763b6a6748.85579760</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>port forwarding for reconfig of someservice2 somehost3</descr>
+      <category/>
+      <protocol>tcp</protocol>
       <source>
         <any>1</any>
       </source>
-      <interface>wan</interface>
-      <statetype>keep state</statetype>
-      <protocol>tcp</protocol>
-      <ipprotocol>inet</ipprotocol>
       <destination>
         <address>192.168.20.132</address>
         <port>55555</port>
       </destination>
-      <descr>port forwarding for reconfig of someservice2 somehost3</descr>
-      <category/>
       <created>
         <username>root@172.12.0.12</username>
         <time>1728673339.4359</time>
@@ -1496,19 +1487,19 @@
     </rule>
     <rule>
       <associated-rule-id>nat_670979b3279551.73601303</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>port forwarding for virtual ip for someservice2 servers</descr>
+      <category/>
+      <protocol>tcp</protocol>
       <source>
         <any>1</any>
       </source>
-      <interface>wan</interface>
-      <statetype>keep state</statetype>
-      <protocol>tcp</protocol>
-      <ipprotocol>inet</ipprotocol>
       <destination>
         <address>192.168.20.1</address>
         <port>55555</port>
       </destination>
-      <descr>port forwarding for virtual ip for someservice2 servers</descr>
-      <category/>
       <created>
         <username>root@172.12.0.12</username>
         <time>1728674227.1622</time>

From 07002656222a5bfc2f8126dcac449e9ec4d093b4 Mon Sep 17 00:00:00 2001
From: jeangab <jg@nationtech.io>
Date: Thu, 7 Nov 2024 07:49:13 -0500
Subject: [PATCH 11/19] wip: Implement add static mapping public function

---
 .../opnsense-config/src/modules/dhcp.rs       | 105 ++++++++++++++++++
 1 file changed, 105 insertions(+)

diff --git a/harmony-rs/opnsense-config/src/modules/dhcp.rs b/harmony-rs/opnsense-config/src/modules/dhcp.rs
index ef18aaf..b09d6d7 100644
--- a/harmony-rs/opnsense-config/src/modules/dhcp.rs
+++ b/harmony-rs/opnsense-config/src/modules/dhcp.rs
@@ -8,6 +8,111 @@ pub struct DhcpConfig<'a> {
     opnsense: &'a mut OPNsense,
 }
 
+#[derive(Debug)]
+pub enum DhcpError {
+    InvalidMacAddress(String),
+    InvalidIpAddress(String),
+    IpAddressAlreadyMapped(String),
+    MacAddressAlreadyMapped(String), 
+    IpAddressOutOfRange(String),
+}
+
+impl std::fmt::Display for DhcpError {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        match self {
+            DhcpError::InvalidMacAddress(mac) => write!(f, "Invalid MAC address format: {}", mac),
+            DhcpError::InvalidIpAddress(ip) => write!(f, "Invalid IP address format: {}", ip),
+            DhcpError::IpAddressAlreadyMapped(ip) => write!(f, "IP address {} is already mapped", ip),
+            DhcpError::MacAddressAlreadyMapped(mac) => write!(f, "MAC address {} is already mapped", mac),
+            DhcpError::IpAddressOutOfRange(ip) => write!(f, "IP address {} is out of interface range", ip),
+        }
+    }
+}
+
+impl std::error::Error for DhcpError {}
+
+impl<'a> DhcpConfig<'a> {
+    pub fn new(opnsense: &'a mut OPNsense) -> Self {
+        Self { opnsense }
+    }
+
+    pub fn add_static_mapping(
+        &mut self,
+        mac: String,
+        ipaddr: String,
+        hostname: String,
+    ) -> Result<(), DhcpError> {
+        if !Self::is_valid_mac(&mac) {
+            return Err(DhcpError::InvalidMacAddress(mac));
+        }
+
+        if !Self::is_valid_ip(&ipaddr) {
+            return Err(DhcpError::InvalidIpAddress(ipaddr));
+        }
+
+        if !Self::is_ip_in_range(&ipaddr) {
+            return Err(DhcpError::IpAddressOutOfRange(ipaddr));
+        }
+
+        let existing_mappings = &self.opnsense.dhcpd.lan.staticmaps;
+        
+        if existing_mappings.iter().any(|m| m.ipaddr == ipaddr) {
+            return Err(DhcpError::IpAddressAlreadyMapped(ipaddr));
+        }
+        
+        if existing_mappings.iter().any(|m| m.mac == mac) {
+            return Err(DhcpError::MacAddressAlreadyMapped(mac));
+        }
+
+        let static_map = StaticMap {
+            mac,
+            ipaddr,
+            hostname,
+            descr: Default::default(),
+            winsserver: Default::default(),
+            dnsserver: Default::default(),
+            ntpserver: Default::default(),
+        };
+
+        self.opnsense.dhcpd.lan.staticmaps.push(static_map);
+        Ok(())
+    }
+
+    pub fn get_static_mappings(&self) -> &[StaticMap] {
+        &self.opnsense.dhcpd.lan.staticmaps
+    }
+
+    fn is_valid_mac(mac: &str) -> bool {
+        let parts: Vec<&str> = mac.split(':').collect();
+        if parts.len() != 6 {
+            return false;
+        }
+
+        parts.iter().all(|part| {
+            part.len() == 2 && part.chars().all(|c| c.is_ascii_hexdigit())
+        })
+    }
+
+    fn is_valid_ip(ip: &str) -> bool {
+        ip.parse::<IpAddr>().is_ok()
+    }
+
+    fn is_ip_in_range(ip: &str) -> bool {
+        if let Ok(addr) = ip.parse::<IpAddr>() {
+            if let IpAddr::V4(ipv4) = addr {
+                let octets = ipv4.octets();
+                return octets[0] == 192 && octets[1] == 168 && octets[2] == 1;
+            }
+        }
+        false
+    }
+}
+
+pub struct DhcpConfig<'a> {
+    opnsense: &'a mut OPNsense,
+}
+
+
 impl<'a> DhcpConfig<'a> {
     pub fn new(opnsense: &'a mut OPNsense) -> Self {
         Self { opnsense }

From 85786cf648be7eb3f7ece64c895931142222b698 Mon Sep 17 00:00:00 2001
From: jeangab <jeangabriel.gc@gmail.com>
Date: Thu, 7 Nov 2024 09:22:22 -0500
Subject: [PATCH 12/19] feat(opnsense-config): ip_in_range function works

---
 .../opnsense-config/src/modules/dhcp.rs       | 159 ++++++++++--------
 .../opnsense-config/src/modules/opnsense.rs   |   4 +-
 2 files changed, 87 insertions(+), 76 deletions(-)

diff --git a/harmony-rs/opnsense-config/src/modules/dhcp.rs b/harmony-rs/opnsense-config/src/modules/dhcp.rs
index b09d6d7..0b5b766 100644
--- a/harmony-rs/opnsense-config/src/modules/dhcp.rs
+++ b/harmony-rs/opnsense-config/src/modules/dhcp.rs
@@ -1,3 +1,7 @@
+use std::cmp::Ordering;
+use std::net::IpAddr;
+use std::net::Ipv4Addr;
+
 use super::opnsense::{OPNsense, StaticMap};
 use crate::infra::maybe_string::MaybeString;
 use crate::modules::opnsense::NumberOption;
@@ -13,7 +17,7 @@ pub enum DhcpError {
     InvalidMacAddress(String),
     InvalidIpAddress(String),
     IpAddressAlreadyMapped(String),
-    MacAddressAlreadyMapped(String), 
+    MacAddressAlreadyMapped(String),
     IpAddressOutOfRange(String),
 }
 
@@ -22,9 +26,15 @@ impl std::fmt::Display for DhcpError {
         match self {
             DhcpError::InvalidMacAddress(mac) => write!(f, "Invalid MAC address format: {}", mac),
             DhcpError::InvalidIpAddress(ip) => write!(f, "Invalid IP address format: {}", ip),
-            DhcpError::IpAddressAlreadyMapped(ip) => write!(f, "IP address {} is already mapped", ip),
-            DhcpError::MacAddressAlreadyMapped(mac) => write!(f, "MAC address {} is already mapped", mac),
-            DhcpError::IpAddressOutOfRange(ip) => write!(f, "IP address {} is out of interface range", ip),
+            DhcpError::IpAddressAlreadyMapped(ip) => {
+                write!(f, "IP address {} is already mapped", ip)
+            }
+            DhcpError::MacAddressAlreadyMapped(mac) => {
+                write!(f, "MAC address {} is already mapped", mac)
+            }
+            DhcpError::IpAddressOutOfRange(ip) => {
+                write!(f, "IP address {} is out of interface range", ip)
+            }
         }
     }
 }
@@ -39,42 +49,40 @@ impl<'a> DhcpConfig<'a> {
     pub fn add_static_mapping(
         &mut self,
         mac: String,
-        ipaddr: String,
+        ipaddr: Ipv4Addr,
         hostname: String,
     ) -> Result<(), DhcpError> {
+        let range: Range = todo!();
         if !Self::is_valid_mac(&mac) {
             return Err(DhcpError::InvalidMacAddress(mac));
         }
 
-        if !Self::is_valid_ip(&ipaddr) {
-            return Err(DhcpError::InvalidIpAddress(ipaddr));
-        }
-
-        if !Self::is_ip_in_range(&ipaddr) {
-            return Err(DhcpError::IpAddressOutOfRange(ipaddr));
-        }
+        // if !Self::is_ip_in_range(&ipaddr, range) {
+        //     return Err(DhcpError::IpAddressOutOfRange(ipaddr));
+        // }
 
         let existing_mappings = &self.opnsense.dhcpd.lan.staticmaps;
-        
-        if existing_mappings.iter().any(|m| m.ipaddr == ipaddr) {
-            return Err(DhcpError::IpAddressAlreadyMapped(ipaddr));
-        }
-        
-        if existing_mappings.iter().any(|m| m.mac == mac) {
-            return Err(DhcpError::MacAddressAlreadyMapped(mac));
-        }
 
-        let static_map = StaticMap {
-            mac,
-            ipaddr,
-            hostname,
-            descr: Default::default(),
-            winsserver: Default::default(),
-            dnsserver: Default::default(),
-            ntpserver: Default::default(),
-        };
+        // TODO
+        // if existing_mappings.iter().any(|m| m.ipaddr == ipaddr) {
+        //     return Err(DhcpError::IpAddressAlreadyMapped(ipaddr));
+        // }
 
-        self.opnsense.dhcpd.lan.staticmaps.push(static_map);
+        // if existing_mappings.iter().any(|m| m.mac == mac) {
+        //     return Err(DhcpError::MacAddressAlreadyMapped(mac));
+        // }
+
+        // let static_map = StaticMap {
+        //     mac,
+        //     ipaddr,
+        //     hostname,
+        //     descr: Default::default(),
+        //     winsserver: Default::default(),
+        //     dnsserver: Default::default(),
+        //     ntpserver: Default::default(),
+        // };
+
+        // self.opnsense.dhcpd.lan.staticmaps.push(static_map);
         Ok(())
     }
 
@@ -88,51 +96,28 @@ impl<'a> DhcpConfig<'a> {
             return false;
         }
 
-        parts.iter().all(|part| {
-            part.len() == 2 && part.chars().all(|c| c.is_ascii_hexdigit())
-        })
+        parts
+            .iter()
+            .all(|part| part.len() == 2 && part.chars().all(|c| c.is_ascii_hexdigit()))
     }
 
-    fn is_valid_ip(ip: &str) -> bool {
-        ip.parse::<IpAddr>().is_ok()
-    }
+    fn is_ip_in_range(ip: &Ipv4Addr, range: Range) -> bool {
+        let range_start = range
+            .from
+            .parse::<Ipv4Addr>()
+            .expect("Invalid DHCP range start");
+        let range_end = range.to.parse::<Ipv4Addr>().expect("Invalid DHCP range to");
 
-    fn is_ip_in_range(ip: &str) -> bool {
-        if let Ok(addr) = ip.parse::<IpAddr>() {
-            if let IpAddr::V4(ipv4) = addr {
-                let octets = ipv4.octets();
-                return octets[0] == 192 && octets[1] == 168 && octets[2] == 1;
-            }
+        let start_compare = range_start.cmp(ip);
+        let end_compare = range_end.cmp(ip);
+
+        if (Ordering::Less == start_compare || Ordering::Equal == start_compare)
+            && (Ordering::Greater == end_compare || Ordering::Equal == end_compare)
+        {
+            return true;
+        } else {
+            return false;
         }
-        false
-    }
-}
-
-pub struct DhcpConfig<'a> {
-    opnsense: &'a mut OPNsense,
-}
-
-
-impl<'a> DhcpConfig<'a> {
-    pub fn new(opnsense: &'a mut OPNsense) -> Self {
-        Self { opnsense }
-    }
-
-    pub fn add_static_mapping(&mut self, mac: String, ipaddr: String, hostname: String) {
-        let static_map = StaticMap {
-            mac,
-            ipaddr,
-            hostname,
-            descr: Default::default(),
-            winsserver: Default::default(),
-            dnsserver: Default::default(),
-            ntpserver: Default::default(),
-        };
-        self.opnsense.dhcpd.lan.staticmaps.push(static_map);
-    }
-
-    pub fn get_static_mappings(&self) -> &[StaticMap] {
-        &self.opnsense.dhcpd.lan.staticmaps
     }
 }
 
@@ -172,6 +157,7 @@ pub struct DhcpRange {
 
 #[cfg(test)]
 mod test {
+    use std::net::Ipv4Addr;
     use crate::infra::yaserde::to_xml_str;
 
     use super::*;
@@ -183,8 +169,7 @@ mod test {
             yaserde::de::from_str(SERIALIZED_DHCPD).expect("Deserialize Dhcpd failed");
 
         assert_eq!(
-            to_xml_str(&dhcpd)
-                .expect("Serialize Dhcpd failed"),
+            to_xml_str(&dhcpd).expect("Serialize Dhcpd failed"),
             SERIALIZED_DHCPD
         );
     }
@@ -244,4 +229,32 @@ mod test {
     <pool/>
   </lan>
 </dhcpd>\n";
+
+    #[test]
+    fn test_ip_in_range() {
+        let range = Range {
+            from: "192.168.1.100".to_string(),
+            to: "192.168.1.200".to_string(),
+        };
+
+        // Test IP within range
+        let ip = "192.168.1.150".parse::<Ipv4Addr>().unwrap();
+        assert_eq!(DhcpConfig::is_ip_in_range(&ip, range.clone()), true);
+
+        // Test IP at start of range
+        let ip = "192.168.1.100".parse::<Ipv4Addr>().unwrap();
+        assert_eq!(DhcpConfig::is_ip_in_range(&ip, range.clone()), true);
+
+        // Test IP at end of range
+        let ip = "192.168.1.200".parse::<Ipv4Addr>().unwrap();
+        assert_eq!(DhcpConfig::is_ip_in_range(&ip, range.clone()), true);
+
+        // Test IP before range
+        let ip = "192.168.1.99".parse::<Ipv4Addr>().unwrap();
+        assert_eq!(DhcpConfig::is_ip_in_range(&ip, range.clone()), false);
+
+        // Test IP after range
+        let ip = "192.168.1.201".parse::<Ipv4Addr>().unwrap();
+        assert_eq!(DhcpConfig::is_ip_in_range(&ip, range.clone()), false);
+    }
 }
diff --git a/harmony-rs/opnsense-config/src/modules/opnsense.rs b/harmony-rs/opnsense-config/src/modules/opnsense.rs
index 78011b0..6ed6df4 100644
--- a/harmony-rs/opnsense-config/src/modules/opnsense.rs
+++ b/harmony-rs/opnsense-config/src/modules/opnsense.rs
@@ -320,11 +320,9 @@ pub struct NumberOption {
     item: MaybeString,
 }
 
-#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+#[derive(Default, Clone, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Range {
-    #[yaserde(rename = "from")]
     pub from: String,
-    #[yaserde(rename = "to")]
     pub to: String,
 }
 

From 65c395aeaef04982b974a581520151a01412d6ae Mon Sep 17 00:00:00 2001
From: Jean-Gabriel Gill-Couture <jeangabriel.gc@gmail.com>
Date: Thu, 14 Nov 2024 23:45:13 -0500
Subject: [PATCH 13/19] wip(opnsense-config): Refactoring to improve usability
 and features

---
 harmony-rs/Cargo.lock                         |  14 +
 harmony-rs/Cargo.toml                         |   2 +-
 harmony-rs/opnsense-config-xml/Cargo.toml     |  22 +
 .../opnsense-config-xml/src/data/dhcpd.rs     | 116 +++++
 .../src/data/interfaces.rs                    | 229 +++++++++
 .../opnsense-config-xml/src/data/mod.rs       |   6 +
 .../src/data}/opnsense.rs                     | 439 +++++++++++-------
 harmony-rs/opnsense-config-xml/src/lib.rs     |   3 +
 .../src/xml_utils}/generic_xml.rs             |   2 +-
 .../src/xml_utils}/maybe_string.rs            |   0
 .../opnsense-config-xml/src/xml_utils/mod.rs  |   6 +
 .../src/xml_utils}/yaserde.rs                 |   0
 harmony-rs/opnsense-config/Cargo.toml         |  10 +-
 harmony-rs/opnsense-config/src/config.rs      |  40 +-
 harmony-rs/opnsense-config/src/infra/mod.rs   |   4 -
 harmony-rs/opnsense-config/src/lib.rs         |  20 +-
 .../src/modules/deserializer/interfaces.rs    | 111 -----
 .../src/modules/deserializer/mod.rs           |   3 -
 .../opnsense-config/src/modules/dhcp.rs       | 180 ++-----
 harmony-rs/opnsense-config/src/modules/mod.rs |   2 -
 20 files changed, 754 insertions(+), 455 deletions(-)
 create mode 100644 harmony-rs/opnsense-config-xml/Cargo.toml
 create mode 100644 harmony-rs/opnsense-config-xml/src/data/dhcpd.rs
 create mode 100644 harmony-rs/opnsense-config-xml/src/data/interfaces.rs
 create mode 100644 harmony-rs/opnsense-config-xml/src/data/mod.rs
 rename harmony-rs/{opnsense-config/src/modules => opnsense-config-xml/src/data}/opnsense.rs (83%)
 create mode 100644 harmony-rs/opnsense-config-xml/src/lib.rs
 rename harmony-rs/{opnsense-config/src/infra => opnsense-config-xml/src/xml_utils}/generic_xml.rs (99%)
 rename harmony-rs/{opnsense-config/src/infra => opnsense-config-xml/src/xml_utils}/maybe_string.rs (100%)
 create mode 100644 harmony-rs/opnsense-config-xml/src/xml_utils/mod.rs
 rename harmony-rs/{opnsense-config/src/infra => opnsense-config-xml/src/xml_utils}/yaserde.rs (100%)
 delete mode 100644 harmony-rs/opnsense-config/src/infra/mod.rs
 delete mode 100644 harmony-rs/opnsense-config/src/modules/deserializer/interfaces.rs
 delete mode 100644 harmony-rs/opnsense-config/src/modules/deserializer/mod.rs

diff --git a/harmony-rs/Cargo.lock b/harmony-rs/Cargo.lock
index 57e2bb8..59198b1 100644
--- a/harmony-rs/Cargo.lock
+++ b/harmony-rs/Cargo.lock
@@ -1248,12 +1248,26 @@ dependencies = [
  "async-trait",
  "env_logger",
  "log",
+ "opnsense-config-xml",
  "pretty_assertions",
  "russh",
  "russh-keys",
  "serde",
  "thiserror",
  "tokio",
+]
+
+[[package]]
+name = "opnsense-config-xml"
+version = "0.1.0"
+dependencies = [
+ "async-trait",
+ "env_logger",
+ "log",
+ "pretty_assertions",
+ "serde",
+ "thiserror",
+ "tokio",
  "xml-rs",
  "yaserde",
  "yaserde_derive",
diff --git a/harmony-rs/Cargo.toml b/harmony-rs/Cargo.toml
index 89dbb19..bd5e6b8 100644
--- a/harmony-rs/Cargo.toml
+++ b/harmony-rs/Cargo.toml
@@ -3,7 +3,7 @@ resolver = "2"
 members = [
   "private_repos/*",
   "harmony",
-  "opnsense-config",
+  "opnsense-config", "opnsense-config-xml",
 ]
 
 [workspace.package]
diff --git a/harmony-rs/opnsense-config-xml/Cargo.toml b/harmony-rs/opnsense-config-xml/Cargo.toml
new file mode 100644
index 0000000..a193f0c
--- /dev/null
+++ b/harmony-rs/opnsense-config-xml/Cargo.toml
@@ -0,0 +1,22 @@
+[package]
+name = "opnsense-config-xml"
+edition = "2021"
+version.workspace = true
+readme.workspace = true
+license.workspace = true
+
+[dependencies]
+serde = { version = "1.0.123", features = [ "derive" ] }
+log = { workspace = true }
+env_logger = { workspace = true }
+#yaserde = { git = "https://git.nationtech.io/NationTech/yaserde" }
+#yaserde_derive = { git = "https://git.nationtech.io/NationTech/yaserde" }
+yaserde = { path = "../../../../github/yaserde/yaserde" }
+yaserde_derive = { path = "../../../../github/yaserde/yaserde_derive" }
+xml-rs = "0.8"
+thiserror = "1.0"
+async-trait = { workspace = true }
+tokio = { workspace = true }
+
+[dev-dependencies]
+pretty_assertions = "1.4.1"
diff --git a/harmony-rs/opnsense-config-xml/src/data/dhcpd.rs b/harmony-rs/opnsense-config-xml/src/data/dhcpd.rs
new file mode 100644
index 0000000..18bf272
--- /dev/null
+++ b/harmony-rs/opnsense-config-xml/src/data/dhcpd.rs
@@ -0,0 +1,116 @@
+use yaserde_derive::{YaDeserialize, YaSerialize};
+
+use crate::xml_utils::MaybeString;
+
+use super::opnsense::{NumberOption, Range, StaticMap};
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+#[yaserde(rename = "dhcpd")]
+pub struct Dhcpd {
+    #[yaserde(rename = "lan")]
+    pub lan: DhcpInterface,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct DhcpInterface {
+    pub enable: i32,
+    pub gateway: String,
+    pub domain: String,
+    #[yaserde(rename = "ddnsdomainalgorithm")]
+    pub ddns_domain_algorithm: String,
+    #[yaserde(rename = "numberoptions")]
+    pub number_options: Vec<NumberOption>,
+    #[yaserde(rename = "range")]
+    pub range: Range,
+    pub winsserver: MaybeString,
+    pub dnsserver: MaybeString,
+    pub ntpserver: MaybeString,
+    #[yaserde(rename = "staticmap")]
+    pub staticmaps: Vec<StaticMap>,
+    pub pool: MaybeString,
+}
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct DhcpRange {
+    #[yaserde(rename = "from")]
+    pub from: String,
+    #[yaserde(rename = "to")]
+    pub to: String,
+}
+
+#[cfg(test)]
+mod test {
+    use std::net::Ipv4Addr;
+
+    use crate::xml_utils::to_xml_str;
+
+    use super::*;
+    use pretty_assertions::assert_eq;
+
+    #[test]
+    fn dhcpd_should_deserialize_serialize_identical() {
+        let dhcpd: Dhcpd =
+            yaserde::de::from_str(SERIALIZED_DHCPD).expect("Deserialize Dhcpd failed");
+
+        assert_eq!(
+            to_xml_str(&dhcpd).expect("Serialize Dhcpd failed"),
+            SERIALIZED_DHCPD
+        );
+    }
+
+    const SERIALIZED_DHCPD: &str = "<?xml version=\"1.0\"?>
+<dhcpd>
+  <lan>
+    <enable>1</enable>
+    <gateway>192.168.20.1</gateway>
+    <domain>somedomain.yourlocal.mcd</domain>
+    <ddnsdomainalgorithm>hmac-md5</ddnsdomainalgorithm>
+    <numberoptions>
+      <item/>
+    </numberoptions>
+    <range>
+      <from>192.168.20.50</from>
+      <to>192.168.20.200</to>
+    </range>
+    <winsserver/>
+    <dnsserver>192.168.20.1</dnsserver>
+    <ntpserver/>
+    <staticmap>
+      <mac>55:55:55:55:55:1c</mac>
+      <ipaddr>192.168.20.160</ipaddr>
+      <hostname>somehost983</hostname>
+      <descr>someservire8</descr>
+      <winsserver/>
+      <dnsserver/>
+      <ntpserver/>
+    </staticmap>
+    <staticmap>
+      <mac>55:55:55:55:55:1c</mac>
+      <ipaddr>192.168.20.155</ipaddr>
+      <hostname>somehost893</hostname>
+      <winsserver/>
+      <dnsserver/>
+      <ntpserver/>
+    </staticmap>
+    <staticmap>
+      <mac>55:55:55:55:55:1c</mac>
+      <ipaddr>192.168.20.165</ipaddr>
+      <hostname>somehost893</hostname>
+      <descr/>
+      <winsserver/>
+      <dnsserver/>
+      <ntpserver/>
+    </staticmap>
+    <staticmap>
+      <mac>55:55:55:55:55:1c</mac>
+      <ipaddr>192.168.20.50</ipaddr>
+      <hostname>hostswitch2</hostname>
+      <descr>switch-2 (bottom)</descr>
+      <winsserver/>
+      <dnsserver/>
+      <ntpserver/>
+    </staticmap>
+    <pool/>
+  </lan>
+</dhcpd>\n";
+}
diff --git a/harmony-rs/opnsense-config-xml/src/data/interfaces.rs b/harmony-rs/opnsense-config-xml/src/data/interfaces.rs
new file mode 100644
index 0000000..42e37b1
--- /dev/null
+++ b/harmony-rs/opnsense-config-xml/src/data/interfaces.rs
@@ -0,0 +1,229 @@
+use xml::reader::XmlEvent;
+use yaserde::{YaDeserialize as YaDeserializeTrait, YaSerialize as YaSerializeTrait};
+use yaserde_derive::{YaDeserialize, YaSerialize};
+
+use std::collections::HashMap;
+
+use crate::xml_utils::MaybeString;
+
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Interfaces {
+    pub interfaces: HashMap<String, Interface>,
+}
+
+#[derive(Default, PartialEq, Debug, YaDeserialize, YaSerialize)]
+pub struct Interface {
+    #[yaserde(rename = "if")]
+    pub physical_interface_name: String,
+    pub descr: String,
+    pub enable: MaybeString,
+    #[yaserde(rename = "spoofmac")]
+    pub spoof_mac: Option<MaybeString>,
+    pub internal_dynamic: Option<MaybeString>,
+    pub ipaddr: Option<MaybeString>,
+    #[yaserde(rename = "blockpriv")]
+    pub block_priv: Option<MaybeString>,
+    #[yaserde(rename = "blockbogons")]
+    pub block_bogons: Option<MaybeString>,
+    pub lock: Option<MaybeString>,
+    #[yaserde(rename = "type")]
+    pub r#type: Option<MaybeString>,
+    #[yaserde(rename = "virtual")]
+    pub r#virtual: Option<MaybeString>,
+    pub subnet: Option<MaybeString>,
+    pub networks: Option<MaybeString>,
+    pub subnetv6: Option<MaybeString>,
+    pub ipaddrv6: Option<MaybeString>,
+    #[yaserde(rename = "track6-interface")]
+    pub track6_interface: Option<MaybeString>,
+    #[yaserde(rename = "track6-prefix-id")]
+    pub track6_prefix_id: Option<MaybeString>,
+}
+
+pub trait MyDeserialize : YaDeserializeTrait {}
+pub trait MySerialize : YaSerializeTrait {}
+
+
+#[cfg(test)]
+mod test {
+    use super::*;
+    use pretty_assertions::assert_eq;
+
+    #[test]
+    fn should_deserialize_interfaces() {
+        let interfaces = yaserde::de::from_str::<Interfaces>(FULL_INTERFACES_XML).unwrap();
+        assert_eq!(interfaces.interfaces.len(), 6)
+
+    }
+
+    const FULL_INTERFACES_XML: &str = "<interfaces>
+    <wan>
+      <if>pppoe0</if>
+      <descr>WAN</descr>
+      <enable>1</enable>
+      <lock>1</lock>
+      <spoofmac/>
+      <blockpriv>1</blockpriv>
+      <blockbogons>1</blockbogons>
+      <ipaddr>pppoe</ipaddr>
+    </wan>
+    <lan>
+      <if>em1</if>
+      <descr>LAN</descr>
+      <enable>1</enable>
+      <spoofmac/>
+      <ipaddr>192.168.20.1</ipaddr>
+      <subnet>24</subnet>
+      <ipaddrv6>track6</ipaddrv6>
+      <track6-interface/>
+      <track6-prefix-id>0</track6-prefix-id>
+    </lan>
+    <lo0>
+      <internal_dynamic>1</internal_dynamic>
+      <descr>Loopback</descr>
+      <enable>1</enable>
+      <if>lo0</if>
+      <ipaddr>127.0.0.1</ipaddr>
+      <ipaddrv6>::1</ipaddrv6>
+      <subnet>8</subnet>
+      <subnetv6>128</subnetv6>
+      <type>none</type>
+      <virtual>1</virtual>
+    </lo0>
+    <opt1>
+      <if>em5</if>
+      <descr>backup_sync</descr>
+      <enable>1</enable>
+      <lock>1</lock>
+      <spoofmac/>
+      <ipaddr>10.10.5.1</ipaddr>
+      <subnet>24</subnet>
+    </opt1>
+    <wireguard>
+      <internal_dynamic>1</internal_dynamic>
+      <descr>WireGuard (Group)</descr>
+      <if>wireguard</if>
+      <virtual>1</virtual>
+      <enable>1</enable>
+      <type>group</type>
+      <networks/>
+    </wireguard>
+    <openvpn>
+      <internal_dynamic>1</internal_dynamic>
+      <enable>1</enable>
+      <if>openvpn</if>
+      <descr>OpenVPN</descr>
+      <type>group</type>
+      <virtual>1</virtual>
+      <networks/>
+    </openvpn>
+  </interfaces>";
+}
+
+
+// impl YaSerializeTrait for Interfaces {
+//     fn serialize<W: std::io::Write>(
+//         &self,
+//         writer: &mut yaserde::ser::Serializer<W>,
+//     ) -> Result<(), String> {
+//         writer.write("Interfaces serializer TODO").map_err(|e| e.to_string())
+//     }
+// 
+//     fn serialize_attributes(
+//         &self,
+//         attributes: Vec<xml::attribute::OwnedAttribute>,
+//         namespace: xml::namespace::Namespace,
+//     ) -> Result<
+//         (
+//             Vec<xml::attribute::OwnedAttribute>,
+//             xml::namespace::Namespace,
+//         ),
+//         String,
+//     > {
+//         todo!()
+//     }
+// }
+// 
+// impl YaDeserializeTrait for Interfaces {
+//     fn deserialize<R: std::io::Read>(
+//         reader: &mut yaserde::de::Deserializer<R>,
+//     ) -> Result<Self, String> {
+//         let mut interfaces = Interfaces::default();
+//         let mut current_interface_name = String::new();
+//         let mut current_interface = Interface::default();
+// 
+//         let mut event = reader.next_event()?;
+//         loop {
+//             match event {
+//                 xml::reader::XmlEvent::EndElement { name } => {
+//                     println!(
+//                         "Handling EndElement {}, current_interface_name: {}",
+//                         name.local_name, current_interface_name
+//                     );
+//                     println!("Peeking after EndElement {:?}", reader.peek()?);
+//                     if name.local_name == "interfaces" {
+//                         break;
+//                     }
+//                     todo!("Should not hit here");
+//                 }
+//                 xml::reader::XmlEvent::StartElement { ref name, .. } => {
+//                     println!("Got start Element {:?}", name);
+//                     current_interface_name = name.local_name.clone();
+//                     println!("About to deserialize interface from name {:?}", name);
+//                     // TODO store names
+//                     'inner_iface: loop {
+//                         let peek = reader.peek()?;
+//                         println!("Peeking before forcing next event {:?}", peek);
+// 
+//                         if let XmlEvent::EndElement { name } = peek {
+//                             // TODO save the interface name and struct in the hashmap
+//                             println!("Forcing next_event");
+//                             reader.next_event()?;
+// 
+//                             let peek = reader.peek()?;
+//                             println!("Peeking after next event deserializing {:?}", peek);
+//                             if let XmlEvent::EndElement { name } = peek {
+//                                 println!("Got two EndElement in a row, breaking out of loop");
+//                                 break 'inner_iface;
+//                             }
+//                         }
+//                         println!("Peeking before deserializing {:?}", reader.peek()?);
+//                         let interface = <Interface as yaserde::YaDeserialize>::deserialize(reader)?;
+//                         println!("Interface deserialized {:?}", interface);
+//                         println!("Peeking after deserializing {:?}", reader.peek()?);
+//                     }
+//                     println!(
+//                         "Done with inner interface, loop completed {:?}",
+//                         reader.peek()?
+//                     );
+//                 }
+//                 xml::reader::XmlEvent::EndDocument => break,
+//                 _ => {
+//                     return Err(
+//                         "This Interfaces Deserializer does not support all XmlEvent types".into(),
+//                     )
+//                 }
+//             }
+//             let peek = reader.peek()?;
+// 
+//             let read_next = true;
+//             if let XmlEvent::EndElement { name } = peek {
+//                 if name.local_name == "interfaces" {
+//                     println!("Got endElement interfaces, not reading next event");
+//                     break;
+//                 }
+//             }
+// 
+//             if read_next {
+//                 event = reader.next_event()?;
+//             }
+//             println!("Outer loop got event {:?}", event);
+//             println!("Outer loop got peek {:?}", reader.peek()?);
+//         }
+//         println!("Done with interfaces {:?}", interfaces);
+//         println!("reader peeking shows {:?}", reader.peek());
+// 
+//         Ok(interfaces)
+//     }
+// }
+
diff --git a/harmony-rs/opnsense-config-xml/src/data/mod.rs b/harmony-rs/opnsense-config-xml/src/data/mod.rs
new file mode 100644
index 0000000..5d2a4da
--- /dev/null
+++ b/harmony-rs/opnsense-config-xml/src/data/mod.rs
@@ -0,0 +1,6 @@
+mod opnsense;
+mod interfaces;
+mod dhcpd;
+pub use opnsense::*;
+pub use interfaces::*;
+pub use dhcpd::*;
diff --git a/harmony-rs/opnsense-config/src/modules/opnsense.rs b/harmony-rs/opnsense-config-xml/src/data/opnsense.rs
similarity index 83%
rename from harmony-rs/opnsense-config/src/modules/opnsense.rs
rename to harmony-rs/opnsense-config-xml/src/data/opnsense.rs
index 6ed6df4..203831b 100644
--- a/harmony-rs/opnsense-config/src/modules/opnsense.rs
+++ b/harmony-rs/opnsense-config-xml/src/data/opnsense.rs
@@ -1,7 +1,24 @@
-use super::dhcp::Dhcpd;
-use crate::infra::{generic_xml::RawXml, maybe_string::MaybeString};
+use crate::data::dhcpd::Dhcpd;
+use crate::xml_utils::{MaybeString, RawXml};
+use log::error;
 use yaserde_derive::{YaDeserialize, YaSerialize};
 
+impl From<String> for OPNsense {
+    fn from(content: String) -> Self {
+        yaserde::de::from_str(&content)
+            .map_err(|e| error!("{}", e.to_string()))
+            .expect("OPNSense received invalid string, should be full XML")
+    }
+}
+
+impl OPNsense {
+    pub fn to_xml(&self) -> String {
+        yaserde::ser::to_string(self)
+            .map_err(|e| error!("{}", e.to_string()))
+            .expect("OPNSense could not serialize to XML")
+    }
+}
+
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 #[yaserde(rename = "opnsense")]
 pub struct OPNsense {
@@ -19,7 +36,7 @@ pub struct OPNsense {
     pub widgets: Widgets,
     pub revision: Revision,
     #[yaserde(rename = "OPNsense")]
-    pub opnsense: OPNsenseConfig,
+    pub opnsense: OPNsenseXmlSection,
     pub staticroutes: StaticRoutes,
     pub ca: MaybeString,
     pub gateways: Gateways,
@@ -279,42 +296,6 @@ pub struct WebGui {
     pub compression: MaybeString,
 }
 
-use std::collections::HashMap;
-
-#[derive(Default, PartialEq, Debug)]
-pub struct Interfaces {
-    pub interfaces: HashMap<String, Interface>,
-}
-
-#[derive(Default, PartialEq, Debug, YaDeserialize, YaSerialize)]
-pub struct Interface {
-    #[yaserde(rename = "if")]
-    pub physical_interface_name: String,
-    pub descr: String,
-    pub enable: u8,
-    #[yaserde(rename = "spoofmac")]
-    pub spoof_mac: MaybeString,
-    pub internal_dynamic: Option<u8>,
-    pub ipaddr: MaybeString,
-    #[yaserde(rename = "blockpriv")]
-    pub block_priv: Option<u8>,
-    #[yaserde(rename = "blockbogons")]
-    pub block_bogons: Option<u8>,
-    pub lock: Option<u8>,
-    #[yaserde(rename = "type")]
-    pub r#type: MaybeString,
-    #[yaserde(rename = "virtual")]
-    pub r#virtual: MaybeString,
-    pub subnet: MaybeString,
-    pub networks: Option<u8>,
-    pub subnetv6: MaybeString,
-    pub ipaddrv6: MaybeString,
-    #[yaserde(rename = "track6-interface")]
-    pub track6_interface: MaybeString,
-    #[yaserde(rename = "track6-prefix-id")]
-    pub track6_prefix_id: MaybeString,
-}
-
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct NumberOption {
     item: MaybeString,
@@ -406,7 +387,7 @@ pub struct Created {
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 #[yaserde(rename = "OPNsense")]
-pub struct OPNsenseConfig {
+pub struct OPNsenseXmlSection {
     pub captiveportal: Option<CaptivePortal>,
     pub cron: Option<Cron>,
     #[yaserde(rename = "Netflow")]
@@ -463,33 +444,41 @@ pub struct IDSGeneral {
     promisc: Option<u8>,
     interfaces: String,
     homenet: String,
-    defaultPacketSize: MaybeString,
-    UpdateCron: MaybeString,
-    AlertLogrotate: String,
-    AlertSaveLogs: u8,
-    MPMAlgo: String,
+    #[yaserde(rename = "defaultPacketSize")]
+    default_packet_size: MaybeString,
+    #[yaserde(rename = "UpdateCron")]
+    update_cron: MaybeString,
+    #[yaserde(rename = "AlertLogrotate")]
+    alert_logrotate: String,
+    #[yaserde(rename = "AlertSaveLogs")]
+    alert_save_logs: u8,
+    #[yaserde(rename = "MPMAlgo")]
+    mpm_algo: String,
     detect: Detect,
     syslog: Option<u8>,
     syslog_eve: Option<u8>,
-    LogPayload: Option<u8>,
+    #[yaserde(rename = "LogPayload")]
+    log_payload: Option<u8>,
     verbosity: MaybeString,
 }
 
 #[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
 pub struct Detect {
-    Profile: String,
+    #[yaserde(rename = "Profile")]
+    profile: String,
     toclient_groups: MaybeString,
     toserver_groups: MaybeString,
 }
 
 #[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
-#[yaserde(rename = "IPsec")]
 pub struct IPsec {
     #[yaserde(attribute)]
     version: String,
     general: GeneralIpsec,
-    keyPairs: MaybeString,
-    preSharedKeys: MaybeString,
+    #[yaserde(rename = "keyPairs")]
+    key_pairs: MaybeString,
+    #[yaserde(rename = "preSharedKeys")]
+    pre_shared_keys: MaybeString,
 }
 
 #[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
@@ -891,10 +880,14 @@ pub struct LocalCache {
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Traffic {
     pub enabled: i32,
-    pub maxDownloadSize: i32,
-    pub maxUploadSize: i32,
-    pub OverallBandwidthTrotteling: i32,
-    pub perHostTrotteling: i32,
+    #[yaserde(rename = "maxDownloadSize")]
+    pub max_download_size: i32,
+    #[yaserde(rename = "maxUploadSize")]
+    pub max_upload_size: i32,
+    #[yaserde(rename = "OverallBandwidthTrotteling")]
+    pub overall_bandwidth_trotteling: i32,
+    #[yaserde(rename = "perHostTrotteling")]
+    pub per_host_trotteling: i32,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -923,11 +916,16 @@ pub struct Forward {
     pub snmp_enable: i32,
     pub snmp_port: i32,
     pub snmp_password: String,
-    pub ftpInterfaces: MaybeString,
-    pub ftpPort: i32,
-    pub ftpTransparentMode: i32,
-    pub addACLforInterfaceSubnets: i32,
-    pub transparentMode: i32,
+    #[yaserde(rename = "ftpInterfaces")]
+    pub ftp_interfaces: MaybeString,
+    #[yaserde(rename = "ftpPort")]
+    pub ftp_port: i32,
+    #[yaserde(rename = "ftpTransparentMode")]
+    pub ftp_transparent_mode: i32,
+    #[yaserde(rename = "addACLforInterfaceSubnets")]
+    pub add_acl_for_interface_subnets: i32,
+    #[yaserde(rename = "transparentMode")]
+    pub transparent_mode: i32,
     pub acl: Acl,
     pub icap: Icap,
     pub authentication: Authentication,
@@ -935,47 +933,66 @@ pub struct Forward {
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Acl {
-    pub allowedSubnets: MaybeString,
+    #[yaserde(rename = "allowedSubnets")]
+    pub allowed_subnets: MaybeString,
     pub unrestricted: MaybeString,
-    pub bannedHosts: MaybeString,
-    pub whiteList: MaybeString,
-    pub blackList: MaybeString,
+    #[yaserde(rename = "bannedHosts")]
+    pub banned_hosts: MaybeString,
+    #[yaserde(rename = "whiteList")]
+    pub white_list: MaybeString,
+    #[yaserde(rename = "blackList")]
+    pub black_list: MaybeString,
     pub browser: MaybeString,
-    pub mimeType: MaybeString,
-    pub googleapps: MaybeString,
+    #[yaserde(rename = "mimeType")]
+    pub mime_type: MaybeString,
+    pub google_apps: MaybeString,
     pub youtube: MaybeString,
-    pub safePorts: String,
-    pub sslPorts: String,
-    pub remoteACLs: RemoteAcls,
+    #[yaserde(rename = "safePorts")]
+    pub safe_ports: String,
+    #[yaserde(rename = "sslPorts")]
+    pub ssl_ports: String,
+    #[yaserde(rename = "remoteACLs")]
+    pub remote_acls: RemoteAcls,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct RemoteAcls {
     pub blacklists: MaybeString,
-    pub UpdateCron: MaybeString,
+    #[yaserde(rename = "UpdateCron")]
+    pub update_cron: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Icap {
     pub enable: i32,
-    pub RequestURL: String,
-    pub ResponseURL: String,
-    pub SendClientIP: i32,
-    pub SendUsername: i32,
-    pub EncodeUsername: i32,
-    pub UsernameHeader: String,
-    pub EnablePreview: i32,
-    pub PreviewSize: i32,
-    pub OptionsTTL: i32,
+    #[yaserde(rename = "RequestURL")]
+    pub request_url: String,
+    #[yaserde(rename = "ResponseURL")]
+    pub response_url: String,
+    #[yaserde(rename = "SendClientIP")]
+    pub send_client_ip: i32,
+    #[yaserde(rename = "SendUsername")]
+    pub send_username: i32,
+    #[yaserde(rename = "EncodeUsername")]
+    pub encode_username: i32,
+    #[yaserde(rename = "UsernameHeader")]
+    pub username_header: String,
+    #[yaserde(rename = "EnablePreview")]
+    pub enable_preview: i32,
+    #[yaserde(rename = "PreviewSize")]
+    pub preview_size: i32,
+    #[yaserde(rename = "OptionsTTL")]
+    pub options_ttl: i32,
     pub exclude: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Authentication {
     pub method: MaybeString,
-    pub authEnforceGroup: MaybeString,
+    #[yaserde(rename = "authEnforceGroup")]
+    pub auth_enforce_group: MaybeString,
     pub realm: String,
-    pub credentialsttl: i32,
+    pub credentialsttl: i32, // This field is already in snake_case
     pub children: i32,
 }
 
@@ -1263,8 +1280,11 @@ pub struct Account {
 pub struct ConfigOpenVPN {
     #[yaserde(attribute)]
     pub version: String,
+    #[yaserde(rename = "Overwrites")]
     pub Overwrites: MaybeString,
+    #[yaserde(rename = "Instances")]
     pub Instances: MaybeString,
+    #[yaserde(rename = "StaticKeys")]
     pub StaticKeys: MaybeString,
 }
 
@@ -1327,12 +1347,18 @@ pub struct CronJobs {
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct HaProxyGeneral {
     pub enabled: i32,
-    pub gracefulStop: i32,
-    pub hardStopAfter: String,
-    pub closeSpreadTime: MaybeString,
-    pub seamlessReload: i32,
-    pub storeOcsp: i32,
-    pub showIntro: i32,
+    #[yaserde(rename = "gracefulStop")]
+    pub graceful_stop: i32,
+    #[yaserde(rename = "hardStopAfter")]
+    pub hard_stop_after: String,
+    #[yaserde(rename = "closeSpreadTime")]
+    pub close_spread_time: MaybeString,
+    #[yaserde(rename = "seamlessReload")]
+    pub seamless_reload: i32,
+    #[yaserde(rename = "storeOcsp")]
+    pub store_ocsp: i32,
+    #[yaserde(rename = "showIntro")]
+    pub show_intro: i32,
     pub peers: Peers,
     pub tuning: Tuning,
     pub defaults: HaProxyDefaults,
@@ -1355,36 +1381,56 @@ pub struct Peers {
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Tuning {
     pub root: i32,
-    pub maxConnections: MaybeString,
+    #[yaserde(rename = "maxConnections")]
+    pub max_connections: MaybeString,
     pub nbthread: i32,
-    pub sslServerVerify: String,
-    pub maxDHSize: i32,
-    pub bufferSize: i32,
-    pub spreadChecks: i32,
-    pub bogusProxyEnabled: i32,
-    pub luaMaxMem: i32,
-    pub customOptions: MaybeString,
+    #[yaserde(rename = "sslServerVerify")]
+    pub ssl_server_verify: String,
+    #[yaserde(rename = "maxDHSize")]
+    pub max_dh_size: i32,
+    #[yaserde(rename = "bufferSize")]
+    pub buffer_size: i32,
+    #[yaserde(rename = "spreadChecks")]
+    pub spread_checks: i32,
+    #[yaserde(rename = "bogusProxyEnabled")]
+    pub bogus_proxy_enabled: i32,
+    #[yaserde(rename = "luaMaxMem")]
+    pub lua_max_mem: i32,
+    #[yaserde(rename = "customOptions")]
+    pub custom_options: MaybeString,
     #[yaserde(rename = "ssl_defaultsEnabled")]
     pub ssl_defaults_enabled: i32,
-    pub ssl_bindOptions: String,
-    pub ssl_minVersion: String,
-    pub ssl_maxVersion: MaybeString,
-    pub ssl_cipherList: String,
-    pub ssl_cipherSuites: String,
+    #[yaserde(rename = "ssl_bindOptions")]
+    pub ssl_bind_options: String,
+    #[yaserde(rename = "ssl_minVersion")]
+    pub ssl_min_version: String,
+    #[yaserde(rename = "ssl_maxVersion")]
+    pub ssl_max_version: MaybeString,
+    #[yaserde(rename = "ssl_cipherList")]
+    pub ssl_cipher_list: String,
+    #[yaserde(rename = "ssl_cipherSuites")]
+    pub ssl_cipher_suites: String,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct HaProxyDefaults {
-    pub maxConnections: MaybeString,
-    pub maxConnectionsServers: MaybeString,
-    pub timeoutClient: String,
-    pub timeoutConnect: String,
-    pub timeoutCheck: MaybeString,
-    pub timeoutServer: String,
+    #[yaserde(rename = "maxConnections")]
+    pub max_connections: MaybeString,
+    #[yaserde(rename = "maxConnectionsServers")]
+    pub max_connections_servers: MaybeString,
+    #[yaserde(rename = "timeoutClient")]
+    pub timeout_client: String,
+    #[yaserde(rename = "timeoutConnect")]
+    pub timeout_connect: String,
+    #[yaserde(rename = "timeoutCheck")]
+    pub timeout_check: MaybeString,
+    #[yaserde(rename = "timeoutServer")]
+    pub timeout_server: String,
     pub retries: i32,
     pub redispatch: String,
     pub init_addr: String,
-    pub customOptions: MaybeString,
+    #[yaserde(rename = "customOptions")]
+    pub custom_options: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -1399,13 +1445,20 @@ pub struct HaProxyLogging {
 pub struct Stats {
     pub enabled: i32,
     pub port: i32,
-    pub remoteEnabled: i32,
-    pub remoteBind: MaybeString,
-    pub authEnabled: i32,
+    #[yaserde(rename = "remoteEnabled")]
+    pub remote_enabled: i32,
+    #[yaserde(rename = "remoteBind")]
+    pub remote_bind: MaybeString,
+    #[yaserde(rename = "authEnabled")]
+    pub auth_enabled: i32,
+    #[yaserde(rename = "users")]
     pub users: MaybeString,
-    pub allowedUsers: MaybeString,
-    pub allowedGroups: MaybeString,
-    pub customOptions: MaybeString,
+    #[yaserde(rename = "allowedUsers")]
+    pub allowed_users: MaybeString,
+    #[yaserde(rename = "allowedGroups")]
+    pub allowed_groups: MaybeString,
+    #[yaserde(rename = "customOptions")]
+    pub custom_options: MaybeString,
     pub prometheus_enabled: i32,
     pub prometheus_bind: String,
     pub prometheus_path: String,
@@ -1414,16 +1467,20 @@ pub struct Stats {
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct HaProxyCache {
     pub enabled: i32,
-    pub totalMaxSize: i32,
-    pub maxAge: i32,
-    pub maxObjectSize: MaybeString,
-    pub processVary: i32,
-    pub maxSecondaryEntries: i32,
+    #[yaserde(rename = "totalMaxSize")]
+    pub total_max_size: i32,
+    #[yaserde(rename = "maxAge")]
+    pub max_age: i32,
+    #[yaserde(rename = "maxObjectSize")]
+    pub max_object_size: MaybeString,
+    #[yaserde(rename = "processVary")]
+    pub process_vary: i32,
+    #[yaserde(rename = "maxSecondaryEntries")]
+    pub max_secondary_entries: i32,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct HAProxyFrontends {
-    #[yaserde(rename = "frontend")]
     pub frontend: Vec<Frontend>,
 }
 
@@ -1436,64 +1493,108 @@ pub struct Frontend {
     pub name: String,
     pub description: String,
     pub bind: String,
-    pub bindOptions: MaybeString,
+    #[yaserde(rename = "bindOptions")]
+    pub bind_options: MaybeString,
     pub mode: String,
-    pub defaultBackend: String,
+    #[yaserde(rename = "defaultBackend")]
+    pub default_backend: String,
     pub ssl_enabled: i32,
     pub ssl_certificates: MaybeString,
     pub ssl_default_certificate: MaybeString,
-    pub ssl_customOptions: MaybeString,
-    pub ssl_advancedEnabled: i32,
-    pub ssl_bindOptions: String,
-    pub ssl_minVersion: String,
-    pub ssl_maxVersion: MaybeString,
-    pub ssl_cipherList: String,
-    pub ssl_cipherSuites: String,
-    pub ssl_hstsEnabled: i32,
-    pub ssl_hstsIncludeSubDomains: i32,
-    pub ssl_hstsPreload: i32,
-    pub ssl_hstsMaxAge: i32,
-    pub ssl_clientAuthEnabled: i32,
-    pub ssl_clientAuthVerify: String,
-    pub ssl_clientAuthCAs: MaybeString,
-    pub ssl_clientAuthCRLs: MaybeString,
-    pub basicAuthEnabled: i32,
-    pub basicAuthUsers: MaybeString,
-    pub basicAuthGroups: MaybeString,
-    pub tuning_maxConnections: MaybeString,
-    pub tuning_timeoutClient: MaybeString,
-    pub tuning_timeoutHttpReq: MaybeString,
-    pub tuning_timeoutHttpKeepAlive: MaybeString,
-    pub linkedCpuAffinityRules: MaybeString,
+    #[yaserde(rename = "ssl_customOptions")]
+    pub ssl_custom_options: MaybeString,
+    #[yaserde(rename = "ssl_advancedEnabled")]
+    pub ssl_advanced_enabled: i32,
+    #[yaserde(rename = "ssl_bindOptions")]
+    pub ssl_bind_options: String,
+    #[yaserde(rename = "ssl_minVersion")]
+    pub ssl_min_version: String,
+    #[yaserde(rename = "ssl_maxVersion")]
+    pub ssl_max_version: MaybeString,
+    #[yaserde(rename = "ssl_cipherList")]
+    pub ssl_cipher_list: String,
+    #[yaserde(rename = "ssl_cipherSuites")]
+    pub ssl_cipher_suites: String,
+    #[yaserde(rename = "ssl_hstsEnabled")]
+    pub ssl_hsts_enabled: i32,
+    #[yaserde(rename = "ssl_hstsIncludeSubDomains")]
+    pub ssl_hsts_include_sub_domains: i32,
+    #[yaserde(rename = "ssl_hstsPreload")]
+    pub ssl_hsts_preload: i32,
+    #[yaserde(rename = "ssl_hstsMaxAge")]
+    pub ssl_hsts_max_age: i32,
+    #[yaserde(rename = "ssl_clientAuthEnabled")]
+    pub ssl_client_auth_enabled: i32,
+    #[yaserde(rename = "ssl_clientAuthVerify")]
+    pub ssl_client_auth_verify: String,
+    #[yaserde(rename = "ssl_clientAuthCAs")]
+    pub ssl_client_auth_cas: MaybeString,
+    #[yaserde(rename = "ssl_clientAuthCRLs")]
+    pub ssl_client_auth_cr_ls: MaybeString,
+    #[yaserde(rename = "basicAuthEnabled")]
+    pub basic_auth_enabled: i32,
+    #[yaserde(rename = "basicAuthUsers")]
+    pub basic_auth_users: MaybeString,
+    #[yaserde(rename = "basicAuthGroups")]
+    pub basic_auth_groups: MaybeString,
+    #[yaserde(rename = "tuning_maxConnections")]
+    pub tuning_max_connections: MaybeString,
+    #[yaserde(rename = "tuning_timeoutClient")]
+    pub tuning_timeout_client: MaybeString,
+    #[yaserde(rename = "tuning_timeoutHttpReq")]
+    pub tuning_timeout_http_req: MaybeString,
+    #[yaserde(rename = "tuning_timeoutHttpKeepAlive")]
+    pub tuning_timeout_http_keep_alive: MaybeString,
+    #[yaserde(rename = "linkedCpuAffinityRules")]
+    pub linked_cpu_affinity_rules: MaybeString,
     pub tuning_shards: MaybeString,
-    pub logging_dontLogNull: i32,
-    pub logging_dontLogNormal: i32,
-    pub logging_logSeparateErrors: i32,
-    pub logging_detailedLog: i32,
-    pub logging_socketStats: i32,
+    #[yaserde(rename = "logging_dontLogNull")]
+    pub logging_dont_log_null: i32,
+    #[yaserde(rename = "logging_dontLogNormal")]
+    pub logging_dont_log_normal: i32,
+    #[yaserde(rename = "logging_logSeparateErrors")]
+    pub logging_log_separate_errors: i32,
+    #[yaserde(rename = "logging_detailedLog")]
+    pub logging_detailed_log: i32,
+    #[yaserde(rename = "logging_socketStats")]
+    pub logging_socket_stats: i32,
     pub stickiness_pattern: MaybeString,
-    pub stickiness_dataTypes: MaybeString,
+    #[yaserde(rename = "stickiness_dataTypes")]
+    pub stickiness_data_types: MaybeString,
     pub stickiness_expire: String,
     pub stickiness_size: String,
     pub stickiness_counter: i32,
     pub stickiness_counter_key: String,
     pub stickiness_length: MaybeString,
-    pub stickiness_connRatePeriod: String,
-    pub stickiness_sessRatePeriod: String,
-    pub stickiness_httpReqRatePeriod: String,
-    pub stickiness_httpErrRatePeriod: String,
-    pub stickiness_bytesInRatePeriod: String,
-    pub stickiness_bytesOutRatePeriod: String,
-    pub http2Enabled: i32,
-    pub http2Enabled_nontls: i32,
+    #[yaserde(rename = "stickiness_connRatePeriod")]
+    pub stickiness_conn_rate_period: String,
+    #[yaserde(rename = "stickiness_sessRatePeriod")]
+    pub stickiness_sess_rate_period: String,
+    #[yaserde(rename = "stickiness_httpReqRatePeriod")]
+    pub stickiness_http_req_rate_period: String,
+    #[yaserde(rename = "stickiness_httpErrRatePeriod")]
+    pub stickiness_http_err_rate_period: String,
+    #[yaserde(rename = "stickiness_bytesInRatePeriod")]
+    pub stickiness_bytes_in_rate_period: String,
+    #[yaserde(rename = "stickiness_bytesOutRatePeriod")]
+    pub stickiness_bytes_out_rate_period: String,
+    #[yaserde(rename = "http2Enabled")]
+    pub http2_enabled: i32,
+    #[yaserde(rename = "http2Enabled_nontls")]
+    pub http2_enabled_nontls: i32,
     pub advertised_protocols: String,
-    pub forwardFor: i32,
+    #[yaserde(rename = "forwardFor")]
+    pub forward_for: i32,
     pub prometheus_enabled: i32,
     pub prometheus_path: String,
-    pub connectionBehaviour: String,
-    pub customOptions: MaybeString,
-    pub linkedActions: MaybeString,
-    pub linkedErrorfiles: MaybeString,
+    #[yaserde(rename = "connectionBehaviour")]
+    pub connection_behaviour: String,
+    #[yaserde(rename = "customOptions")]
+    pub custom_options: MaybeString,
+    #[yaserde(rename = "linkedActions")]
+    pub linked_actions: MaybeString,
+    #[yaserde(rename = "linkedErrorfiles")]
+    pub linked_error_files: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -1628,29 +1729,19 @@ pub struct HAProxyServers {
 pub struct HAProxyServer {
     #[yaserde(attribute, rename = "uuid")]
     pub uuid: String,
-    #[yaserde(rename = "id")]
     pub id: String,
-    #[yaserde(rename = "enabled")]
     pub enabled: u8,
-    #[yaserde(rename = "name")]
     pub name: String,
-    #[yaserde(rename = "description")]
     pub description: MaybeString,
-    #[yaserde(rename = "address")]
     pub address: String,
-    #[yaserde(rename = "port")]
     pub port: u16,
-    #[yaserde(rename = "checkport")]
     pub checkport: MaybeString,
-    #[yaserde(rename = "mode")]
     pub mode: String,
-    #[yaserde(rename = "multiplexer_protocol")]
     pub multiplexer_protocol: String,
     #[yaserde(rename = "type")]
     pub server_type: String,
     #[yaserde(rename = "serviceName")]
     pub service_name: MaybeString,
-    #[yaserde(rename = "number")]
     pub number: MaybeString,
     #[yaserde(rename = "linkedResolver")]
     pub linked_resolver: MaybeString,
@@ -1658,7 +1749,6 @@ pub struct HAProxyServer {
     pub resolver_opts: MaybeString,
     #[yaserde(rename = "resolvePrefer")]
     pub resolve_prefer: MaybeString,
-    #[yaserde(rename = "ssl")]
     pub ssl: u8,
     #[yaserde(rename = "sslSNI")]
     pub ssl_sni: MaybeString,
@@ -1672,15 +1762,12 @@ pub struct HAProxyServer {
     pub ssl_client_certificate: MaybeString,
     #[yaserde(rename = "maxConnections")]
     pub max_connections: MaybeString,
-    #[yaserde(rename = "weight")]
     pub weight: u32,
     #[yaserde(rename = "checkInterval")]
     pub check_interval: MaybeString,
     #[yaserde(rename = "checkDownInterval")]
     pub check_down_interval: MaybeString,
-    #[yaserde(rename = "source")]
     pub source: MaybeString,
-    #[yaserde(rename = "advanced")]
     pub advanced: MaybeString,
     #[yaserde(rename = "unix_socket")]
     pub unix_socket: MaybeString,
diff --git a/harmony-rs/opnsense-config-xml/src/lib.rs b/harmony-rs/opnsense-config-xml/src/lib.rs
new file mode 100644
index 0000000..aa934ca
--- /dev/null
+++ b/harmony-rs/opnsense-config-xml/src/lib.rs
@@ -0,0 +1,3 @@
+mod xml_utils;
+mod data;
+pub use data::*;
diff --git a/harmony-rs/opnsense-config/src/infra/generic_xml.rs b/harmony-rs/opnsense-config-xml/src/xml_utils/generic_xml.rs
similarity index 99%
rename from harmony-rs/opnsense-config/src/infra/generic_xml.rs
rename to harmony-rs/opnsense-config-xml/src/xml_utils/generic_xml.rs
index dfeae73..a1d4fff 100644
--- a/harmony-rs/opnsense-config/src/infra/generic_xml.rs
+++ b/harmony-rs/opnsense-config-xml/src/xml_utils/generic_xml.rs
@@ -118,7 +118,7 @@ impl YaSerializeTrait for RawXml {
 
 #[cfg(test)]
 mod test {
-    use crate::infra::yaserde::to_xml_str;
+    use crate::xml_utils::to_xml_str;
 
     use super::*;
     use pretty_assertions::assert_eq;
diff --git a/harmony-rs/opnsense-config/src/infra/maybe_string.rs b/harmony-rs/opnsense-config-xml/src/xml_utils/maybe_string.rs
similarity index 100%
rename from harmony-rs/opnsense-config/src/infra/maybe_string.rs
rename to harmony-rs/opnsense-config-xml/src/xml_utils/maybe_string.rs
diff --git a/harmony-rs/opnsense-config-xml/src/xml_utils/mod.rs b/harmony-rs/opnsense-config-xml/src/xml_utils/mod.rs
new file mode 100644
index 0000000..2866d26
--- /dev/null
+++ b/harmony-rs/opnsense-config-xml/src/xml_utils/mod.rs
@@ -0,0 +1,6 @@
+mod generic_xml;
+mod maybe_string;
+mod yaserde;
+pub use generic_xml::*;
+pub use maybe_string::*;
+pub use yaserde::*;
diff --git a/harmony-rs/opnsense-config/src/infra/yaserde.rs b/harmony-rs/opnsense-config-xml/src/xml_utils/yaserde.rs
similarity index 100%
rename from harmony-rs/opnsense-config/src/infra/yaserde.rs
rename to harmony-rs/opnsense-config-xml/src/xml_utils/yaserde.rs
diff --git a/harmony-rs/opnsense-config/Cargo.toml b/harmony-rs/opnsense-config/Cargo.toml
index ca7a3ea..8acb92d 100644
--- a/harmony-rs/opnsense-config/Cargo.toml
+++ b/harmony-rs/opnsense-config/Cargo.toml
@@ -1,7 +1,9 @@
 [package]
 name = "opnsense-config"
-version = "0.1.0"
 edition = "2021"
+version.workspace = true
+readme.workspace = true
+license.workspace = true
 
 [dependencies]
 serde = { version = "1.0.123", features = [ "derive" ] }
@@ -9,14 +11,10 @@ log = { workspace = true }
 env_logger = { workspace = true }
 russh = { workspace = true }
 russh-keys = { workspace = true }
-#yaserde = { git = "https://git.nationtech.io/NationTech/yaserde" }
-#yaserde_derive = { git = "https://git.nationtech.io/NationTech/yaserde" }
-yaserde = { path = "../../../../github/yaserde/yaserde" }
-yaserde_derive = { path = "../../../../github/yaserde/yaserde_derive" }
-xml-rs = "0.8"
 thiserror = "1.0"
 async-trait = { workspace = true }
 tokio = { workspace = true }
+opnsense-config-xml = { path = "../opnsense-config-xml" }
 
 [dev-dependencies]
 pretty_assertions = "1.4.1"
diff --git a/harmony-rs/opnsense-config/src/config.rs b/harmony-rs/opnsense-config/src/config.rs
index 947e774..36681f6 100644
--- a/harmony-rs/opnsense-config/src/config.rs
+++ b/harmony-rs/opnsense-config/src/config.rs
@@ -1,10 +1,10 @@
 use crate::error::Error;
-use crate::modules::opnsense::OPNsense;
 use async_trait::async_trait;
-use log::info;
+use log::{info, trace};
+use opnsense_config_xml::OPNsense;
 use russh::client::{Config as SshConfig, Handler};
 use russh_keys::key;
-use std::{fs, net::Ipv4Addr, path::Path, sync::Arc};
+use std::{fs, net::Ipv4Addr, sync::Arc};
 
 #[async_trait]
 pub trait ConfigRepository: std::fmt::Debug {
@@ -87,6 +87,7 @@ impl ConfigRepository for SshConfigRepository {
             .await?;
 
         let mut channel = ssh.channel_open_session().await?;
+        todo!("Backup, Validate, Reload config file");
 
         let command = format!(
             "echo '{}' > /conf/config.xml",
@@ -144,9 +145,9 @@ pub struct Config {
 impl Config {
     pub async fn new(repository: Box<dyn ConfigRepository + Send + Sync>) -> Result<Self, Error> {
         let xml = repository.load().await?;
-        info!("xml {}", xml);
+        trace!("xml {}", xml);
 
-        let opnsense = yaserde::de::from_str(&xml).map_err(|e| Error::Xml(e.to_string()))?;
+        let opnsense = OPNsense::from(xml);
 
         Ok(Self {
             opnsense,
@@ -163,15 +164,12 @@ impl Config {
     }
 
     pub async fn save(&self) -> Result<(), Error> {
-        let xml = yaserde::ser::to_string(&self.opnsense).map_err(|e| Error::Xml(e.to_string()))?;
-        self.repository.save(&xml).await
+        self.repository.save(&self.opnsense.to_xml()).await
     }
 }
 
 #[cfg(test)]
 mod tests {
-    use crate::infra::yaserde::to_xml_str;
-
     use super::*;
     use std::path::PathBuf;
     use pretty_assertions::assert_eq;
@@ -191,11 +189,33 @@ mod tests {
 
         println!("Config {:?}", config);
 
-        let serialized = to_xml_str(&config.opnsense).unwrap();
+        let serialized = config.opnsense.to_xml();
 
         fs::write("/tmp/serialized.xml", &serialized).unwrap();
 
         assert_eq!(config_file_str, serialized);
     }
 
+    #[tokio::test]
+    async fn test_add_dhcpd_static_entry() {
+        let mut test_file_path = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
+        test_file_path.push("src/tests/data/config-full-1.xml");
+
+        let config_file_path = test_file_path.to_str().unwrap().to_string();
+        println!("File path {config_file_path}");
+        let repository = Box::new(LocalFileConfigRepository::new(config_file_path));
+        let config_file_str = repository.load().await.unwrap();
+        let mut config = Config::new(repository)
+            .await
+            .expect("Failed to load config");
+
+        println!("Config {:?}", config);
+
+        let serialized = config.opnsense.to_xml();
+
+        fs::write("/tmp/serialized.xml", &serialized).unwrap();
+
+        assert_eq!(config_file_str, serialized);
+        todo!();
+    }
 }
diff --git a/harmony-rs/opnsense-config/src/infra/mod.rs b/harmony-rs/opnsense-config/src/infra/mod.rs
deleted file mode 100644
index 9c67f9a..0000000
--- a/harmony-rs/opnsense-config/src/infra/mod.rs
+++ /dev/null
@@ -1,4 +0,0 @@
-pub mod generic_xml;
-pub mod maybe_string;
-pub mod yaserde;
-
diff --git a/harmony-rs/opnsense-config/src/lib.rs b/harmony-rs/opnsense-config/src/lib.rs
index e0e5967..6625b3a 100644
--- a/harmony-rs/opnsense-config/src/lib.rs
+++ b/harmony-rs/opnsense-config/src/lib.rs
@@ -1,7 +1,23 @@
 pub mod config;
-pub mod modules;
 pub mod error;
-pub mod infra;
+pub mod modules;
+use std::net::Ipv4Addr;
 
 pub use config::Config;
 pub use error::Error;
+use modules::dhcp::DhcpConfig;
+use opnsense_config_xml::OPNsense;
+
+#[tokio::test]
+async fn test_public_sdk() {
+    let mut opnsense = OPNsense::default();
+    let mut dhcpd = DhcpConfig::new(&mut opnsense);
+    dhcpd.add_static_mapping(
+        "test_mac",
+        Ipv4Addr::new(192, 168, 168, 168),
+        "test_hostname",
+    );
+
+    todo!();
+    // opnsense.apply_changes().await;
+}
diff --git a/harmony-rs/opnsense-config/src/modules/deserializer/interfaces.rs b/harmony-rs/opnsense-config/src/modules/deserializer/interfaces.rs
deleted file mode 100644
index 277048f..0000000
--- a/harmony-rs/opnsense-config/src/modules/deserializer/interfaces.rs
+++ /dev/null
@@ -1,111 +0,0 @@
-use xml::reader::XmlEvent;
-use yaserde::{YaDeserialize, YaSerialize};
-
-use crate::modules::opnsense::{Interface, Interfaces};
-
-impl YaSerialize for Interfaces {
-    fn serialize<W: std::io::Write>(
-        &self,
-        writer: &mut yaserde::ser::Serializer<W>,
-    ) -> Result<(), String> {
-        writer.write("Interfaces serializer TODO");
-        Ok(())
-    }
-
-    fn serialize_attributes(
-        &self,
-        attributes: Vec<xml::attribute::OwnedAttribute>,
-        namespace: xml::namespace::Namespace,
-    ) -> Result<
-        (
-            Vec<xml::attribute::OwnedAttribute>,
-            xml::namespace::Namespace,
-        ),
-        String,
-    > {
-        todo!()
-    }
-}
-
-impl YaDeserialize for Interfaces {
-    fn deserialize<R: std::io::Read>(
-        reader: &mut yaserde::de::Deserializer<R>,
-    ) -> Result<Self, String> {
-        let mut interfaces = Interfaces::default();
-        let mut current_interface_name = String::new();
-        let mut current_interface = Interface::default();
-
-        let mut event = reader.next_event()?;
-        loop {
-            match event {
-                xml::reader::XmlEvent::EndElement { name } => {
-                    println!(
-                        "Handling EndElement {}, current_interface_name: {}",
-                        name.local_name, current_interface_name
-                    );
-                    println!("Peeking after EndElement {:?}", reader.peek()?);
-                    if name.local_name == "interfaces" {
-                        break;
-                    }
-                    todo!("Should not hit here");
-                }
-                xml::reader::XmlEvent::StartElement { ref name, .. } => {
-                    println!("Got start Element {:?}", name);
-                    current_interface_name = name.local_name.clone();
-                    println!("About to deserialize interface from name {:?}", name);
-                    // TODO store names
-                    'inner_iface: loop {
-                        let peek = reader.peek()?;
-                        println!("Peeking before forcing next event {:?}", peek);
-
-                        if let XmlEvent::EndElement { name } = peek {
-                            // TODO save the interface name and struct in the hashmap
-                            println!("Forcing next_event");
-                            reader.next_event()?;
-
-                            let peek = reader.peek()?;
-                            println!("Peeking after next event deserializing {:?}", peek);
-                            if let XmlEvent::EndElement { name } = peek {
-                                println!("Got two EndElement in a row, breaking out of loop");
-                                break 'inner_iface;
-                            }
-                        }
-                        println!("Peeking before deserializing {:?}", reader.peek()?);
-                        let interface = <Interface as yaserde::YaDeserialize>::deserialize(reader)?;
-                        println!("Interface deserialized {:?}", interface);
-                        println!("Peeking after deserializing {:?}", reader.peek()?);
-                    }
-                    println!(
-                        "Done with inner interface, loop completed {:?}",
-                        reader.peek()?
-                    );
-                }
-                xml::reader::XmlEvent::EndDocument => break,
-                _ => {
-                    return Err(
-                        "This Interfaces Deserializer does not support all XmlEvent types".into(),
-                    )
-                }
-            }
-            let peek = reader.peek()?;
-
-            let read_next = true;
-            if let XmlEvent::EndElement { name } = peek {
-                if name.local_name == "interfaces" {
-                    println!("Got endElement interfaces, not reading next event");
-                    break;
-                }
-            }
-
-            if read_next {
-                event = reader.next_event()?;
-            }
-            println!("Outer loop got event {:?}", event);
-            println!("Outer loop got peek {:?}", reader.peek()?);
-        }
-        println!("Done with interfaces {:?}", interfaces);
-        println!("reader peeking shows {:?}", reader.peek());
-
-        Ok(interfaces)
-    }
-}
diff --git a/harmony-rs/opnsense-config/src/modules/deserializer/mod.rs b/harmony-rs/opnsense-config/src/modules/deserializer/mod.rs
deleted file mode 100644
index e358e80..0000000
--- a/harmony-rs/opnsense-config/src/modules/deserializer/mod.rs
+++ /dev/null
@@ -1,3 +0,0 @@
-
-mod interfaces;
-
diff --git a/harmony-rs/opnsense-config/src/modules/dhcp.rs b/harmony-rs/opnsense-config/src/modules/dhcp.rs
index 0b5b766..4b50d18 100644
--- a/harmony-rs/opnsense-config/src/modules/dhcp.rs
+++ b/harmony-rs/opnsense-config/src/modules/dhcp.rs
@@ -1,12 +1,9 @@
+use opnsense_config_xml::Range;
+use opnsense_config_xml::StaticMap;
 use std::cmp::Ordering;
-use std::net::IpAddr;
 use std::net::Ipv4Addr;
 
-use super::opnsense::{OPNsense, StaticMap};
-use crate::infra::maybe_string::MaybeString;
-use crate::modules::opnsense::NumberOption;
-use crate::modules::opnsense::Range;
-use yaserde_derive::{YaDeserialize, YaSerialize};
+use opnsense_config_xml::OPNsense;
 
 pub struct DhcpConfig<'a> {
     opnsense: &'a mut OPNsense,
@@ -48,41 +45,48 @@ impl<'a> DhcpConfig<'a> {
 
     pub fn add_static_mapping(
         &mut self,
-        mac: String,
+        mac: &str,
         ipaddr: Ipv4Addr,
-        hostname: String,
+        hostname: &str,
     ) -> Result<(), DhcpError> {
-        let range: Range = todo!();
+        let mac = mac.to_string();
+        let hostname = hostname.to_string();
+        let range = &self.opnsense.dhcpd.lan.range;
+
         if !Self::is_valid_mac(&mac) {
             return Err(DhcpError::InvalidMacAddress(mac));
         }
 
-        // if !Self::is_ip_in_range(&ipaddr, range) {
-        //     return Err(DhcpError::IpAddressOutOfRange(ipaddr));
-        // }
+        if !Self::is_ip_in_range(&ipaddr, range) {
+            return Err(DhcpError::IpAddressOutOfRange(ipaddr.to_string()));
+        }
 
         let existing_mappings = &self.opnsense.dhcpd.lan.staticmaps;
 
-        // TODO
-        // if existing_mappings.iter().any(|m| m.ipaddr == ipaddr) {
-        //     return Err(DhcpError::IpAddressAlreadyMapped(ipaddr));
-        // }
+        if existing_mappings.iter().any(|m| {
+            m.ipaddr
+                .parse::<Ipv4Addr>()
+                .expect("Mapping contains invalid ipv4")
+                == ipaddr
+        }) {
+            return Err(DhcpError::IpAddressAlreadyMapped(ipaddr.to_string()));
+        }
 
-        // if existing_mappings.iter().any(|m| m.mac == mac) {
-        //     return Err(DhcpError::MacAddressAlreadyMapped(mac));
-        // }
+        if existing_mappings.iter().any(|m| m.mac == mac) {
+            return Err(DhcpError::MacAddressAlreadyMapped(mac));
+        }
 
-        // let static_map = StaticMap {
-        //     mac,
-        //     ipaddr,
-        //     hostname,
-        //     descr: Default::default(),
-        //     winsserver: Default::default(),
-        //     dnsserver: Default::default(),
-        //     ntpserver: Default::default(),
-        // };
+        let static_map = StaticMap {
+            mac,
+            ipaddr: ipaddr.to_string(),
+            hostname,
+            descr: Default::default(),
+            winsserver: Default::default(),
+            dnsserver: Default::default(),
+            ntpserver: Default::default(),
+        };
 
-        // self.opnsense.dhcpd.lan.staticmaps.push(static_map);
+        self.opnsense.dhcpd.lan.staticmaps.push(static_map);
         Ok(())
     }
 
@@ -101,7 +105,7 @@ impl<'a> DhcpConfig<'a> {
             .all(|part| part.len() == 2 && part.chars().all(|c| c.is_ascii_hexdigit()))
     }
 
-    fn is_ip_in_range(ip: &Ipv4Addr, range: Range) -> bool {
+    fn is_ip_in_range(ip: &Ipv4Addr, range: &Range) -> bool {
         let range_start = range
             .from
             .parse::<Ipv4Addr>()
@@ -121,114 +125,11 @@ impl<'a> DhcpConfig<'a> {
     }
 }
 
-#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
-#[yaserde(rename = "dhcpd")]
-pub struct Dhcpd {
-    #[yaserde(rename = "lan")]
-    pub lan: DhcpInterface,
-}
-
-#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
-pub struct DhcpInterface {
-    pub enable: i32,
-    pub gateway: String,
-    pub domain: String,
-    #[yaserde(rename = "ddnsdomainalgorithm")]
-    pub ddns_domain_algorithm: String,
-    #[yaserde(rename = "numberoptions")]
-    pub number_options: Vec<NumberOption>,
-    #[yaserde(rename = "range")]
-    pub range: Range,
-    pub winsserver: MaybeString,
-    pub dnsserver: MaybeString,
-    pub ntpserver: MaybeString,
-    #[yaserde(rename = "staticmap")]
-    pub staticmaps: Vec<StaticMap>,
-    pub pool: MaybeString,
-}
-
-#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
-pub struct DhcpRange {
-    #[yaserde(rename = "from")]
-    pub from: String,
-    #[yaserde(rename = "to")]
-    pub to: String,
-}
-
 #[cfg(test)]
 mod test {
-    use std::net::Ipv4Addr;
-    use crate::infra::yaserde::to_xml_str;
-
     use super::*;
     use pretty_assertions::assert_eq;
-
-    #[test]
-    fn dhcpd_should_deserialize_serialize_identical() {
-        let dhcpd: Dhcpd =
-            yaserde::de::from_str(SERIALIZED_DHCPD).expect("Deserialize Dhcpd failed");
-
-        assert_eq!(
-            to_xml_str(&dhcpd).expect("Serialize Dhcpd failed"),
-            SERIALIZED_DHCPD
-        );
-    }
-
-    const SERIALIZED_DHCPD: &str = "<?xml version=\"1.0\"?>
-<dhcpd>
-  <lan>
-    <enable>1</enable>
-    <gateway>192.168.20.1</gateway>
-    <domain>somedomain.yourlocal.mcd</domain>
-    <ddnsdomainalgorithm>hmac-md5</ddnsdomainalgorithm>
-    <numberoptions>
-      <item/>
-    </numberoptions>
-    <range>
-      <from>192.168.20.50</from>
-      <to>192.168.20.200</to>
-    </range>
-    <winsserver/>
-    <dnsserver>192.168.20.1</dnsserver>
-    <ntpserver/>
-    <staticmap>
-      <mac>55:55:55:55:55:1c</mac>
-      <ipaddr>192.168.20.160</ipaddr>
-      <hostname>somehost983</hostname>
-      <descr>someservire8</descr>
-      <winsserver/>
-      <dnsserver/>
-      <ntpserver/>
-    </staticmap>
-    <staticmap>
-      <mac>55:55:55:55:55:1c</mac>
-      <ipaddr>192.168.20.155</ipaddr>
-      <hostname>somehost893</hostname>
-      <winsserver/>
-      <dnsserver/>
-      <ntpserver/>
-    </staticmap>
-    <staticmap>
-      <mac>55:55:55:55:55:1c</mac>
-      <ipaddr>192.168.20.165</ipaddr>
-      <hostname>somehost893</hostname>
-      <descr/>
-      <winsserver/>
-      <dnsserver/>
-      <ntpserver/>
-    </staticmap>
-    <staticmap>
-      <mac>55:55:55:55:55:1c</mac>
-      <ipaddr>192.168.20.50</ipaddr>
-      <hostname>hostswitch2</hostname>
-      <descr>switch-2 (bottom)</descr>
-      <winsserver/>
-      <dnsserver/>
-      <ntpserver/>
-    </staticmap>
-    <pool/>
-  </lan>
-</dhcpd>\n";
+    use std::net::Ipv4Addr;
 
     #[test]
     fn test_ip_in_range() {
@@ -239,22 +140,23 @@ mod test {
 
         // Test IP within range
         let ip = "192.168.1.150".parse::<Ipv4Addr>().unwrap();
-        assert_eq!(DhcpConfig::is_ip_in_range(&ip, range.clone()), true);
+        assert_eq!(DhcpConfig::is_ip_in_range(&ip, &range), true);
 
         // Test IP at start of range
         let ip = "192.168.1.100".parse::<Ipv4Addr>().unwrap();
-        assert_eq!(DhcpConfig::is_ip_in_range(&ip, range.clone()), true);
+        assert_eq!(DhcpConfig::is_ip_in_range(&ip, &range), true);
 
         // Test IP at end of range
         let ip = "192.168.1.200".parse::<Ipv4Addr>().unwrap();
-        assert_eq!(DhcpConfig::is_ip_in_range(&ip, range.clone()), true);
+        assert_eq!(DhcpConfig::is_ip_in_range(&ip, &range), true);
 
         // Test IP before range
         let ip = "192.168.1.99".parse::<Ipv4Addr>().unwrap();
-        assert_eq!(DhcpConfig::is_ip_in_range(&ip, range.clone()), false);
+        assert_eq!(DhcpConfig::is_ip_in_range(&ip, &range), false);
 
         // Test IP after range
         let ip = "192.168.1.201".parse::<Ipv4Addr>().unwrap();
-        assert_eq!(DhcpConfig::is_ip_in_range(&ip, range.clone()), false);
+        assert_eq!(DhcpConfig::is_ip_in_range(&ip, &range), false);
     }
+
 }
diff --git a/harmony-rs/opnsense-config/src/modules/mod.rs b/harmony-rs/opnsense-config/src/modules/mod.rs
index 0518c7f..5833493 100644
--- a/harmony-rs/opnsense-config/src/modules/mod.rs
+++ b/harmony-rs/opnsense-config/src/modules/mod.rs
@@ -1,3 +1 @@
-pub mod opnsense;
 pub mod dhcp;
-mod deserializer;

From cb1fea1edadddd0b4d1ec6ba39edab56d222c036 Mon Sep 17 00:00:00 2001
From: Jean-Gabriel Gill-Couture <jeangabriel.gc@gmail.com>
Date: Mon, 18 Nov 2024 07:08:03 -0500
Subject: [PATCH 14/19] wip: Interfaces using NamedList helper type to handle
 dynamic interface names, some refactoring on top

---
 .../opnsense-config-xml/interfaces_expand.rs  | 2711 +++++++++++++++++
 .../opnsense-config-xml/src/data/dhcpd.rs     |    2 +-
 .../src/data/interfaces.rs                    |  156 +-
 .../opnsense-config-xml/src/data/opnsense.rs  |    2 +-
 .../src/xml_utils/generic_xml.rs              |    2 +
 .../opnsense-config-xml/src/xml_utils/mod.rs  |    8 +-
 6 files changed, 2746 insertions(+), 135 deletions(-)
 create mode 100644 harmony-rs/opnsense-config-xml/interfaces_expand.rs

diff --git a/harmony-rs/opnsense-config-xml/interfaces_expand.rs b/harmony-rs/opnsense-config-xml/interfaces_expand.rs
new file mode 100644
index 0000000..f5c03c7
--- /dev/null
+++ b/harmony-rs/opnsense-config-xml/interfaces_expand.rs
@@ -0,0 +1,2711 @@
+mod interfaces {
+    use xml::reader::XmlEvent;
+    use yaserde::{
+        raw_xml::RawXml, YaDeserialize as YaDeserializeTrait,
+        YaSerialize as YaSerializeTrait,
+    };
+    use yaserde_derive::{YaDeserialize, YaSerialize};
+    use std::collections::HashMap;
+    use crate::xml_utils::MaybeString;
+    pub struct Interfaces {
+        pub testraw: RawXml,
+        pub interfaces: HashMap<String, Interface>,
+    }
+    #[automatically_derived]
+    impl ::core::default::Default for Interfaces {
+        #[inline]
+        fn default() -> Interfaces {
+            Interfaces {
+                testraw: ::core::default::Default::default(),
+                interfaces: ::core::default::Default::default(),
+            }
+        }
+    }
+    #[automatically_derived]
+    impl ::core::marker::StructuralPartialEq for Interfaces {}
+    #[automatically_derived]
+    impl ::core::cmp::PartialEq for Interfaces {
+        #[inline]
+        fn eq(&self, other: &Interfaces) -> bool {
+            self.testraw == other.testraw && self.interfaces == other.interfaces
+        }
+    }
+    #[automatically_derived]
+    impl ::core::fmt::Debug for Interfaces {
+        #[inline]
+        fn fmt(&self, f: &mut ::core::fmt::Formatter) -> ::core::fmt::Result {
+            ::core::fmt::Formatter::debug_struct_field2_finish(
+                f,
+                "Interfaces",
+                "testraw",
+                &self.testraw,
+                "interfaces",
+                &&self.interfaces,
+            )
+        }
+    }
+    #[allow(non_upper_case_globals, unused_attributes, unused_qualifications)]
+    const _IMPL_YA_SERIALIZE_FOR_Interfaces: () = {
+        use ::std::str::FromStr as _;
+        impl ::yaserde::YaSerialize for Interfaces {
+            #[allow(unused_variables)]
+            fn serialize<W: ::std::io::Write>(
+                &self,
+                writer: &mut ::yaserde::ser::Serializer<W>,
+            ) -> ::std::result::Result<(), ::std::string::String> {
+                let skip = writer.skip_start_end();
+                if !false && !skip {
+                    let mut child_attributes = ::alloc::vec::Vec::new();
+                    let mut child_attributes_namespace = ::yaserde::__xml::namespace::Namespace::empty();
+                    let yaserde_label = writer
+                        .get_start_event_name()
+                        .unwrap_or_else(|| "Interfaces".to_string());
+                    let struct_start_event = ::yaserde::__xml::writer::XmlEvent::start_element(
+                        yaserde_label.as_ref(),
+                    );
+                    let event: ::yaserde::__xml::writer::events::XmlEvent = struct_start_event
+                        .into();
+                    if let ::yaserde::__xml::writer::events::XmlEvent::StartElement {
+                        name,
+                        attributes,
+                        namespace,
+                    } = event {
+                        let mut attributes: ::std::vec::Vec<
+                            ::yaserde::__xml::attribute::OwnedAttribute,
+                        > = attributes
+                            .into_owned()
+                            .to_vec()
+                            .iter()
+                            .map(|k| k.to_owned())
+                            .collect();
+                        attributes.extend(child_attributes);
+                        let all_attributes = attributes
+                            .iter()
+                            .map(|ca| ca.borrow())
+                            .collect();
+                        let mut all_namespaces = namespace.into_owned();
+                        all_namespaces.extend(&child_attributes_namespace);
+                        writer
+                            .write(::yaserde::__xml::writer::events::XmlEvent::StartElement {
+                                name,
+                                attributes: ::std::borrow::Cow::Owned(all_attributes),
+                                namespace: ::std::borrow::Cow::Owned(all_namespaces),
+                            })
+                            .map_err(|e| e.to_string())?;
+                    } else {
+                        ::core::panicking::panic(
+                            "internal error: entered unreachable code",
+                        )
+                    }
+                }
+                if !false {
+                    writer
+                        .set_start_event_name(
+                            ::std::option::Option::Some("testraw".to_string()),
+                        );
+                    writer.set_skip_start_end(false);
+                    ::yaserde::YaSerialize::serialize(&self.testraw, writer)?;
+                }
+                if !false {
+                    writer
+                        .set_start_event_name(
+                            ::std::option::Option::Some("interfaces".to_string()),
+                        );
+                    writer.set_skip_start_end(false);
+                    ::yaserde::YaSerialize::serialize(&self.interfaces, writer)?;
+                }
+                if !false && !skip {
+                    let struct_end_event = ::yaserde::__xml::writer::XmlEvent::end_element();
+                    writer.write(struct_end_event).map_err(|e| e.to_string())?;
+                }
+                ::std::result::Result::Ok(())
+            }
+            fn serialize_attributes(
+                &self,
+                mut source_attributes: ::std::vec::Vec<
+                    ::yaserde::__xml::attribute::OwnedAttribute,
+                >,
+                mut source_namespace: ::yaserde::__xml::namespace::Namespace,
+            ) -> ::std::result::Result<
+                (
+                    ::std::vec::Vec<::yaserde::__xml::attribute::OwnedAttribute>,
+                    ::yaserde::__xml::namespace::Namespace,
+                ),
+                ::std::string::String,
+            > {
+                let mut child_attributes = ::std::vec::Vec::<
+                    ::yaserde::__xml::attribute::OwnedAttribute,
+                >::new();
+                let mut child_attributes_namespace = ::yaserde::__xml::namespace::Namespace::empty();
+                let struct_start_event = ::yaserde::__xml::writer::XmlEvent::start_element(
+                    "temporary_element_to_generate_attributes",
+                );
+                let event: ::yaserde::__xml::writer::events::XmlEvent = struct_start_event
+                    .into();
+                if let ::yaserde::__xml::writer::events::XmlEvent::StartElement {
+                    attributes,
+                    namespace,
+                    ..
+                } = event {
+                    source_namespace.extend(&namespace.into_owned());
+                    source_namespace.extend(&child_attributes_namespace);
+                    let a: ::std::vec::Vec<
+                        ::yaserde::__xml::attribute::OwnedAttribute,
+                    > = attributes
+                        .into_owned()
+                        .to_vec()
+                        .iter()
+                        .map(|k| k.to_owned())
+                        .collect();
+                    source_attributes.extend(a);
+                    source_attributes.extend(child_attributes);
+                    ::std::result::Result::Ok((source_attributes, source_namespace))
+                } else {
+                    ::core::panicking::panic("internal error: entered unreachable code");
+                }
+            }
+        }
+    };
+    #[allow(non_upper_case_globals, unused_attributes, unused_qualifications)]
+    const _IMPL_YA_DESERIALIZE_FOR_Interfaces: () = {
+        use ::std::str::FromStr as _;
+        use ::yaserde::Visitor as _;
+        impl ::yaserde::YaDeserialize for Interfaces {
+            #[allow(unused_variables)]
+            fn deserialize<R: ::std::io::Read>(
+                reader: &mut ::yaserde::de::Deserializer<R>,
+            ) -> ::std::result::Result<Self, ::std::string::String> {
+                let (named_element, struct_namespace) = if let ::yaserde::__xml::reader::XmlEvent::StartElement {
+                    name,
+                    ..
+                } = reader.peek()?.to_owned()
+                {
+                    (name.local_name.to_owned(), name.namespace.clone())
+                } else {
+                    (
+                        ::std::string::String::from("Interfaces"),
+                        ::std::option::Option::None,
+                    )
+                };
+                let start_depth = reader.depth();
+                {
+                    let lvl = ::log::Level::Debug;
+                    if lvl <= ::log::STATIC_MAX_LEVEL && lvl <= ::log::max_level() {
+                        ::log::__private_api::log(
+                            format_args!(
+                                "Struct {0} @ {1}: start to parse {2:?}",
+                                "Interfaces",
+                                start_depth,
+                                named_element,
+                            ),
+                            lvl,
+                            &(
+                                "yaserde_derive",
+                                "opnsense_config_xml::data::interfaces",
+                                ::log::__private_api::loc(),
+                            ),
+                            (),
+                        );
+                    }
+                };
+                if reader.depth() == 0 {
+                    if let Some(namespace) = struct_namespace {
+                        match namespace.as_str() {
+                            bad_namespace => {
+                                let msg = ::alloc::__export::must_use({
+                                    let res = ::alloc::fmt::format(
+                                        format_args!(
+                                            "bad namespace for {0}, found {1}",
+                                            named_element,
+                                            bad_namespace,
+                                        ),
+                                    );
+                                    res
+                                });
+                                return Err(msg);
+                            }
+                        }
+                    }
+                }
+                #[allow(unused_mut)]
+                let mut __testraw_value: Option<RawXml> = None;
+                #[allow(unused_mut)]
+                let mut __interfaces_value: Option<HashMap<String, Interface>> = None;
+                let mut depth = 0;
+                loop {
+                    let event = reader.peek()?.to_owned();
+                    {
+                        let lvl = ::log::Level::Trace;
+                        if lvl <= ::log::STATIC_MAX_LEVEL && lvl <= ::log::max_level() {
+                            ::log::__private_api::log(
+                                format_args!(
+                                    "Struct {0} @ {1}: matching {2:?}",
+                                    "Interfaces",
+                                    start_depth,
+                                    event,
+                                ),
+                                lvl,
+                                &(
+                                    "yaserde_derive",
+                                    "opnsense_config_xml::data::interfaces",
+                                    ::log::__private_api::loc(),
+                                ),
+                                (),
+                            );
+                        }
+                    };
+                    match event {
+                        ::yaserde::__xml::reader::XmlEvent::StartElement {
+                            ref name,
+                            ref attributes,
+                            ..
+                        } => {
+                            let namespace = name.namespace.clone().unwrap_or_default();
+                            if depth == 0 && name.local_name == "Interfaces"
+                                && namespace.as_str() == ""
+                            {
+                                let event = reader.next_event()?;
+                            } else {
+                                match (namespace.as_str(), name.local_name.as_str()) {
+                                    ("", "testraw") => {
+                                        if depth == 0 {
+                                            let _root = reader.next_event();
+                                        }
+                                        {
+                                            let lvl = ::log::Level::Debug;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Looking at startElement"),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        {
+                                            let lvl = ::log::Level::Warn;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
+                                                    lvl,
+                                                    &(
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if let Ok(
+                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
+                                        ) = reader.peek()
+                                        {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!("Found start element ?? {0}", "RawXml"),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                            let value = <RawXml as ::yaserde::YaDeserialize>::deserialize(
+                                                reader,
+                                            )?;
+                                            __testraw_value = ::std::option::Option::Some(value);
+                                            let _event = reader.next_event()?;
+                                        } else {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "matching field type did not find substruct start element ? {0}",
+                                                            "RawXml",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                        }
+                                    }
+                                    ("", "interfaces") => {
+                                        if depth == 0 {
+                                            let _root = reader.next_event();
+                                        }
+                                        {
+                                            let lvl = ::log::Level::Debug;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Looking at startElement"),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        {
+                                            let lvl = ::log::Level::Warn;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
+                                                    lvl,
+                                                    &(
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if let Ok(
+                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
+                                        ) = reader.peek()
+                                        {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "Found start element ?? {0}",
+                                                            "HashMap < String, Interface >",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                            let value = <HashMap<
+                                                String,
+                                                Interface,
+                                            > as ::yaserde::YaDeserialize>::deserialize(reader)?;
+                                            __interfaces_value = ::std::option::Option::Some(value);
+                                            let _event = reader.next_event()?;
+                                        } else {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "matching field type did not find substruct start element ? {0}",
+                                                            "HashMap < String, Interface >",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                        }
+                                    }
+                                    _ => {
+                                        {
+                                            let lvl = ::log::Level::Trace;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Got StartElement {0:?}", name.local_name),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        let event = reader.next_event()?;
+                                        {
+                                            let lvl = ::log::Level::Trace;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Next event {0:?}", event),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if depth > 0 {
+                                            return Err(
+                                                ::alloc::__export::must_use({
+                                                    let res = ::alloc::fmt::format(
+                                                        format_args!(
+                                                            "Found unauthorized element {0}",
+                                                            name.local_name,
+                                                        ),
+                                                    );
+                                                    res
+                                                }),
+                                            );
+                                            reader.skip_element(|event| {})?;
+                                        }
+                                    }
+                                }
+                            }
+                            if depth == 0 {}
+                            depth += 1;
+                        }
+                        ::yaserde::__xml::reader::XmlEvent::EndElement { ref name } => {
+                            {
+                                let lvl = ::log::Level::Warn;
+                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                    && lvl <= ::log::max_level()
+                                {
+                                    ::log::__private_api::log(
+                                        format_args!("endElement {0}", named_element),
+                                        lvl,
+                                        &(
+                                            "opnsense_config_xml::data::interfaces",
+                                            "opnsense_config_xml::data::interfaces",
+                                            ::log::__private_api::loc(),
+                                        ),
+                                        (),
+                                    );
+                                }
+                            };
+                            if name.local_name == named_element
+                                && reader.depth() == start_depth + 1
+                            {
+                                break;
+                            }
+                            let event = reader.next_event()?;
+                            depth -= 1;
+                        }
+                        ::yaserde::__xml::reader::XmlEvent::EndDocument => {
+                            if false {
+                                break;
+                            }
+                        }
+                        ::yaserde::__xml::reader::XmlEvent::Characters(
+                            ref text_content,
+                        ) => {
+                            let event = reader.next_event()?;
+                        }
+                        event => {
+                            return ::std::result::Result::Err(
+                                ::alloc::__export::must_use({
+                                    let res = ::alloc::fmt::format(
+                                        format_args!("unknown event {0:?}", event),
+                                    );
+                                    res
+                                }),
+                            );
+                        }
+                    }
+                }
+                {
+                    let lvl = ::log::Level::Debug;
+                    if lvl <= ::log::STATIC_MAX_LEVEL && lvl <= ::log::max_level() {
+                        ::log::__private_api::log(
+                            format_args!(
+                                "Struct {0} @ {1}: success",
+                                "Interfaces",
+                                start_depth,
+                            ),
+                            lvl,
+                            &(
+                                "yaserde_derive",
+                                "opnsense_config_xml::data::interfaces",
+                                ::log::__private_api::loc(),
+                            ),
+                            (),
+                        );
+                    }
+                };
+                ::std::result::Result::Ok(Interfaces {
+                    testraw: __testraw_value
+                        .ok_or_else(|| {
+                            "testraw is a required field of Interfaces".to_string()
+                        })?,
+                    interfaces: __interfaces_value
+                        .ok_or_else(|| {
+                            "interfaces is a required field of Interfaces".to_string()
+                        })?,
+                })
+            }
+        }
+    };
+    pub struct Interface {
+        #[yaserde(rename = "if")]
+        pub physical_interface_name: String,
+        pub descr: String,
+        pub enable: MaybeString,
+        #[yaserde(rename = "spoofmac")]
+        pub spoof_mac: Option<MaybeString>,
+        pub internal_dynamic: Option<MaybeString>,
+        pub ipaddr: Option<MaybeString>,
+        #[yaserde(rename = "blockpriv")]
+        pub block_priv: Option<MaybeString>,
+        #[yaserde(rename = "blockbogons")]
+        pub block_bogons: Option<MaybeString>,
+        pub lock: Option<MaybeString>,
+        #[yaserde(rename = "type")]
+        pub r#type: Option<MaybeString>,
+        #[yaserde(rename = "virtual")]
+        pub r#virtual: Option<MaybeString>,
+        pub subnet: Option<MaybeString>,
+        pub networks: Option<MaybeString>,
+        pub subnetv6: Option<MaybeString>,
+        pub ipaddrv6: Option<MaybeString>,
+        #[yaserde(rename = "track6-interface")]
+        pub track6_interface: Option<MaybeString>,
+        #[yaserde(rename = "track6-prefix-id")]
+        pub track6_prefix_id: Option<MaybeString>,
+    }
+    #[automatically_derived]
+    impl ::core::default::Default for Interface {
+        #[inline]
+        fn default() -> Interface {
+            Interface {
+                physical_interface_name: ::core::default::Default::default(),
+                descr: ::core::default::Default::default(),
+                enable: ::core::default::Default::default(),
+                spoof_mac: ::core::default::Default::default(),
+                internal_dynamic: ::core::default::Default::default(),
+                ipaddr: ::core::default::Default::default(),
+                block_priv: ::core::default::Default::default(),
+                block_bogons: ::core::default::Default::default(),
+                lock: ::core::default::Default::default(),
+                r#type: ::core::default::Default::default(),
+                r#virtual: ::core::default::Default::default(),
+                subnet: ::core::default::Default::default(),
+                networks: ::core::default::Default::default(),
+                subnetv6: ::core::default::Default::default(),
+                ipaddrv6: ::core::default::Default::default(),
+                track6_interface: ::core::default::Default::default(),
+                track6_prefix_id: ::core::default::Default::default(),
+            }
+        }
+    }
+    #[automatically_derived]
+    impl ::core::marker::StructuralPartialEq for Interface {}
+    #[automatically_derived]
+    impl ::core::cmp::PartialEq for Interface {
+        #[inline]
+        fn eq(&self, other: &Interface) -> bool {
+            self.physical_interface_name == other.physical_interface_name
+                && self.descr == other.descr && self.enable == other.enable
+                && self.spoof_mac == other.spoof_mac
+                && self.internal_dynamic == other.internal_dynamic
+                && self.ipaddr == other.ipaddr && self.block_priv == other.block_priv
+                && self.block_bogons == other.block_bogons && self.lock == other.lock
+                && self.r#type == other.r#type && self.r#virtual == other.r#virtual
+                && self.subnet == other.subnet && self.networks == other.networks
+                && self.subnetv6 == other.subnetv6 && self.ipaddrv6 == other.ipaddrv6
+                && self.track6_interface == other.track6_interface
+                && self.track6_prefix_id == other.track6_prefix_id
+        }
+    }
+    #[automatically_derived]
+    impl ::core::fmt::Debug for Interface {
+        #[inline]
+        fn fmt(&self, f: &mut ::core::fmt::Formatter) -> ::core::fmt::Result {
+            let names: &'static _ = &[
+                "physical_interface_name",
+                "descr",
+                "enable",
+                "spoof_mac",
+                "internal_dynamic",
+                "ipaddr",
+                "block_priv",
+                "block_bogons",
+                "lock",
+                "type",
+                "virtual",
+                "subnet",
+                "networks",
+                "subnetv6",
+                "ipaddrv6",
+                "track6_interface",
+                "track6_prefix_id",
+            ];
+            let values: &[&dyn ::core::fmt::Debug] = &[
+                &self.physical_interface_name,
+                &self.descr,
+                &self.enable,
+                &self.spoof_mac,
+                &self.internal_dynamic,
+                &self.ipaddr,
+                &self.block_priv,
+                &self.block_bogons,
+                &self.lock,
+                &self.r#type,
+                &self.r#virtual,
+                &self.subnet,
+                &self.networks,
+                &self.subnetv6,
+                &self.ipaddrv6,
+                &self.track6_interface,
+                &&self.track6_prefix_id,
+            ];
+            ::core::fmt::Formatter::debug_struct_fields_finish(
+                f,
+                "Interface",
+                names,
+                values,
+            )
+        }
+    }
+    #[allow(non_upper_case_globals, unused_attributes, unused_qualifications)]
+    const _IMPL_YA_DESERIALIZE_FOR_Interface: () = {
+        use ::std::str::FromStr as _;
+        use ::yaserde::Visitor as _;
+        impl ::yaserde::YaDeserialize for Interface {
+            #[allow(unused_variables)]
+            fn deserialize<R: ::std::io::Read>(
+                reader: &mut ::yaserde::de::Deserializer<R>,
+            ) -> ::std::result::Result<Self, ::std::string::String> {
+                let (named_element, struct_namespace) = if let ::yaserde::__xml::reader::XmlEvent::StartElement {
+                    name,
+                    ..
+                } = reader.peek()?.to_owned()
+                {
+                    (name.local_name.to_owned(), name.namespace.clone())
+                } else {
+                    (
+                        ::std::string::String::from("Interface"),
+                        ::std::option::Option::None,
+                    )
+                };
+                let start_depth = reader.depth();
+                {
+                    let lvl = ::log::Level::Debug;
+                    if lvl <= ::log::STATIC_MAX_LEVEL && lvl <= ::log::max_level() {
+                        ::log::__private_api::log(
+                            format_args!(
+                                "Struct {0} @ {1}: start to parse {2:?}",
+                                "Interface",
+                                start_depth,
+                                named_element,
+                            ),
+                            lvl,
+                            &(
+                                "yaserde_derive",
+                                "opnsense_config_xml::data::interfaces",
+                                ::log::__private_api::loc(),
+                            ),
+                            (),
+                        );
+                    }
+                };
+                if reader.depth() == 0 {
+                    if let Some(namespace) = struct_namespace {
+                        match namespace.as_str() {
+                            bad_namespace => {
+                                let msg = ::alloc::__export::must_use({
+                                    let res = ::alloc::fmt::format(
+                                        format_args!(
+                                            "bad namespace for {0}, found {1}",
+                                            named_element,
+                                            bad_namespace,
+                                        ),
+                                    );
+                                    res
+                                });
+                                return Err(msg);
+                            }
+                        }
+                    }
+                }
+                #[allow(unused_mut)]
+                let mut __physical_interface_name_value: Option<::std::string::String> = None;
+                #[allow(unused_mut)]
+                let mut __descr_value: Option<::std::string::String> = None;
+                #[allow(unused_mut)]
+                let mut __enable_value: Option<MaybeString> = None;
+                #[allow(unused_mut)]
+                let mut __spoof_mac_value = None;
+                #[allow(unused_mut)]
+                let mut __internal_dynamic_value = None;
+                #[allow(unused_mut)]
+                let mut __ipaddr_value = None;
+                #[allow(unused_mut)]
+                let mut __block_priv_value = None;
+                #[allow(unused_mut)]
+                let mut __block_bogons_value = None;
+                #[allow(unused_mut)]
+                let mut __lock_value = None;
+                #[allow(unused_mut)]
+                let mut __type_value = None;
+                #[allow(unused_mut)]
+                let mut __virtual_value = None;
+                #[allow(unused_mut)]
+                let mut __subnet_value = None;
+                #[allow(unused_mut)]
+                let mut __networks_value = None;
+                #[allow(unused_mut)]
+                let mut __subnetv6_value = None;
+                #[allow(unused_mut)]
+                let mut __ipaddrv6_value = None;
+                #[allow(unused_mut)]
+                let mut __track6_interface_value = None;
+                #[allow(unused_mut)]
+                let mut __track6_prefix_id_value = None;
+                #[allow(non_snake_case, non_camel_case_types)]
+                struct __Visitor_If_;
+                impl<'de> ::yaserde::Visitor<'de> for __Visitor_If_ {
+                    type Value = ::std::string::String;
+                    fn visit_str(
+                        self,
+                        v: &str,
+                    ) -> ::std::result::Result<Self::Value, ::std::string::String> {
+                        ::std::string::String::from_str(v).map_err(|e| e.to_string())
+                    }
+                }
+                #[allow(non_snake_case, non_camel_case_types)]
+                struct __Visitor_Descr_;
+                impl<'de> ::yaserde::Visitor<'de> for __Visitor_Descr_ {
+                    type Value = ::std::string::String;
+                    fn visit_str(
+                        self,
+                        v: &str,
+                    ) -> ::std::result::Result<Self::Value, ::std::string::String> {
+                        ::std::string::String::from_str(v).map_err(|e| e.to_string())
+                    }
+                }
+                let mut depth = 0;
+                loop {
+                    let event = reader.peek()?.to_owned();
+                    {
+                        let lvl = ::log::Level::Trace;
+                        if lvl <= ::log::STATIC_MAX_LEVEL && lvl <= ::log::max_level() {
+                            ::log::__private_api::log(
+                                format_args!(
+                                    "Struct {0} @ {1}: matching {2:?}",
+                                    "Interface",
+                                    start_depth,
+                                    event,
+                                ),
+                                lvl,
+                                &(
+                                    "yaserde_derive",
+                                    "opnsense_config_xml::data::interfaces",
+                                    ::log::__private_api::loc(),
+                                ),
+                                (),
+                            );
+                        }
+                    };
+                    match event {
+                        ::yaserde::__xml::reader::XmlEvent::StartElement {
+                            ref name,
+                            ref attributes,
+                            ..
+                        } => {
+                            let namespace = name.namespace.clone().unwrap_or_default();
+                            if depth == 0 && name.local_name == "Interface"
+                                && namespace.as_str() == ""
+                            {
+                                let event = reader.next_event()?;
+                            } else {
+                                match (namespace.as_str(), name.local_name.as_str()) {
+                                    ("", "if") => {
+                                        let visitor = __Visitor_If_ {};
+                                        if let Some(namespace) = name.namespace.as_ref() {
+                                            match namespace.as_str() {
+                                                bad_namespace => {
+                                                    let msg = ::alloc::__export::must_use({
+                                                        let res = ::alloc::fmt::format(
+                                                            format_args!(
+                                                                "bad namespace for {0}, found {1}",
+                                                                name.local_name.as_str(),
+                                                                bad_namespace,
+                                                            ),
+                                                        );
+                                                        res
+                                                    });
+                                                    return Err(msg);
+                                                }
+                                            }
+                                        }
+                                        let result = reader
+                                            .read_inner_value::<
+                                                ::std::string::String,
+                                                _,
+                                            >(|reader| {
+                                                if let ::std::result::Result::Ok(
+                                                    ::yaserde::__xml::reader::XmlEvent::Characters(s),
+                                                ) = reader.peek()
+                                                {
+                                                    let val = visitor.visit_str(&s);
+                                                    let _event = reader.next_event()?;
+                                                    val
+                                                } else {
+                                                    ::std::result::Result::Err(
+                                                        ::alloc::__export::must_use({
+                                                            let res = ::alloc::fmt::format(
+                                                                format_args!("unable to parse content for {0}", "if"),
+                                                            );
+                                                            res
+                                                        }),
+                                                    )
+                                                }
+                                            });
+                                        if let ::std::result::Result::Ok(value) = result {
+                                            __physical_interface_name_value = ::std::option::Option::Some(
+                                                value,
+                                            );
+                                        }
+                                    }
+                                    ("", "descr") => {
+                                        let visitor = __Visitor_Descr_ {};
+                                        if let Some(namespace) = name.namespace.as_ref() {
+                                            match namespace.as_str() {
+                                                bad_namespace => {
+                                                    let msg = ::alloc::__export::must_use({
+                                                        let res = ::alloc::fmt::format(
+                                                            format_args!(
+                                                                "bad namespace for {0}, found {1}",
+                                                                name.local_name.as_str(),
+                                                                bad_namespace,
+                                                            ),
+                                                        );
+                                                        res
+                                                    });
+                                                    return Err(msg);
+                                                }
+                                            }
+                                        }
+                                        let result = reader
+                                            .read_inner_value::<
+                                                ::std::string::String,
+                                                _,
+                                            >(|reader| {
+                                                if let ::std::result::Result::Ok(
+                                                    ::yaserde::__xml::reader::XmlEvent::Characters(s),
+                                                ) = reader.peek()
+                                                {
+                                                    let val = visitor.visit_str(&s);
+                                                    let _event = reader.next_event()?;
+                                                    val
+                                                } else {
+                                                    ::std::result::Result::Err(
+                                                        ::alloc::__export::must_use({
+                                                            let res = ::alloc::fmt::format(
+                                                                format_args!("unable to parse content for {0}", "descr"),
+                                                            );
+                                                            res
+                                                        }),
+                                                    )
+                                                }
+                                            });
+                                        if let ::std::result::Result::Ok(value) = result {
+                                            __descr_value = ::std::option::Option::Some(value);
+                                        }
+                                    }
+                                    ("", "enable") => {
+                                        if depth == 0 {
+                                            let _root = reader.next_event();
+                                        }
+                                        {
+                                            let lvl = ::log::Level::Debug;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Looking at startElement"),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        {
+                                            let lvl = ::log::Level::Warn;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
+                                                    lvl,
+                                                    &(
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if let Ok(
+                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
+                                        ) = reader.peek()
+                                        {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!("Found start element ?? {0}", "MaybeString"),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                            let value = <MaybeString as ::yaserde::YaDeserialize>::deserialize(
+                                                reader,
+                                            )?;
+                                            __enable_value = ::std::option::Option::Some(value);
+                                            let _event = reader.next_event()?;
+                                        } else {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "matching field type did not find substruct start element ? {0}",
+                                                            "MaybeString",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                        }
+                                    }
+                                    ("", "spoofmac") => {
+                                        if depth == 0 {
+                                            let _root = reader.next_event();
+                                        }
+                                        {
+                                            let lvl = ::log::Level::Debug;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Looking at startElement"),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        {
+                                            let lvl = ::log::Level::Warn;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
+                                                    lvl,
+                                                    &(
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if let Ok(
+                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
+                                        ) = reader.peek()
+                                        {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!("Found start element ?? {0}", "MaybeString"),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                            let value = <MaybeString as ::yaserde::YaDeserialize>::deserialize(
+                                                reader,
+                                            )?;
+                                            __spoof_mac_value = ::std::option::Option::Some(value);
+                                            let _event = reader.next_event()?;
+                                        } else {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "matching field type did not find substruct start element ? {0}",
+                                                            "MaybeString",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                        }
+                                    }
+                                    ("", "internal_dynamic") => {
+                                        if depth == 0 {
+                                            let _root = reader.next_event();
+                                        }
+                                        {
+                                            let lvl = ::log::Level::Debug;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Looking at startElement"),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        {
+                                            let lvl = ::log::Level::Warn;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
+                                                    lvl,
+                                                    &(
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if let Ok(
+                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
+                                        ) = reader.peek()
+                                        {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!("Found start element ?? {0}", "MaybeString"),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                            let value = <MaybeString as ::yaserde::YaDeserialize>::deserialize(
+                                                reader,
+                                            )?;
+                                            __internal_dynamic_value = ::std::option::Option::Some(
+                                                value,
+                                            );
+                                            let _event = reader.next_event()?;
+                                        } else {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "matching field type did not find substruct start element ? {0}",
+                                                            "MaybeString",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                        }
+                                    }
+                                    ("", "ipaddr") => {
+                                        if depth == 0 {
+                                            let _root = reader.next_event();
+                                        }
+                                        {
+                                            let lvl = ::log::Level::Debug;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Looking at startElement"),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        {
+                                            let lvl = ::log::Level::Warn;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
+                                                    lvl,
+                                                    &(
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if let Ok(
+                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
+                                        ) = reader.peek()
+                                        {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!("Found start element ?? {0}", "MaybeString"),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                            let value = <MaybeString as ::yaserde::YaDeserialize>::deserialize(
+                                                reader,
+                                            )?;
+                                            __ipaddr_value = ::std::option::Option::Some(value);
+                                            let _event = reader.next_event()?;
+                                        } else {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "matching field type did not find substruct start element ? {0}",
+                                                            "MaybeString",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                        }
+                                    }
+                                    ("", "blockpriv") => {
+                                        if depth == 0 {
+                                            let _root = reader.next_event();
+                                        }
+                                        {
+                                            let lvl = ::log::Level::Debug;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Looking at startElement"),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        {
+                                            let lvl = ::log::Level::Warn;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
+                                                    lvl,
+                                                    &(
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if let Ok(
+                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
+                                        ) = reader.peek()
+                                        {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!("Found start element ?? {0}", "MaybeString"),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                            let value = <MaybeString as ::yaserde::YaDeserialize>::deserialize(
+                                                reader,
+                                            )?;
+                                            __block_priv_value = ::std::option::Option::Some(value);
+                                            let _event = reader.next_event()?;
+                                        } else {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "matching field type did not find substruct start element ? {0}",
+                                                            "MaybeString",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                        }
+                                    }
+                                    ("", "blockbogons") => {
+                                        if depth == 0 {
+                                            let _root = reader.next_event();
+                                        }
+                                        {
+                                            let lvl = ::log::Level::Debug;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Looking at startElement"),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        {
+                                            let lvl = ::log::Level::Warn;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
+                                                    lvl,
+                                                    &(
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if let Ok(
+                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
+                                        ) = reader.peek()
+                                        {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!("Found start element ?? {0}", "MaybeString"),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                            let value = <MaybeString as ::yaserde::YaDeserialize>::deserialize(
+                                                reader,
+                                            )?;
+                                            __block_bogons_value = ::std::option::Option::Some(value);
+                                            let _event = reader.next_event()?;
+                                        } else {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "matching field type did not find substruct start element ? {0}",
+                                                            "MaybeString",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                        }
+                                    }
+                                    ("", "lock") => {
+                                        if depth == 0 {
+                                            let _root = reader.next_event();
+                                        }
+                                        {
+                                            let lvl = ::log::Level::Debug;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Looking at startElement"),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        {
+                                            let lvl = ::log::Level::Warn;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
+                                                    lvl,
+                                                    &(
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if let Ok(
+                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
+                                        ) = reader.peek()
+                                        {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!("Found start element ?? {0}", "MaybeString"),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                            let value = <MaybeString as ::yaserde::YaDeserialize>::deserialize(
+                                                reader,
+                                            )?;
+                                            __lock_value = ::std::option::Option::Some(value);
+                                            let _event = reader.next_event()?;
+                                        } else {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "matching field type did not find substruct start element ? {0}",
+                                                            "MaybeString",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                        }
+                                    }
+                                    ("", "type") => {
+                                        if depth == 0 {
+                                            let _root = reader.next_event();
+                                        }
+                                        {
+                                            let lvl = ::log::Level::Debug;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Looking at startElement"),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        {
+                                            let lvl = ::log::Level::Warn;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
+                                                    lvl,
+                                                    &(
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if let Ok(
+                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
+                                        ) = reader.peek()
+                                        {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!("Found start element ?? {0}", "MaybeString"),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                            let value = <MaybeString as ::yaserde::YaDeserialize>::deserialize(
+                                                reader,
+                                            )?;
+                                            __type_value = ::std::option::Option::Some(value);
+                                            let _event = reader.next_event()?;
+                                        } else {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "matching field type did not find substruct start element ? {0}",
+                                                            "MaybeString",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                        }
+                                    }
+                                    ("", "virtual") => {
+                                        if depth == 0 {
+                                            let _root = reader.next_event();
+                                        }
+                                        {
+                                            let lvl = ::log::Level::Debug;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Looking at startElement"),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        {
+                                            let lvl = ::log::Level::Warn;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
+                                                    lvl,
+                                                    &(
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if let Ok(
+                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
+                                        ) = reader.peek()
+                                        {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!("Found start element ?? {0}", "MaybeString"),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                            let value = <MaybeString as ::yaserde::YaDeserialize>::deserialize(
+                                                reader,
+                                            )?;
+                                            __virtual_value = ::std::option::Option::Some(value);
+                                            let _event = reader.next_event()?;
+                                        } else {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "matching field type did not find substruct start element ? {0}",
+                                                            "MaybeString",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                        }
+                                    }
+                                    ("", "subnet") => {
+                                        if depth == 0 {
+                                            let _root = reader.next_event();
+                                        }
+                                        {
+                                            let lvl = ::log::Level::Debug;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Looking at startElement"),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        {
+                                            let lvl = ::log::Level::Warn;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
+                                                    lvl,
+                                                    &(
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if let Ok(
+                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
+                                        ) = reader.peek()
+                                        {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!("Found start element ?? {0}", "MaybeString"),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                            let value = <MaybeString as ::yaserde::YaDeserialize>::deserialize(
+                                                reader,
+                                            )?;
+                                            __subnet_value = ::std::option::Option::Some(value);
+                                            let _event = reader.next_event()?;
+                                        } else {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "matching field type did not find substruct start element ? {0}",
+                                                            "MaybeString",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                        }
+                                    }
+                                    ("", "networks") => {
+                                        if depth == 0 {
+                                            let _root = reader.next_event();
+                                        }
+                                        {
+                                            let lvl = ::log::Level::Debug;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Looking at startElement"),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        {
+                                            let lvl = ::log::Level::Warn;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
+                                                    lvl,
+                                                    &(
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if let Ok(
+                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
+                                        ) = reader.peek()
+                                        {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!("Found start element ?? {0}", "MaybeString"),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                            let value = <MaybeString as ::yaserde::YaDeserialize>::deserialize(
+                                                reader,
+                                            )?;
+                                            __networks_value = ::std::option::Option::Some(value);
+                                            let _event = reader.next_event()?;
+                                        } else {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "matching field type did not find substruct start element ? {0}",
+                                                            "MaybeString",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                        }
+                                    }
+                                    ("", "subnetv6") => {
+                                        if depth == 0 {
+                                            let _root = reader.next_event();
+                                        }
+                                        {
+                                            let lvl = ::log::Level::Debug;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Looking at startElement"),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        {
+                                            let lvl = ::log::Level::Warn;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
+                                                    lvl,
+                                                    &(
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if let Ok(
+                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
+                                        ) = reader.peek()
+                                        {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!("Found start element ?? {0}", "MaybeString"),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                            let value = <MaybeString as ::yaserde::YaDeserialize>::deserialize(
+                                                reader,
+                                            )?;
+                                            __subnetv6_value = ::std::option::Option::Some(value);
+                                            let _event = reader.next_event()?;
+                                        } else {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "matching field type did not find substruct start element ? {0}",
+                                                            "MaybeString",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                        }
+                                    }
+                                    ("", "ipaddrv6") => {
+                                        if depth == 0 {
+                                            let _root = reader.next_event();
+                                        }
+                                        {
+                                            let lvl = ::log::Level::Debug;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Looking at startElement"),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        {
+                                            let lvl = ::log::Level::Warn;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
+                                                    lvl,
+                                                    &(
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if let Ok(
+                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
+                                        ) = reader.peek()
+                                        {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!("Found start element ?? {0}", "MaybeString"),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                            let value = <MaybeString as ::yaserde::YaDeserialize>::deserialize(
+                                                reader,
+                                            )?;
+                                            __ipaddrv6_value = ::std::option::Option::Some(value);
+                                            let _event = reader.next_event()?;
+                                        } else {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "matching field type did not find substruct start element ? {0}",
+                                                            "MaybeString",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                        }
+                                    }
+                                    ("", "track6-interface") => {
+                                        if depth == 0 {
+                                            let _root = reader.next_event();
+                                        }
+                                        {
+                                            let lvl = ::log::Level::Debug;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Looking at startElement"),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        {
+                                            let lvl = ::log::Level::Warn;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
+                                                    lvl,
+                                                    &(
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if let Ok(
+                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
+                                        ) = reader.peek()
+                                        {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!("Found start element ?? {0}", "MaybeString"),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                            let value = <MaybeString as ::yaserde::YaDeserialize>::deserialize(
+                                                reader,
+                                            )?;
+                                            __track6_interface_value = ::std::option::Option::Some(
+                                                value,
+                                            );
+                                            let _event = reader.next_event()?;
+                                        } else {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "matching field type did not find substruct start element ? {0}",
+                                                            "MaybeString",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                        }
+                                    }
+                                    ("", "track6-prefix-id") => {
+                                        if depth == 0 {
+                                            let _root = reader.next_event();
+                                        }
+                                        {
+                                            let lvl = ::log::Level::Debug;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Looking at startElement"),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        {
+                                            let lvl = ::log::Level::Warn;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
+                                                    lvl,
+                                                    &(
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if let Ok(
+                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
+                                        ) = reader.peek()
+                                        {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!("Found start element ?? {0}", "MaybeString"),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                            let value = <MaybeString as ::yaserde::YaDeserialize>::deserialize(
+                                                reader,
+                                            )?;
+                                            __track6_prefix_id_value = ::std::option::Option::Some(
+                                                value,
+                                            );
+                                            let _event = reader.next_event()?;
+                                        } else {
+                                            {
+                                                let lvl = ::log::Level::Warn;
+                                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                                    && lvl <= ::log::max_level()
+                                                {
+                                                    ::log::__private_api::log(
+                                                        format_args!(
+                                                            "matching field type did not find substruct start element ? {0}",
+                                                            "MaybeString",
+                                                        ),
+                                                        lvl,
+                                                        &(
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            "opnsense_config_xml::data::interfaces",
+                                                            ::log::__private_api::loc(),
+                                                        ),
+                                                        (),
+                                                    );
+                                                }
+                                            };
+                                        }
+                                    }
+                                    _ => {
+                                        {
+                                            let lvl = ::log::Level::Trace;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Got StartElement {0:?}", name.local_name),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        let event = reader.next_event()?;
+                                        {
+                                            let lvl = ::log::Level::Trace;
+                                            if lvl <= ::log::STATIC_MAX_LEVEL
+                                                && lvl <= ::log::max_level()
+                                            {
+                                                ::log::__private_api::log(
+                                                    format_args!("Next event {0:?}", event),
+                                                    lvl,
+                                                    &(
+                                                        "yaserde_derive",
+                                                        "opnsense_config_xml::data::interfaces",
+                                                        ::log::__private_api::loc(),
+                                                    ),
+                                                    (),
+                                                );
+                                            }
+                                        };
+                                        if depth > 0 {
+                                            return Err(
+                                                ::alloc::__export::must_use({
+                                                    let res = ::alloc::fmt::format(
+                                                        format_args!(
+                                                            "Found unauthorized element {0}",
+                                                            name.local_name,
+                                                        ),
+                                                    );
+                                                    res
+                                                }),
+                                            );
+                                            reader.skip_element(|event| {})?;
+                                        }
+                                    }
+                                }
+                            }
+                            if depth == 0 {}
+                            depth += 1;
+                        }
+                        ::yaserde::__xml::reader::XmlEvent::EndElement { ref name } => {
+                            {
+                                let lvl = ::log::Level::Warn;
+                                if lvl <= ::log::STATIC_MAX_LEVEL
+                                    && lvl <= ::log::max_level()
+                                {
+                                    ::log::__private_api::log(
+                                        format_args!("endElement {0}", named_element),
+                                        lvl,
+                                        &(
+                                            "opnsense_config_xml::data::interfaces",
+                                            "opnsense_config_xml::data::interfaces",
+                                            ::log::__private_api::loc(),
+                                        ),
+                                        (),
+                                    );
+                                }
+                            };
+                            if name.local_name == named_element
+                                && reader.depth() == start_depth + 1
+                            {
+                                break;
+                            }
+                            let event = reader.next_event()?;
+                            depth -= 1;
+                        }
+                        ::yaserde::__xml::reader::XmlEvent::EndDocument => {
+                            if false {
+                                break;
+                            }
+                        }
+                        ::yaserde::__xml::reader::XmlEvent::Characters(
+                            ref text_content,
+                        ) => {
+                            let event = reader.next_event()?;
+                        }
+                        event => {
+                            return ::std::result::Result::Err(
+                                ::alloc::__export::must_use({
+                                    let res = ::alloc::fmt::format(
+                                        format_args!("unknown event {0:?}", event),
+                                    );
+                                    res
+                                }),
+                            );
+                        }
+                    }
+                }
+                {
+                    let lvl = ::log::Level::Debug;
+                    if lvl <= ::log::STATIC_MAX_LEVEL && lvl <= ::log::max_level() {
+                        ::log::__private_api::log(
+                            format_args!(
+                                "Struct {0} @ {1}: success",
+                                "Interface",
+                                start_depth,
+                            ),
+                            lvl,
+                            &(
+                                "yaserde_derive",
+                                "opnsense_config_xml::data::interfaces",
+                                ::log::__private_api::loc(),
+                            ),
+                            (),
+                        );
+                    }
+                };
+                ::std::result::Result::Ok(Interface {
+                    physical_interface_name: __physical_interface_name_value
+                        .ok_or_else(|| {
+                            "physical_interface_name is a required field of Interface"
+                                .to_string()
+                        })?,
+                    descr: __descr_value
+                        .ok_or_else(|| {
+                            "descr is a required field of Interface".to_string()
+                        })?,
+                    enable: __enable_value
+                        .ok_or_else(|| {
+                            "enable is a required field of Interface".to_string()
+                        })?,
+                    spoof_mac: __spoof_mac_value,
+                    internal_dynamic: __internal_dynamic_value,
+                    ipaddr: __ipaddr_value,
+                    block_priv: __block_priv_value,
+                    block_bogons: __block_bogons_value,
+                    lock: __lock_value,
+                    r#type: __type_value,
+                    r#virtual: __virtual_value,
+                    subnet: __subnet_value,
+                    networks: __networks_value,
+                    subnetv6: __subnetv6_value,
+                    ipaddrv6: __ipaddrv6_value,
+                    track6_interface: __track6_interface_value,
+                    track6_prefix_id: __track6_prefix_id_value,
+                })
+            }
+        }
+    };
+    #[allow(non_upper_case_globals, unused_attributes, unused_qualifications)]
+    const _IMPL_YA_SERIALIZE_FOR_Interface: () = {
+        use ::std::str::FromStr as _;
+        impl ::yaserde::YaSerialize for Interface {
+            #[allow(unused_variables)]
+            fn serialize<W: ::std::io::Write>(
+                &self,
+                writer: &mut ::yaserde::ser::Serializer<W>,
+            ) -> ::std::result::Result<(), ::std::string::String> {
+                let skip = writer.skip_start_end();
+                if !false && !skip {
+                    let mut child_attributes = ::alloc::vec::Vec::new();
+                    let mut child_attributes_namespace = ::yaserde::__xml::namespace::Namespace::empty();
+                    let yaserde_label = writer
+                        .get_start_event_name()
+                        .unwrap_or_else(|| "Interface".to_string());
+                    let struct_start_event = ::yaserde::__xml::writer::XmlEvent::start_element(
+                        yaserde_label.as_ref(),
+                    );
+                    let event: ::yaserde::__xml::writer::events::XmlEvent = struct_start_event
+                        .into();
+                    if let ::yaserde::__xml::writer::events::XmlEvent::StartElement {
+                        name,
+                        attributes,
+                        namespace,
+                    } = event {
+                        let mut attributes: ::std::vec::Vec<
+                            ::yaserde::__xml::attribute::OwnedAttribute,
+                        > = attributes
+                            .into_owned()
+                            .to_vec()
+                            .iter()
+                            .map(|k| k.to_owned())
+                            .collect();
+                        attributes.extend(child_attributes);
+                        let all_attributes = attributes
+                            .iter()
+                            .map(|ca| ca.borrow())
+                            .collect();
+                        let mut all_namespaces = namespace.into_owned();
+                        all_namespaces.extend(&child_attributes_namespace);
+                        writer
+                            .write(::yaserde::__xml::writer::events::XmlEvent::StartElement {
+                                name,
+                                attributes: ::std::borrow::Cow::Owned(all_attributes),
+                                namespace: ::std::borrow::Cow::Owned(all_namespaces),
+                            })
+                            .map_err(|e| e.to_string())?;
+                    } else {
+                        ::core::panicking::panic(
+                            "internal error: entered unreachable code",
+                        )
+                    }
+                }
+                if !false {
+                    let start_event = ::yaserde::__xml::writer::XmlEvent::start_element(
+                        "if",
+                    );
+                    writer.write(start_event).map_err(|e| e.to_string())?;
+                    let yaserde_value = ::alloc::__export::must_use({
+                        let res = ::alloc::fmt::format(
+                            format_args!("{0}", self.physical_interface_name),
+                        );
+                        res
+                    });
+                    let data_event = ::yaserde::__xml::writer::XmlEvent::characters(
+                        &yaserde_value,
+                    );
+                    writer.write(data_event).map_err(|e| e.to_string())?;
+                    let end_event = ::yaserde::__xml::writer::XmlEvent::end_element();
+                    writer.write(end_event).map_err(|e| e.to_string())?;
+                }
+                if !false {
+                    let start_event = ::yaserde::__xml::writer::XmlEvent::start_element(
+                        "descr",
+                    );
+                    writer.write(start_event).map_err(|e| e.to_string())?;
+                    let yaserde_value = ::alloc::__export::must_use({
+                        let res = ::alloc::fmt::format(format_args!("{0}", self.descr));
+                        res
+                    });
+                    let data_event = ::yaserde::__xml::writer::XmlEvent::characters(
+                        &yaserde_value,
+                    );
+                    writer.write(data_event).map_err(|e| e.to_string())?;
+                    let end_event = ::yaserde::__xml::writer::XmlEvent::end_element();
+                    writer.write(end_event).map_err(|e| e.to_string())?;
+                }
+                if !false {
+                    writer
+                        .set_start_event_name(
+                            ::std::option::Option::Some("enable".to_string()),
+                        );
+                    writer.set_skip_start_end(false);
+                    ::yaserde::YaSerialize::serialize(&self.enable, writer)?;
+                }
+                if !false {
+                    if let ::std::option::Option::Some(ref item) = &self.spoof_mac {
+                        writer
+                            .set_start_event_name(
+                                ::std::option::Option::Some("spoofmac".to_string()),
+                            );
+                        writer.set_skip_start_end(false);
+                        ::yaserde::YaSerialize::serialize(item, writer)?;
+                    }
+                }
+                if !false {
+                    if let ::std::option::Option::Some(ref item) = &self.internal_dynamic
+                    {
+                        writer
+                            .set_start_event_name(
+                                ::std::option::Option::Some("internal_dynamic".to_string()),
+                            );
+                        writer.set_skip_start_end(false);
+                        ::yaserde::YaSerialize::serialize(item, writer)?;
+                    }
+                }
+                if !false {
+                    if let ::std::option::Option::Some(ref item) = &self.ipaddr {
+                        writer
+                            .set_start_event_name(
+                                ::std::option::Option::Some("ipaddr".to_string()),
+                            );
+                        writer.set_skip_start_end(false);
+                        ::yaserde::YaSerialize::serialize(item, writer)?;
+                    }
+                }
+                if !false {
+                    if let ::std::option::Option::Some(ref item) = &self.block_priv {
+                        writer
+                            .set_start_event_name(
+                                ::std::option::Option::Some("blockpriv".to_string()),
+                            );
+                        writer.set_skip_start_end(false);
+                        ::yaserde::YaSerialize::serialize(item, writer)?;
+                    }
+                }
+                if !false {
+                    if let ::std::option::Option::Some(ref item) = &self.block_bogons {
+                        writer
+                            .set_start_event_name(
+                                ::std::option::Option::Some("blockbogons".to_string()),
+                            );
+                        writer.set_skip_start_end(false);
+                        ::yaserde::YaSerialize::serialize(item, writer)?;
+                    }
+                }
+                if !false {
+                    if let ::std::option::Option::Some(ref item) = &self.lock {
+                        writer
+                            .set_start_event_name(
+                                ::std::option::Option::Some("lock".to_string()),
+                            );
+                        writer.set_skip_start_end(false);
+                        ::yaserde::YaSerialize::serialize(item, writer)?;
+                    }
+                }
+                if !false {
+                    if let ::std::option::Option::Some(ref item) = &self.r#type {
+                        writer
+                            .set_start_event_name(
+                                ::std::option::Option::Some("type".to_string()),
+                            );
+                        writer.set_skip_start_end(false);
+                        ::yaserde::YaSerialize::serialize(item, writer)?;
+                    }
+                }
+                if !false {
+                    if let ::std::option::Option::Some(ref item) = &self.r#virtual {
+                        writer
+                            .set_start_event_name(
+                                ::std::option::Option::Some("virtual".to_string()),
+                            );
+                        writer.set_skip_start_end(false);
+                        ::yaserde::YaSerialize::serialize(item, writer)?;
+                    }
+                }
+                if !false {
+                    if let ::std::option::Option::Some(ref item) = &self.subnet {
+                        writer
+                            .set_start_event_name(
+                                ::std::option::Option::Some("subnet".to_string()),
+                            );
+                        writer.set_skip_start_end(false);
+                        ::yaserde::YaSerialize::serialize(item, writer)?;
+                    }
+                }
+                if !false {
+                    if let ::std::option::Option::Some(ref item) = &self.networks {
+                        writer
+                            .set_start_event_name(
+                                ::std::option::Option::Some("networks".to_string()),
+                            );
+                        writer.set_skip_start_end(false);
+                        ::yaserde::YaSerialize::serialize(item, writer)?;
+                    }
+                }
+                if !false {
+                    if let ::std::option::Option::Some(ref item) = &self.subnetv6 {
+                        writer
+                            .set_start_event_name(
+                                ::std::option::Option::Some("subnetv6".to_string()),
+                            );
+                        writer.set_skip_start_end(false);
+                        ::yaserde::YaSerialize::serialize(item, writer)?;
+                    }
+                }
+                if !false {
+                    if let ::std::option::Option::Some(ref item) = &self.ipaddrv6 {
+                        writer
+                            .set_start_event_name(
+                                ::std::option::Option::Some("ipaddrv6".to_string()),
+                            );
+                        writer.set_skip_start_end(false);
+                        ::yaserde::YaSerialize::serialize(item, writer)?;
+                    }
+                }
+                if !false {
+                    if let ::std::option::Option::Some(ref item) = &self.track6_interface
+                    {
+                        writer
+                            .set_start_event_name(
+                                ::std::option::Option::Some("track6-interface".to_string()),
+                            );
+                        writer.set_skip_start_end(false);
+                        ::yaserde::YaSerialize::serialize(item, writer)?;
+                    }
+                }
+                if !false {
+                    if let ::std::option::Option::Some(ref item) = &self.track6_prefix_id
+                    {
+                        writer
+                            .set_start_event_name(
+                                ::std::option::Option::Some("track6-prefix-id".to_string()),
+                            );
+                        writer.set_skip_start_end(false);
+                        ::yaserde::YaSerialize::serialize(item, writer)?;
+                    }
+                }
+                if !false && !skip {
+                    let struct_end_event = ::yaserde::__xml::writer::XmlEvent::end_element();
+                    writer.write(struct_end_event).map_err(|e| e.to_string())?;
+                }
+                ::std::result::Result::Ok(())
+            }
+            fn serialize_attributes(
+                &self,
+                mut source_attributes: ::std::vec::Vec<
+                    ::yaserde::__xml::attribute::OwnedAttribute,
+                >,
+                mut source_namespace: ::yaserde::__xml::namespace::Namespace,
+            ) -> ::std::result::Result<
+                (
+                    ::std::vec::Vec<::yaserde::__xml::attribute::OwnedAttribute>,
+                    ::yaserde::__xml::namespace::Namespace,
+                ),
+                ::std::string::String,
+            > {
+                let mut child_attributes = ::std::vec::Vec::<
+                    ::yaserde::__xml::attribute::OwnedAttribute,
+                >::new();
+                let mut child_attributes_namespace = ::yaserde::__xml::namespace::Namespace::empty();
+                let struct_start_event = ::yaserde::__xml::writer::XmlEvent::start_element(
+                    "temporary_element_to_generate_attributes",
+                );
+                let event: ::yaserde::__xml::writer::events::XmlEvent = struct_start_event
+                    .into();
+                if let ::yaserde::__xml::writer::events::XmlEvent::StartElement {
+                    attributes,
+                    namespace,
+                    ..
+                } = event {
+                    source_namespace.extend(&namespace.into_owned());
+                    source_namespace.extend(&child_attributes_namespace);
+                    let a: ::std::vec::Vec<
+                        ::yaserde::__xml::attribute::OwnedAttribute,
+                    > = attributes
+                        .into_owned()
+                        .to_vec()
+                        .iter()
+                        .map(|k| k.to_owned())
+                        .collect();
+                    source_attributes.extend(a);
+                    source_attributes.extend(child_attributes);
+                    ::std::result::Result::Ok((source_attributes, source_namespace))
+                } else {
+                    ::core::panicking::panic("internal error: entered unreachable code");
+                }
+            }
+        }
+    };
+    pub trait MyDeserialize: YaDeserializeTrait {}
+    pub trait MySerialize: YaSerializeTrait {}
+}
diff --git a/harmony-rs/opnsense-config-xml/src/data/dhcpd.rs b/harmony-rs/opnsense-config-xml/src/data/dhcpd.rs
index 18bf272..5f54437 100644
--- a/harmony-rs/opnsense-config-xml/src/data/dhcpd.rs
+++ b/harmony-rs/opnsense-config-xml/src/data/dhcpd.rs
@@ -1,6 +1,6 @@
 use yaserde_derive::{YaDeserialize, YaSerialize};
 
-use crate::xml_utils::MaybeString;
+use yaserde::MaybeString;
 
 use super::opnsense::{NumberOption, Range, StaticMap};
 
diff --git a/harmony-rs/opnsense-config-xml/src/data/interfaces.rs b/harmony-rs/opnsense-config-xml/src/data/interfaces.rs
index 42e37b1..af5bb2a 100644
--- a/harmony-rs/opnsense-config-xml/src/data/interfaces.rs
+++ b/harmony-rs/opnsense-config-xml/src/data/interfaces.rs
@@ -1,14 +1,11 @@
-use xml::reader::XmlEvent;
-use yaserde::{YaDeserialize as YaDeserializeTrait, YaSerialize as YaSerializeTrait};
+use yaserde::{NamedList, YaDeserialize as YaDeserializeTrait, YaSerialize as YaSerializeTrait};
 use yaserde_derive::{YaDeserialize, YaSerialize};
 
-use std::collections::HashMap;
-
-use crate::xml_utils::MaybeString;
+use yaserde::MaybeString;
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Interfaces {
-    pub interfaces: HashMap<String, Interface>,
+    pub interfaces: NamedList<Interface>,
 }
 
 #[derive(Default, PartialEq, Debug, YaDeserialize, YaSerialize)]
@@ -40,33 +37,32 @@ pub struct Interface {
     pub track6_prefix_id: Option<MaybeString>,
 }
 
-pub trait MyDeserialize : YaDeserializeTrait {}
-pub trait MySerialize : YaSerializeTrait {}
-
+pub trait MyDeserialize: YaDeserializeTrait {}
+pub trait MySerialize: YaSerializeTrait {}
 
 #[cfg(test)]
 mod test {
     use super::*;
     use pretty_assertions::assert_eq;
 
+    #[derive(Default, PartialEq, Debug, YaDeserialize, YaSerialize)]
+    pub struct TestStruct {
+        foo: String,
+        bar: String,
+    }
+
     #[test]
     fn should_deserialize_interfaces() {
-        let interfaces = yaserde::de::from_str::<Interfaces>(FULL_INTERFACES_XML).unwrap();
-        assert_eq!(interfaces.interfaces.len(), 6)
+        let test_struct =
+            yaserde::de::from_str::<TestStruct>("<xml><foo>aodisj</foo><bar>barbaba</bar></xml>")
+                .unwrap();
+        println!("test_struct : {:?}", test_struct);
 
+        let interfaces = yaserde::de::from_str::<Interfaces>(FULL_INTERFACES_XML).unwrap();
+        assert_eq!(interfaces.interfaces.elements.len(), 6)
     }
 
     const FULL_INTERFACES_XML: &str = "<interfaces>
-    <wan>
-      <if>pppoe0</if>
-      <descr>WAN</descr>
-      <enable>1</enable>
-      <lock>1</lock>
-      <spoofmac/>
-      <blockpriv>1</blockpriv>
-      <blockbogons>1</blockbogons>
-      <ipaddr>pppoe</ipaddr>
-    </wan>
     <lan>
       <if>em1</if>
       <descr>LAN</descr>
@@ -78,6 +74,16 @@ mod test {
       <track6-interface/>
       <track6-prefix-id>0</track6-prefix-id>
     </lan>
+    <wan>
+      <if>pppoe0</if>
+      <descr>WAN</descr>
+      <enable>1</enable>
+      <lock>1</lock>
+      <spoofmac/>
+      <blockpriv>1</blockpriv>
+      <blockbogons>1</blockbogons>
+      <ipaddr>pppoe</ipaddr>
+    </wan>
     <lo0>
       <internal_dynamic>1</internal_dynamic>
       <descr>Loopback</descr>
@@ -119,111 +125,3 @@ mod test {
     </openvpn>
   </interfaces>";
 }
-
-
-// impl YaSerializeTrait for Interfaces {
-//     fn serialize<W: std::io::Write>(
-//         &self,
-//         writer: &mut yaserde::ser::Serializer<W>,
-//     ) -> Result<(), String> {
-//         writer.write("Interfaces serializer TODO").map_err(|e| e.to_string())
-//     }
-// 
-//     fn serialize_attributes(
-//         &self,
-//         attributes: Vec<xml::attribute::OwnedAttribute>,
-//         namespace: xml::namespace::Namespace,
-//     ) -> Result<
-//         (
-//             Vec<xml::attribute::OwnedAttribute>,
-//             xml::namespace::Namespace,
-//         ),
-//         String,
-//     > {
-//         todo!()
-//     }
-// }
-// 
-// impl YaDeserializeTrait for Interfaces {
-//     fn deserialize<R: std::io::Read>(
-//         reader: &mut yaserde::de::Deserializer<R>,
-//     ) -> Result<Self, String> {
-//         let mut interfaces = Interfaces::default();
-//         let mut current_interface_name = String::new();
-//         let mut current_interface = Interface::default();
-// 
-//         let mut event = reader.next_event()?;
-//         loop {
-//             match event {
-//                 xml::reader::XmlEvent::EndElement { name } => {
-//                     println!(
-//                         "Handling EndElement {}, current_interface_name: {}",
-//                         name.local_name, current_interface_name
-//                     );
-//                     println!("Peeking after EndElement {:?}", reader.peek()?);
-//                     if name.local_name == "interfaces" {
-//                         break;
-//                     }
-//                     todo!("Should not hit here");
-//                 }
-//                 xml::reader::XmlEvent::StartElement { ref name, .. } => {
-//                     println!("Got start Element {:?}", name);
-//                     current_interface_name = name.local_name.clone();
-//                     println!("About to deserialize interface from name {:?}", name);
-//                     // TODO store names
-//                     'inner_iface: loop {
-//                         let peek = reader.peek()?;
-//                         println!("Peeking before forcing next event {:?}", peek);
-// 
-//                         if let XmlEvent::EndElement { name } = peek {
-//                             // TODO save the interface name and struct in the hashmap
-//                             println!("Forcing next_event");
-//                             reader.next_event()?;
-// 
-//                             let peek = reader.peek()?;
-//                             println!("Peeking after next event deserializing {:?}", peek);
-//                             if let XmlEvent::EndElement { name } = peek {
-//                                 println!("Got two EndElement in a row, breaking out of loop");
-//                                 break 'inner_iface;
-//                             }
-//                         }
-//                         println!("Peeking before deserializing {:?}", reader.peek()?);
-//                         let interface = <Interface as yaserde::YaDeserialize>::deserialize(reader)?;
-//                         println!("Interface deserialized {:?}", interface);
-//                         println!("Peeking after deserializing {:?}", reader.peek()?);
-//                     }
-//                     println!(
-//                         "Done with inner interface, loop completed {:?}",
-//                         reader.peek()?
-//                     );
-//                 }
-//                 xml::reader::XmlEvent::EndDocument => break,
-//                 _ => {
-//                     return Err(
-//                         "This Interfaces Deserializer does not support all XmlEvent types".into(),
-//                     )
-//                 }
-//             }
-//             let peek = reader.peek()?;
-// 
-//             let read_next = true;
-//             if let XmlEvent::EndElement { name } = peek {
-//                 if name.local_name == "interfaces" {
-//                     println!("Got endElement interfaces, not reading next event");
-//                     break;
-//                 }
-//             }
-// 
-//             if read_next {
-//                 event = reader.next_event()?;
-//             }
-//             println!("Outer loop got event {:?}", event);
-//             println!("Outer loop got peek {:?}", reader.peek()?);
-//         }
-//         println!("Done with interfaces {:?}", interfaces);
-//         println!("reader peeking shows {:?}", reader.peek());
-// 
-//         Ok(interfaces)
-//     }
-// }
-
diff --git a/harmony-rs/opnsense-config-xml/src/data/opnsense.rs b/harmony-rs/opnsense-config-xml/src/data/opnsense.rs
index 203831b..c331c45 100644
--- a/harmony-rs/opnsense-config-xml/src/data/opnsense.rs
+++ b/harmony-rs/opnsense-config-xml/src/data/opnsense.rs
@@ -1,5 +1,5 @@
 use crate::data::dhcpd::Dhcpd;
-use crate::xml_utils::{MaybeString, RawXml};
+use yaserde::{MaybeString, RawXml};
 use log::error;
 use yaserde_derive::{YaDeserialize, YaSerialize};
 
diff --git a/harmony-rs/opnsense-config-xml/src/xml_utils/generic_xml.rs b/harmony-rs/opnsense-config-xml/src/xml_utils/generic_xml.rs
index a1d4fff..e670156 100644
--- a/harmony-rs/opnsense-config-xml/src/xml_utils/generic_xml.rs
+++ b/harmony-rs/opnsense-config-xml/src/xml_utils/generic_xml.rs
@@ -79,6 +79,8 @@ impl YaDeserializeTrait for RawXml {
         }
 
         println!("buffered events {buffer}");
+        let next = reader.peek()?;
+        println!("next : {:?}", &next);
 
         Ok(RawXml(buffer))
     }
diff --git a/harmony-rs/opnsense-config-xml/src/xml_utils/mod.rs b/harmony-rs/opnsense-config-xml/src/xml_utils/mod.rs
index 2866d26..ea92079 100644
--- a/harmony-rs/opnsense-config-xml/src/xml_utils/mod.rs
+++ b/harmony-rs/opnsense-config-xml/src/xml_utils/mod.rs
@@ -1,6 +1,6 @@
-mod generic_xml;
-mod maybe_string;
+//mod generic_xml;
+//mod maybe_string;
 mod yaserde;
-pub use generic_xml::*;
-pub use maybe_string::*;
+//pub use generic_xml::*;
+//pub use maybe_string::*;
 pub use yaserde::*;

From cc9bcb902c15eee2b6eb16e3ddc9f7f894d441d1 Mon Sep 17 00:00:00 2001
From: Jean-Gabriel Gill-Couture <jeangabriel.gc@gmail.com>
Date: Mon, 18 Nov 2024 17:05:48 -0500
Subject: [PATCH 15/19] feat: DhcpConfig can now effectively manage a config
 file to add a static map entry

---
 .../opnsense-config-xml/interfaces_expand.rs  |  581 +------
 .../opnsense-config-xml/src/data/dhcpd.rs     |   12 +-
 .../src/data/interfaces.rs                    |   79 +-
 .../opnsense-config-xml/src/data/opnsense.rs  |   43 +-
 .../src/xml_utils/generic_xml.rs              |  256 ---
 .../src/xml_utils/maybe_string.rs             |  173 --
 .../opnsense-config-xml/src/xml_utils/mod.rs  |   26 +-
 .../src/xml_utils/yaserde.rs                  |   20 -
 harmony-rs/opnsense-config/src/config.rs      |   20 +-
 .../opnsense-config/src/modules/dhcp.rs       |   20 +-
 .../src/tests/data/config-full-1.xml          |   16 +-
 ...ig-structure-with-dhcp-staticmap-entry.xml | 1431 +++++++++++++++++
 .../src/tests/data/config-structure.xml       |   32 +-
 13 files changed, 1595 insertions(+), 1114 deletions(-)
 delete mode 100644 harmony-rs/opnsense-config-xml/src/xml_utils/generic_xml.rs
 delete mode 100644 harmony-rs/opnsense-config-xml/src/xml_utils/maybe_string.rs
 delete mode 100644 harmony-rs/opnsense-config-xml/src/xml_utils/yaserde.rs
 create mode 100644 harmony-rs/opnsense-config/src/tests/data/config-structure-with-dhcp-staticmap-entry.xml

diff --git a/harmony-rs/opnsense-config-xml/interfaces_expand.rs b/harmony-rs/opnsense-config-xml/interfaces_expand.rs
index f5c03c7..3ca4b76 100644
--- a/harmony-rs/opnsense-config-xml/interfaces_expand.rs
+++ b/harmony-rs/opnsense-config-xml/interfaces_expand.rs
@@ -1,586 +1,9 @@
 mod interfaces {
-    use xml::reader::XmlEvent;
     use yaserde::{
-        raw_xml::RawXml, YaDeserialize as YaDeserializeTrait,
-        YaSerialize as YaSerializeTrait,
+        NamedList, YaDeserialize as YaDeserializeTrait, YaSerialize as YaSerializeTrait,
     };
     use yaserde_derive::{YaDeserialize, YaSerialize};
-    use std::collections::HashMap;
-    use crate::xml_utils::MaybeString;
-    pub struct Interfaces {
-        pub testraw: RawXml,
-        pub interfaces: HashMap<String, Interface>,
-    }
-    #[automatically_derived]
-    impl ::core::default::Default for Interfaces {
-        #[inline]
-        fn default() -> Interfaces {
-            Interfaces {
-                testraw: ::core::default::Default::default(),
-                interfaces: ::core::default::Default::default(),
-            }
-        }
-    }
-    #[automatically_derived]
-    impl ::core::marker::StructuralPartialEq for Interfaces {}
-    #[automatically_derived]
-    impl ::core::cmp::PartialEq for Interfaces {
-        #[inline]
-        fn eq(&self, other: &Interfaces) -> bool {
-            self.testraw == other.testraw && self.interfaces == other.interfaces
-        }
-    }
-    #[automatically_derived]
-    impl ::core::fmt::Debug for Interfaces {
-        #[inline]
-        fn fmt(&self, f: &mut ::core::fmt::Formatter) -> ::core::fmt::Result {
-            ::core::fmt::Formatter::debug_struct_field2_finish(
-                f,
-                "Interfaces",
-                "testraw",
-                &self.testraw,
-                "interfaces",
-                &&self.interfaces,
-            )
-        }
-    }
-    #[allow(non_upper_case_globals, unused_attributes, unused_qualifications)]
-    const _IMPL_YA_SERIALIZE_FOR_Interfaces: () = {
-        use ::std::str::FromStr as _;
-        impl ::yaserde::YaSerialize for Interfaces {
-            #[allow(unused_variables)]
-            fn serialize<W: ::std::io::Write>(
-                &self,
-                writer: &mut ::yaserde::ser::Serializer<W>,
-            ) -> ::std::result::Result<(), ::std::string::String> {
-                let skip = writer.skip_start_end();
-                if !false && !skip {
-                    let mut child_attributes = ::alloc::vec::Vec::new();
-                    let mut child_attributes_namespace = ::yaserde::__xml::namespace::Namespace::empty();
-                    let yaserde_label = writer
-                        .get_start_event_name()
-                        .unwrap_or_else(|| "Interfaces".to_string());
-                    let struct_start_event = ::yaserde::__xml::writer::XmlEvent::start_element(
-                        yaserde_label.as_ref(),
-                    );
-                    let event: ::yaserde::__xml::writer::events::XmlEvent = struct_start_event
-                        .into();
-                    if let ::yaserde::__xml::writer::events::XmlEvent::StartElement {
-                        name,
-                        attributes,
-                        namespace,
-                    } = event {
-                        let mut attributes: ::std::vec::Vec<
-                            ::yaserde::__xml::attribute::OwnedAttribute,
-                        > = attributes
-                            .into_owned()
-                            .to_vec()
-                            .iter()
-                            .map(|k| k.to_owned())
-                            .collect();
-                        attributes.extend(child_attributes);
-                        let all_attributes = attributes
-                            .iter()
-                            .map(|ca| ca.borrow())
-                            .collect();
-                        let mut all_namespaces = namespace.into_owned();
-                        all_namespaces.extend(&child_attributes_namespace);
-                        writer
-                            .write(::yaserde::__xml::writer::events::XmlEvent::StartElement {
-                                name,
-                                attributes: ::std::borrow::Cow::Owned(all_attributes),
-                                namespace: ::std::borrow::Cow::Owned(all_namespaces),
-                            })
-                            .map_err(|e| e.to_string())?;
-                    } else {
-                        ::core::panicking::panic(
-                            "internal error: entered unreachable code",
-                        )
-                    }
-                }
-                if !false {
-                    writer
-                        .set_start_event_name(
-                            ::std::option::Option::Some("testraw".to_string()),
-                        );
-                    writer.set_skip_start_end(false);
-                    ::yaserde::YaSerialize::serialize(&self.testraw, writer)?;
-                }
-                if !false {
-                    writer
-                        .set_start_event_name(
-                            ::std::option::Option::Some("interfaces".to_string()),
-                        );
-                    writer.set_skip_start_end(false);
-                    ::yaserde::YaSerialize::serialize(&self.interfaces, writer)?;
-                }
-                if !false && !skip {
-                    let struct_end_event = ::yaserde::__xml::writer::XmlEvent::end_element();
-                    writer.write(struct_end_event).map_err(|e| e.to_string())?;
-                }
-                ::std::result::Result::Ok(())
-            }
-            fn serialize_attributes(
-                &self,
-                mut source_attributes: ::std::vec::Vec<
-                    ::yaserde::__xml::attribute::OwnedAttribute,
-                >,
-                mut source_namespace: ::yaserde::__xml::namespace::Namespace,
-            ) -> ::std::result::Result<
-                (
-                    ::std::vec::Vec<::yaserde::__xml::attribute::OwnedAttribute>,
-                    ::yaserde::__xml::namespace::Namespace,
-                ),
-                ::std::string::String,
-            > {
-                let mut child_attributes = ::std::vec::Vec::<
-                    ::yaserde::__xml::attribute::OwnedAttribute,
-                >::new();
-                let mut child_attributes_namespace = ::yaserde::__xml::namespace::Namespace::empty();
-                let struct_start_event = ::yaserde::__xml::writer::XmlEvent::start_element(
-                    "temporary_element_to_generate_attributes",
-                );
-                let event: ::yaserde::__xml::writer::events::XmlEvent = struct_start_event
-                    .into();
-                if let ::yaserde::__xml::writer::events::XmlEvent::StartElement {
-                    attributes,
-                    namespace,
-                    ..
-                } = event {
-                    source_namespace.extend(&namespace.into_owned());
-                    source_namespace.extend(&child_attributes_namespace);
-                    let a: ::std::vec::Vec<
-                        ::yaserde::__xml::attribute::OwnedAttribute,
-                    > = attributes
-                        .into_owned()
-                        .to_vec()
-                        .iter()
-                        .map(|k| k.to_owned())
-                        .collect();
-                    source_attributes.extend(a);
-                    source_attributes.extend(child_attributes);
-                    ::std::result::Result::Ok((source_attributes, source_namespace))
-                } else {
-                    ::core::panicking::panic("internal error: entered unreachable code");
-                }
-            }
-        }
-    };
-    #[allow(non_upper_case_globals, unused_attributes, unused_qualifications)]
-    const _IMPL_YA_DESERIALIZE_FOR_Interfaces: () = {
-        use ::std::str::FromStr as _;
-        use ::yaserde::Visitor as _;
-        impl ::yaserde::YaDeserialize for Interfaces {
-            #[allow(unused_variables)]
-            fn deserialize<R: ::std::io::Read>(
-                reader: &mut ::yaserde::de::Deserializer<R>,
-            ) -> ::std::result::Result<Self, ::std::string::String> {
-                let (named_element, struct_namespace) = if let ::yaserde::__xml::reader::XmlEvent::StartElement {
-                    name,
-                    ..
-                } = reader.peek()?.to_owned()
-                {
-                    (name.local_name.to_owned(), name.namespace.clone())
-                } else {
-                    (
-                        ::std::string::String::from("Interfaces"),
-                        ::std::option::Option::None,
-                    )
-                };
-                let start_depth = reader.depth();
-                {
-                    let lvl = ::log::Level::Debug;
-                    if lvl <= ::log::STATIC_MAX_LEVEL && lvl <= ::log::max_level() {
-                        ::log::__private_api::log(
-                            format_args!(
-                                "Struct {0} @ {1}: start to parse {2:?}",
-                                "Interfaces",
-                                start_depth,
-                                named_element,
-                            ),
-                            lvl,
-                            &(
-                                "yaserde_derive",
-                                "opnsense_config_xml::data::interfaces",
-                                ::log::__private_api::loc(),
-                            ),
-                            (),
-                        );
-                    }
-                };
-                if reader.depth() == 0 {
-                    if let Some(namespace) = struct_namespace {
-                        match namespace.as_str() {
-                            bad_namespace => {
-                                let msg = ::alloc::__export::must_use({
-                                    let res = ::alloc::fmt::format(
-                                        format_args!(
-                                            "bad namespace for {0}, found {1}",
-                                            named_element,
-                                            bad_namespace,
-                                        ),
-                                    );
-                                    res
-                                });
-                                return Err(msg);
-                            }
-                        }
-                    }
-                }
-                #[allow(unused_mut)]
-                let mut __testraw_value: Option<RawXml> = None;
-                #[allow(unused_mut)]
-                let mut __interfaces_value: Option<HashMap<String, Interface>> = None;
-                let mut depth = 0;
-                loop {
-                    let event = reader.peek()?.to_owned();
-                    {
-                        let lvl = ::log::Level::Trace;
-                        if lvl <= ::log::STATIC_MAX_LEVEL && lvl <= ::log::max_level() {
-                            ::log::__private_api::log(
-                                format_args!(
-                                    "Struct {0} @ {1}: matching {2:?}",
-                                    "Interfaces",
-                                    start_depth,
-                                    event,
-                                ),
-                                lvl,
-                                &(
-                                    "yaserde_derive",
-                                    "opnsense_config_xml::data::interfaces",
-                                    ::log::__private_api::loc(),
-                                ),
-                                (),
-                            );
-                        }
-                    };
-                    match event {
-                        ::yaserde::__xml::reader::XmlEvent::StartElement {
-                            ref name,
-                            ref attributes,
-                            ..
-                        } => {
-                            let namespace = name.namespace.clone().unwrap_or_default();
-                            if depth == 0 && name.local_name == "Interfaces"
-                                && namespace.as_str() == ""
-                            {
-                                let event = reader.next_event()?;
-                            } else {
-                                match (namespace.as_str(), name.local_name.as_str()) {
-                                    ("", "testraw") => {
-                                        if depth == 0 {
-                                            let _root = reader.next_event();
-                                        }
-                                        {
-                                            let lvl = ::log::Level::Debug;
-                                            if lvl <= ::log::STATIC_MAX_LEVEL
-                                                && lvl <= ::log::max_level()
-                                            {
-                                                ::log::__private_api::log(
-                                                    format_args!("Looking at startElement"),
-                                                    lvl,
-                                                    &(
-                                                        "yaserde_derive",
-                                                        "opnsense_config_xml::data::interfaces",
-                                                        ::log::__private_api::loc(),
-                                                    ),
-                                                    (),
-                                                );
-                                            }
-                                        };
-                                        {
-                                            let lvl = ::log::Level::Warn;
-                                            if lvl <= ::log::STATIC_MAX_LEVEL
-                                                && lvl <= ::log::max_level()
-                                            {
-                                                ::log::__private_api::log(
-                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
-                                                    lvl,
-                                                    &(
-                                                        "opnsense_config_xml::data::interfaces",
-                                                        "opnsense_config_xml::data::interfaces",
-                                                        ::log::__private_api::loc(),
-                                                    ),
-                                                    (),
-                                                );
-                                            }
-                                        };
-                                        if let Ok(
-                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
-                                        ) = reader.peek()
-                                        {
-                                            {
-                                                let lvl = ::log::Level::Warn;
-                                                if lvl <= ::log::STATIC_MAX_LEVEL
-                                                    && lvl <= ::log::max_level()
-                                                {
-                                                    ::log::__private_api::log(
-                                                        format_args!("Found start element ?? {0}", "RawXml"),
-                                                        lvl,
-                                                        &(
-                                                            "opnsense_config_xml::data::interfaces",
-                                                            "opnsense_config_xml::data::interfaces",
-                                                            ::log::__private_api::loc(),
-                                                        ),
-                                                        (),
-                                                    );
-                                                }
-                                            };
-                                            let value = <RawXml as ::yaserde::YaDeserialize>::deserialize(
-                                                reader,
-                                            )?;
-                                            __testraw_value = ::std::option::Option::Some(value);
-                                            let _event = reader.next_event()?;
-                                        } else {
-                                            {
-                                                let lvl = ::log::Level::Warn;
-                                                if lvl <= ::log::STATIC_MAX_LEVEL
-                                                    && lvl <= ::log::max_level()
-                                                {
-                                                    ::log::__private_api::log(
-                                                        format_args!(
-                                                            "matching field type did not find substruct start element ? {0}",
-                                                            "RawXml",
-                                                        ),
-                                                        lvl,
-                                                        &(
-                                                            "opnsense_config_xml::data::interfaces",
-                                                            "opnsense_config_xml::data::interfaces",
-                                                            ::log::__private_api::loc(),
-                                                        ),
-                                                        (),
-                                                    );
-                                                }
-                                            };
-                                        }
-                                    }
-                                    ("", "interfaces") => {
-                                        if depth == 0 {
-                                            let _root = reader.next_event();
-                                        }
-                                        {
-                                            let lvl = ::log::Level::Debug;
-                                            if lvl <= ::log::STATIC_MAX_LEVEL
-                                                && lvl <= ::log::max_level()
-                                            {
-                                                ::log::__private_api::log(
-                                                    format_args!("Looking at startElement"),
-                                                    lvl,
-                                                    &(
-                                                        "yaserde_derive",
-                                                        "opnsense_config_xml::data::interfaces",
-                                                        ::log::__private_api::loc(),
-                                                    ),
-                                                    (),
-                                                );
-                                            }
-                                        };
-                                        {
-                                            let lvl = ::log::Level::Warn;
-                                            if lvl <= ::log::STATIC_MAX_LEVEL
-                                                && lvl <= ::log::max_level()
-                                            {
-                                                ::log::__private_api::log(
-                                                    format_args!("matching field type ASPDOJIASDPJIDASPJASDJI"),
-                                                    lvl,
-                                                    &(
-                                                        "opnsense_config_xml::data::interfaces",
-                                                        "opnsense_config_xml::data::interfaces",
-                                                        ::log::__private_api::loc(),
-                                                    ),
-                                                    (),
-                                                );
-                                            }
-                                        };
-                                        if let Ok(
-                                            ::yaserde::__xml::reader::XmlEvent::StartElement { .. },
-                                        ) = reader.peek()
-                                        {
-                                            {
-                                                let lvl = ::log::Level::Warn;
-                                                if lvl <= ::log::STATIC_MAX_LEVEL
-                                                    && lvl <= ::log::max_level()
-                                                {
-                                                    ::log::__private_api::log(
-                                                        format_args!(
-                                                            "Found start element ?? {0}",
-                                                            "HashMap < String, Interface >",
-                                                        ),
-                                                        lvl,
-                                                        &(
-                                                            "opnsense_config_xml::data::interfaces",
-                                                            "opnsense_config_xml::data::interfaces",
-                                                            ::log::__private_api::loc(),
-                                                        ),
-                                                        (),
-                                                    );
-                                                }
-                                            };
-                                            let value = <HashMap<
-                                                String,
-                                                Interface,
-                                            > as ::yaserde::YaDeserialize>::deserialize(reader)?;
-                                            __interfaces_value = ::std::option::Option::Some(value);
-                                            let _event = reader.next_event()?;
-                                        } else {
-                                            {
-                                                let lvl = ::log::Level::Warn;
-                                                if lvl <= ::log::STATIC_MAX_LEVEL
-                                                    && lvl <= ::log::max_level()
-                                                {
-                                                    ::log::__private_api::log(
-                                                        format_args!(
-                                                            "matching field type did not find substruct start element ? {0}",
-                                                            "HashMap < String, Interface >",
-                                                        ),
-                                                        lvl,
-                                                        &(
-                                                            "opnsense_config_xml::data::interfaces",
-                                                            "opnsense_config_xml::data::interfaces",
-                                                            ::log::__private_api::loc(),
-                                                        ),
-                                                        (),
-                                                    );
-                                                }
-                                            };
-                                        }
-                                    }
-                                    _ => {
-                                        {
-                                            let lvl = ::log::Level::Trace;
-                                            if lvl <= ::log::STATIC_MAX_LEVEL
-                                                && lvl <= ::log::max_level()
-                                            {
-                                                ::log::__private_api::log(
-                                                    format_args!("Got StartElement {0:?}", name.local_name),
-                                                    lvl,
-                                                    &(
-                                                        "yaserde_derive",
-                                                        "opnsense_config_xml::data::interfaces",
-                                                        ::log::__private_api::loc(),
-                                                    ),
-                                                    (),
-                                                );
-                                            }
-                                        };
-                                        let event = reader.next_event()?;
-                                        {
-                                            let lvl = ::log::Level::Trace;
-                                            if lvl <= ::log::STATIC_MAX_LEVEL
-                                                && lvl <= ::log::max_level()
-                                            {
-                                                ::log::__private_api::log(
-                                                    format_args!("Next event {0:?}", event),
-                                                    lvl,
-                                                    &(
-                                                        "yaserde_derive",
-                                                        "opnsense_config_xml::data::interfaces",
-                                                        ::log::__private_api::loc(),
-                                                    ),
-                                                    (),
-                                                );
-                                            }
-                                        };
-                                        if depth > 0 {
-                                            return Err(
-                                                ::alloc::__export::must_use({
-                                                    let res = ::alloc::fmt::format(
-                                                        format_args!(
-                                                            "Found unauthorized element {0}",
-                                                            name.local_name,
-                                                        ),
-                                                    );
-                                                    res
-                                                }),
-                                            );
-                                            reader.skip_element(|event| {})?;
-                                        }
-                                    }
-                                }
-                            }
-                            if depth == 0 {}
-                            depth += 1;
-                        }
-                        ::yaserde::__xml::reader::XmlEvent::EndElement { ref name } => {
-                            {
-                                let lvl = ::log::Level::Warn;
-                                if lvl <= ::log::STATIC_MAX_LEVEL
-                                    && lvl <= ::log::max_level()
-                                {
-                                    ::log::__private_api::log(
-                                        format_args!("endElement {0}", named_element),
-                                        lvl,
-                                        &(
-                                            "opnsense_config_xml::data::interfaces",
-                                            "opnsense_config_xml::data::interfaces",
-                                            ::log::__private_api::loc(),
-                                        ),
-                                        (),
-                                    );
-                                }
-                            };
-                            if name.local_name == named_element
-                                && reader.depth() == start_depth + 1
-                            {
-                                break;
-                            }
-                            let event = reader.next_event()?;
-                            depth -= 1;
-                        }
-                        ::yaserde::__xml::reader::XmlEvent::EndDocument => {
-                            if false {
-                                break;
-                            }
-                        }
-                        ::yaserde::__xml::reader::XmlEvent::Characters(
-                            ref text_content,
-                        ) => {
-                            let event = reader.next_event()?;
-                        }
-                        event => {
-                            return ::std::result::Result::Err(
-                                ::alloc::__export::must_use({
-                                    let res = ::alloc::fmt::format(
-                                        format_args!("unknown event {0:?}", event),
-                                    );
-                                    res
-                                }),
-                            );
-                        }
-                    }
-                }
-                {
-                    let lvl = ::log::Level::Debug;
-                    if lvl <= ::log::STATIC_MAX_LEVEL && lvl <= ::log::max_level() {
-                        ::log::__private_api::log(
-                            format_args!(
-                                "Struct {0} @ {1}: success",
-                                "Interfaces",
-                                start_depth,
-                            ),
-                            lvl,
-                            &(
-                                "yaserde_derive",
-                                "opnsense_config_xml::data::interfaces",
-                                ::log::__private_api::loc(),
-                            ),
-                            (),
-                        );
-                    }
-                };
-                ::std::result::Result::Ok(Interfaces {
-                    testraw: __testraw_value
-                        .ok_or_else(|| {
-                            "testraw is a required field of Interfaces".to_string()
-                        })?,
-                    interfaces: __interfaces_value
-                        .ok_or_else(|| {
-                            "interfaces is a required field of Interfaces".to_string()
-                        })?,
-                })
-            }
-        }
-    };
+    use yaserde::MaybeString;
     pub struct Interface {
         #[yaserde(rename = "if")]
         pub physical_interface_name: String,
diff --git a/harmony-rs/opnsense-config-xml/src/data/dhcpd.rs b/harmony-rs/opnsense-config-xml/src/data/dhcpd.rs
index 5f54437..9115e43 100644
--- a/harmony-rs/opnsense-config-xml/src/data/dhcpd.rs
+++ b/harmony-rs/opnsense-config-xml/src/data/dhcpd.rs
@@ -4,12 +4,12 @@ use yaserde::MaybeString;
 
 use super::opnsense::{NumberOption, Range, StaticMap};
 
-#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
-#[yaserde(rename = "dhcpd")]
-pub struct Dhcpd {
-    #[yaserde(rename = "lan")]
-    pub lan: DhcpInterface,
-}
+// #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+// #[yaserde(rename = "dhcpd")]
+// pub struct Dhcpd {
+//     #[yaserde(rename = "lan")]
+//     pub lan: DhcpInterface,
+// }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct DhcpInterface {
diff --git a/harmony-rs/opnsense-config-xml/src/data/interfaces.rs b/harmony-rs/opnsense-config-xml/src/data/interfaces.rs
index af5bb2a..9d8104e 100644
--- a/harmony-rs/opnsense-config-xml/src/data/interfaces.rs
+++ b/harmony-rs/opnsense-config-xml/src/data/interfaces.rs
@@ -1,65 +1,106 @@
-use yaserde::{NamedList, YaDeserialize as YaDeserializeTrait, YaSerialize as YaSerializeTrait};
 use yaserde_derive::{YaDeserialize, YaSerialize};
 
 use yaserde::MaybeString;
 
-#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
-pub struct Interfaces {
-    pub interfaces: NamedList<Interface>,
-}
-
 #[derive(Default, PartialEq, Debug, YaDeserialize, YaSerialize)]
 pub struct Interface {
+    pub internal_dynamic: Option<MaybeString>,
     #[yaserde(rename = "if")]
     pub physical_interface_name: String,
     pub descr: String,
     pub enable: MaybeString,
+    pub lock: Option<MaybeString>,
     #[yaserde(rename = "spoofmac")]
     pub spoof_mac: Option<MaybeString>,
-    pub internal_dynamic: Option<MaybeString>,
     pub ipaddr: Option<MaybeString>,
     #[yaserde(rename = "blockpriv")]
     pub block_priv: Option<MaybeString>,
     #[yaserde(rename = "blockbogons")]
     pub block_bogons: Option<MaybeString>,
-    pub lock: Option<MaybeString>,
     #[yaserde(rename = "type")]
     pub r#type: Option<MaybeString>,
     #[yaserde(rename = "virtual")]
     pub r#virtual: Option<MaybeString>,
     pub subnet: Option<MaybeString>,
+    pub ipaddrv6: Option<MaybeString>,
     pub networks: Option<MaybeString>,
     pub subnetv6: Option<MaybeString>,
-    pub ipaddrv6: Option<MaybeString>,
     #[yaserde(rename = "track6-interface")]
     pub track6_interface: Option<MaybeString>,
     #[yaserde(rename = "track6-prefix-id")]
     pub track6_prefix_id: Option<MaybeString>,
 }
 
-pub trait MyDeserialize: YaDeserializeTrait {}
-pub trait MySerialize: YaSerializeTrait {}
-
 #[cfg(test)]
 mod test {
+    use crate::xml_utils::to_xml_str;
+
     use super::*;
     use pretty_assertions::assert_eq;
+    use yaserde::NamedList;
 
     #[derive(Default, PartialEq, Debug, YaDeserialize, YaSerialize)]
-    pub struct TestStruct {
+    pub struct InterfacesParent {
         foo: String,
+        interfaces: NamedList<Interface>,
         bar: String,
     }
 
     #[test]
     fn should_deserialize_interfaces() {
-        let test_struct =
-            yaserde::de::from_str::<TestStruct>("<xml><foo>aodisj</foo><bar>barbaba</bar></xml>")
-                .unwrap();
-        println!("test_struct : {:?}", test_struct);
+        let interfaces =
+            yaserde::de::from_str::<NamedList<Interface>>(FULL_INTERFACES_XML).unwrap();
+        assert_eq!(interfaces.elements.len(), 6)
+    }
 
-        let interfaces = yaserde::de::from_str::<Interfaces>(FULL_INTERFACES_XML).unwrap();
-        assert_eq!(interfaces.interfaces.elements.len(), 6)
+    #[test]
+    fn should_serialize_interfaces() {
+        let named_list = NamedList {
+            elements: vec![
+                (String::from("paul"), Interface::default()),
+                (String::from("anotherpaul"), Interface::default()),
+                (String::from("thirdone"), Interface::default()),
+                (String::from("andgofor4"), Interface::default()),
+            ],
+        };
+
+        let parent = InterfacesParent {
+            foo: String::from("foo"),
+            interfaces: named_list,
+            bar: String::from("foo"),
+        };
+
+        assert_eq!(
+            &to_xml_str(&parent).unwrap(),
+            r#"<?xml version="1.0"?>
+<InterfacesParent>
+  <foo>foo</foo>
+  <interfaces>
+    <paul>
+      <if></if>
+      <descr></descr>
+      <enable/>
+    </paul>
+    <anotherpaul>
+      <if></if>
+      <descr></descr>
+      <enable/>
+    </anotherpaul>
+    <thirdone>
+      <if></if>
+      <descr></descr>
+      <enable/>
+    </thirdone>
+    <andgofor4>
+      <if></if>
+      <descr></descr>
+      <enable/>
+    </andgofor4>
+  </interfaces>
+  <bar>foo</bar>
+</InterfacesParent>
+"#
+        )
     }
 
     const FULL_INTERFACES_XML: &str = "<interfaces>
diff --git a/harmony-rs/opnsense-config-xml/src/data/opnsense.rs b/harmony-rs/opnsense-config-xml/src/data/opnsense.rs
index c331c45..6facf52 100644
--- a/harmony-rs/opnsense-config-xml/src/data/opnsense.rs
+++ b/harmony-rs/opnsense-config-xml/src/data/opnsense.rs
@@ -1,23 +1,9 @@
-use crate::data::dhcpd::Dhcpd;
-use yaserde::{MaybeString, RawXml};
+use crate::{data::dhcpd::DhcpInterface, xml_utils::to_xml_str};
 use log::error;
+use yaserde::{MaybeString, NamedList, RawXml};
 use yaserde_derive::{YaDeserialize, YaSerialize};
 
-impl From<String> for OPNsense {
-    fn from(content: String) -> Self {
-        yaserde::de::from_str(&content)
-            .map_err(|e| error!("{}", e.to_string()))
-            .expect("OPNSense received invalid string, should be full XML")
-    }
-}
-
-impl OPNsense {
-    pub fn to_xml(&self) -> String {
-        yaserde::ser::to_string(self)
-            .map_err(|e| error!("{}", e.to_string()))
-            .expect("OPNSense could not serialize to XML")
-    }
-}
+use super::Interface;
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 #[yaserde(rename = "opnsense")]
@@ -25,8 +11,9 @@ pub struct OPNsense {
     pub theme: String,
     pub sysctl: Sysctl,
     pub system: RawXml,
-    pub interfaces: RawXml,
-    pub dhcpd: Dhcpd,
+    // pub interfaces: RawXml,
+    pub interfaces: NamedList<Interface>,
+    pub dhcpd: NamedList<DhcpInterface>,
     pub snmpd: Snmpd,
     pub syslog: Syslog,
     pub nat: Nat,
@@ -56,6 +43,23 @@ pub struct OPNsense {
     pub ifgroups: Ifgroups,
 }
 
+impl From<String> for OPNsense {
+    fn from(content: String) -> Self {
+        yaserde::de::from_str(&content)
+            .map_err(|e| println!("{}", e.to_string()))
+            .expect("OPNSense received invalid string, should be full XML")
+    }
+}
+
+impl OPNsense {
+    pub fn to_xml(&self) -> String {
+        to_xml_str(self)
+            .map_err(|e| error!("{}", e.to_string()))
+            .expect("OPNSense could not serialize to XML")
+    }
+}
+
+
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct LoadBalancer {
     pub monitor_type: Vec<MonitorType>,
@@ -945,6 +949,7 @@ pub struct Acl {
     pub browser: MaybeString,
     #[yaserde(rename = "mimeType")]
     pub mime_type: MaybeString,
+    #[yaserde(rename = "googleapps")]
     pub google_apps: MaybeString,
     pub youtube: MaybeString,
     #[yaserde(rename = "safePorts")]
diff --git a/harmony-rs/opnsense-config-xml/src/xml_utils/generic_xml.rs b/harmony-rs/opnsense-config-xml/src/xml_utils/generic_xml.rs
deleted file mode 100644
index e670156..0000000
--- a/harmony-rs/opnsense-config-xml/src/xml_utils/generic_xml.rs
+++ /dev/null
@@ -1,256 +0,0 @@
-use xml::reader::XmlEvent as ReadEvent;
-use yaserde::{ser, YaDeserialize as YaDeserializeTrait, YaSerialize as YaSerializeTrait};
-
-#[derive(Debug, PartialEq, Default)]
-pub struct RawXml(String);
-
-impl YaDeserializeTrait for RawXml {
-    fn deserialize<R: std::io::Read>(
-        reader: &mut yaserde::de::Deserializer<R>,
-    ) -> Result<Self, String> {
-        let mut buffer = String::new();
-        let mut depth = 0;
-
-        let own_name = match reader.peek()? {
-            ReadEvent::StartElement { name, .. } => name.local_name.clone(),
-            _ => return Err("RawXml Should start deserializing with StartElement".to_string()),
-        };
-        println!("RawXml deserialize from root element name : {own_name}");
-        loop {
-            let current_event = reader.peek()?.to_owned();
-            match current_event.clone() {
-                ReadEvent::StartElement {
-                    name, attributes, ..
-                } => {
-                    println!("StartElement {name} depth {depth}");
-                    depth += 1;
-                    let mut attr_string = String::new();
-                    attributes.iter().for_each(|a| {
-                        attr_string.push_str(&format!(r#" {}="{}""#, &a.name, &a.value));
-                    });
-                    buffer.push_str(&format!("<{}{}>", name, attr_string));
-                    let _event = reader.next_event()?;
-                }
-                ReadEvent::EndElement { name } => {
-                    println!("EndElement {name} depth {depth}");
-                    depth -= 1;
-                    buffer.push_str(&format!("</{}>", name));
-                    println!(
-                        "Checking if name.local_name {} matches own_name {} at depth {depth}",
-                        &name.local_name, &own_name
-                    );
-                    if name.local_name == own_name && depth == 0 {
-                        println!(
-                            "Found next EndElement is closing my struct, breaking out of loop"
-                        );
-                        break;
-                    } else {
-                        let _event = reader.next_event()?;
-                    }
-                }
-                ReadEvent::Characters(content) => {
-                    println!("Characters {content} depth {depth}");
-                    buffer.push_str(&content);
-                    let _event = reader.next_event()?;
-                }
-                ReadEvent::StartDocument {
-                    version,
-                    encoding,
-                    standalone,
-                } => todo!(
-                    "StartDocument {:?} {:?} {:?}",
-                    version,
-                    encoding,
-                    standalone
-                ),
-                ReadEvent::EndDocument => todo!(),
-                ReadEvent::ProcessingInstruction { name, data } => {
-                    todo!("ProcessingInstruction {:?}, {:?}", name, data)
-                }
-                ReadEvent::CData(cdata) => todo!("CData, {:?}", cdata),
-                ReadEvent::Comment(comment) => todo!("Comment, {:?}", comment),
-                ReadEvent::Whitespace(whitespace) => todo!("Whitespace, {:?}", whitespace),
-            }
-            let next = reader.peek()?;
-            println!(
-                "Processing done on \ncurrent_event : {:?} \nnext : {:?}",
-                &current_event, &next
-            );
-        }
-
-        println!("buffered events {buffer}");
-        let next = reader.peek()?;
-        println!("next : {:?}", &next);
-
-        Ok(RawXml(buffer))
-    }
-}
-
-impl YaSerializeTrait for RawXml {
-    fn serialize<W: std::io::Write>(&self, writer: &mut ser::Serializer<W>) -> Result<(), String> {
-        let content = self.0.clone();
-        let content = xml::EventReader::from_str(content.as_str());
-        let mut reader = yaserde::de::Deserializer::new(content);
-        loop {
-            let e = reader.next_event()?;
-            if let ReadEvent::EndDocument = e {
-                break;
-            }
-            writer
-                .write(e.as_writer_event().unwrap())
-                .expect("Writer should write write event");
-        }
-        Ok(())
-    }
-
-    fn serialize_attributes(
-        &self,
-        attributes: Vec<xml::attribute::OwnedAttribute>,
-        namespace: xml::namespace::Namespace,
-    ) -> Result<
-        (
-            Vec<xml::attribute::OwnedAttribute>,
-            xml::namespace::Namespace,
-        ),
-        String,
-    > {
-        todo!()
-    }
-}
-
-#[cfg(test)]
-mod test {
-    use crate::xml_utils::to_xml_str;
-
-    use super::*;
-    use pretty_assertions::assert_eq;
-    use yaserde_derive::YaDeserialize;
-    use yaserde_derive::YaSerialize;
-
-    #[derive(Debug, PartialEq, Default, YaDeserialize)]
-    pub struct Parent {
-        //    pub rawxml_child: RawXml,
-        pub string_child: String,
-        pub child_child: Child,
-    }
-
-    #[derive(Debug, PartialEq, Default, YaDeserialize)]
-    pub struct Child {
-        pub child_val: String,
-        pub child_val2: String,
-        pub child_option: Option<String>,
-    }
-
-    #[test]
-    fn rawxml_should_buffer_empty_element() {
-        let rawxml: RawXml = yaserde::de::from_str("<something/>").unwrap();
-        assert_eq!(rawxml.0, String::from("<something></something>"));
-    }
-
-    #[test]
-    fn rawxml_should_buffer_elements_with_different_case_as_they_are() {
-        let xml = "<xml><Some_thing></Some_thing><something></something></xml>";
-        let rawxml: RawXml = yaserde::de::from_str(xml).unwrap();
-        assert_eq!(rawxml.0, String::from(xml));
-    }
-
-    #[test]
-    fn rawxml_should_buffer_elements_with_attributes() {
-        let xml = r#"<xml version="ababa"><Some_thing></Some_thing><something></something></xml>"#;
-        let rawxml: RawXml = yaserde::de::from_str(xml).unwrap();
-        assert_eq!(rawxml.0, String::from(xml));
-    }
-
-    #[test]
-    fn rawxml_should_handle_complex_documents() {
-        let xml = r#"<xml><OpenVPN version="1.0.0"><Overwrites></Overwrites><Instances></Instances><StaticKeys></StaticKeys></OpenVPN><Gateways version="0.0.1"></Gateways><HAProxy version="4.0.0"><general><enabled>1</enabled><gracefulStop>0</gracefulStop><hardStopAfter>60s</hardStopAfter><closeSpreadTime></closeSpreadTime><seamlessReload>0</seamlessReload><storeOcsp>0</storeOcsp><showIntro>1</showIntro><peers><enabled>0</enabled><name1></name1><listen1></listen1><port1>1024</port1><name2></name2><listen2></listen2><port2>1024</port2></peers><tuning><root>0</root><maxConnections></maxConnections><nbthread>1</nbthread><sslServerVerify>ignore</sslServerVerify><maxDHSize>2048</maxDHSize><bufferSize>16384</bufferSize></tuning></general></HAProxy></xml>"#;
-        let rawxml: RawXml = yaserde::de::from_str(xml).unwrap();
-        assert_eq!(rawxml.0, String::from(xml));
-    }
-
-    #[test]
-    fn rawxml_should_serialize_simple_documents() {
-        let xml = r#"<?xml version="1.0" encoding="utf-8"?><xml />"#;
-        let rawxml: RawXml = yaserde::de::from_str(xml).unwrap();
-        assert_eq!(yaserde::ser::to_string(&rawxml).unwrap(), xml);
-    }
-
-    #[test]
-    fn rawxml_should_serialize_complex_documents() {
-        let xml = r#"<?xml version="1.0"?>
-<xml>
-  <OpenVPN version="1.0.0">
-    <Overwrites/>
-    <Instances/>
-    <StaticKeys/>
-  </OpenVPN>
-  <Gateways version="0.0.1"/>
-  <HAProxy version="4.0.0">
-    <general>
-      <enabled>1</enabled>
-      <gracefulStop>0</gracefulStop>
-      <hardStopAfter>60s</hardStopAfter>
-      <closeSpreadTime/>
-      <seamlessReload>0</seamlessReload>
-      <storeOcsp>0</storeOcsp>
-      <showIntro>1</showIntro>
-      <peers>
-        <enabled>0</enabled>
-        <name1/>
-        <listen1/>
-        <port1>1024</port1>
-        <name2/>
-        <listen2/>
-        <port2>1024</port2>
-      </peers>
-      <tuning>
-        <root>0</root>
-        <maxConnections/>
-        <nbthread>1</nbthread>
-        <sslServerVerify>ignore</sslServerVerify>
-        <maxDHSize>2048</maxDHSize>
-        <bufferSize>16384</bufferSize>
-      </tuning>
-    </general>
-  </HAProxy>
-</xml>
-"#;
-        let rawxml: RawXml = yaserde::de::from_str(xml).unwrap();
-        assert_eq!(to_xml_str(&rawxml).unwrap(), xml);
-    }
-
-    #[test]
-    fn rawxml_should_allow_siblings_before() {
-        #[derive(YaDeserialize, YaSerialize)]
-        struct Config {
-            paul: Vec<String>,
-            raw: RawXml,
-        }
-        let xml = r#"<?xml version="1.0" encoding="utf-8"?><Config><paul>bobob</paul><paul>patate</paul><raw>allo something</raw></Config>"#;
-        let config: Config = yaserde::de::from_str(xml).unwrap();
-        assert_eq!(yaserde::ser::to_string(&config).unwrap(), xml);
-    }
-
-    #[test]
-    fn rawxml_should_allow_siblings_after() {
-        #[derive(YaDeserialize, YaSerialize)]
-        struct Config {
-            raw: RawXml,
-            paul: Vec<String>,
-        }
-        let xml = r#"<?xml version="1.0" encoding="utf-8"?><Config><raw>allo something</raw><paul>bobob</paul><paul>patate</paul></Config>"#;
-        let config: Config = yaserde::de::from_str(xml).unwrap();
-        assert_eq!(config.paul.get(0).unwrap(), "bobob");
-        assert_eq!(config.paul.get(1).unwrap(), "patate");
-        assert_eq!(config.paul.len(), 2);
-        assert_eq!(config.raw.0, "<raw>allo something</raw>");
-        assert_eq!(yaserde::ser::to_string(&config).unwrap(), xml);
-    }
-
-    #[test]
-    fn rawxml_should_allow_being_end_of_document() {
-        let xml = r#"<?xml version="1.0" encoding="utf-8"?><Config><raw>allo something</raw><paul>bobob</paul><paul>patate</paul></Config>"#;
-        let config: RawXml = yaserde::de::from_str(xml).unwrap();
-        assert_eq!(yaserde::ser::to_string(&config).unwrap(), xml);
-    }
-}
diff --git a/harmony-rs/opnsense-config-xml/src/xml_utils/maybe_string.rs b/harmony-rs/opnsense-config-xml/src/xml_utils/maybe_string.rs
deleted file mode 100644
index 7c7f4c9..0000000
--- a/harmony-rs/opnsense-config-xml/src/xml_utils/maybe_string.rs
+++ /dev/null
@@ -1,173 +0,0 @@
-use xml::reader::XmlEvent as ReadEvent;
-use xml::writer::XmlEvent as WriteEvent;
-use yaserde::{ser, YaDeserialize as YaDeserializeTrait, YaSerialize as YaSerializeTrait};
-
-#[derive(Debug, PartialEq, Default)]
-pub struct MaybeString {
-    field_name: String,
-    content: Option<String>,
-}
-
-impl YaDeserializeTrait for MaybeString {
-    fn deserialize<R: std::io::Read>(
-        reader: &mut yaserde::de::Deserializer<R>,
-    ) -> Result<Self, String> {
-        let field_name = match reader.peek()? {
-            ReadEvent::StartElement {
-                name, attributes, ..
-            } => {
-                if attributes.len() > 0 {
-                    return Err(String::from(
-                        "Attributes not currently supported by MaybeString",
-                    ));
-                }
-
-                name.local_name.clone()
-            }
-            _ => return Err(String::from("Unsupporte ReadEvent type")),
-        };
-        reader.next_event()?;
-
-        let content = match reader.peek()? {
-            ReadEvent::Characters(content) => Some(content.clone()),
-            ReadEvent::EndElement { name } => {
-                if name.local_name != field_name {
-                    return Err(format!(
-                        "Invalid EndElement, expected {field_name} but got {}",
-                        name.local_name
-                    ));
-                }
-                None
-            }
-            _ => return Err(String::from("Unsupporte ReadEvent type")),
-        };
-
-        Ok(Self {
-            field_name,
-            content,
-        })
-    }
-}
-
-impl YaSerializeTrait for MaybeString {
-    fn serialize<W: std::io::Write>(&self, writer: &mut ser::Serializer<W>) -> Result<(), String> {
-        let start_element_event = WriteEvent::start_element(self.field_name.as_str());
-        writer.write(start_element_event).expect("Writer failed");
-        match &self.content {
-            Some(content) => {
-                writer
-                    .write(WriteEvent::characters(content))
-                    .expect("Writer failed");
-            }
-            None => {}
-        };
-
-        writer
-            .write(WriteEvent::end_element())
-            .expect("Writer failed");
-        Ok(())
-    }
-
-    fn serialize_attributes(
-        &self,
-        _attributes: Vec<xml::attribute::OwnedAttribute>,
-        _namespace: xml::namespace::Namespace,
-    ) -> Result<
-        (
-            Vec<xml::attribute::OwnedAttribute>,
-            xml::namespace::Namespace,
-        ),
-        String,
-    > {
-        unimplemented!("MaybeString does not currently support attributes")
-    }
-}
-
-#[cfg(test)]
-mod test {
-    use super::*;
-    use pretty_assertions::assert_eq;
-    use yaserde_derive::YaDeserialize;
-    use yaserde_derive::YaSerialize;
-
-    #[derive(Debug, PartialEq, Default, YaDeserialize, YaSerialize)]
-    struct TestStruct {
-        maybe: MaybeString,
-    }
-
-    #[test]
-    fn maybe_string_should_deserialize_empty_element() {
-        let initial_xml = "<struct><maybe/></struct>";
-        let test_struct: TestStruct =
-            yaserde::de::from_str(initial_xml).expect("Shoudl deserialize teststruct");
-        println!("Got test_struct {:?}", test_struct);
-        assert_eq!(
-            test_struct,
-            TestStruct {
-                maybe: MaybeString {
-                    field_name: String::from("maybe"),
-                    content: None
-                }
-            }
-        );
-    }
-
-    #[test]
-    fn maybe_string_should_deserialize_content() {
-        let initial_xml = "<struct><maybe>some content</maybe></struct>";
-        let test_struct: TestStruct =
-            yaserde::de::from_str(initial_xml).expect("Shoudl deserialize teststruct");
-        println!("Got test_struct {:?}", test_struct);
-        assert_eq!(
-            test_struct,
-            TestStruct {
-                maybe: MaybeString {
-                    field_name: String::from("maybe"),
-                    content: Some(String::from("some content"))
-                }
-            }
-        );
-    }
-
-    #[test]
-    fn maybe_string_should_deserialize_empty_long_format() {
-        let initial_xml = "<struct><maybe></maybe></struct>";
-        let test_struct: TestStruct =
-            yaserde::de::from_str(initial_xml).expect("Shoudl deserialize teststruct");
-        println!("Got test_struct {:?}", test_struct);
-        assert_eq!(
-            test_struct,
-            TestStruct {
-                maybe: MaybeString {
-                    field_name: String::from("maybe"),
-                    content: None
-                }
-            }
-        );
-    }
-
-    #[test]
-    fn maybe_string_should_serialize_to_empty_element() {
-        let initial_xml =
-            r#"<?xml version="1.0" encoding="utf-8"?><TestStruct><maybe /></TestStruct>"#;
-        let test_struct: TestStruct =
-            yaserde::de::from_str(initial_xml).expect("Shoudl deserialize teststruct");
-        println!("Got test_struct {:?}", test_struct);
-        assert_eq!(
-            yaserde::ser::to_string(&test_struct).expect("should serialize teststruct"),
-            initial_xml
-        );
-    }
-
-    #[test]
-    fn maybe_string_should_serialize_content() {
-        let initial_xml = r#"<?xml version="1.0" encoding="utf-8"?><TestStruct><maybe>some content</maybe></TestStruct>"#;
-        let test_struct: TestStruct =
-            yaserde::de::from_str(initial_xml).expect("Shoudl deserialize teststruct");
-        println!("Got test_struct {:?}", test_struct);
-        assert_eq!(
-            yaserde::ser::to_string(&test_struct).expect("should serialize teststruct"),
-            initial_xml
-        );
-    }
-}
diff --git a/harmony-rs/opnsense-config-xml/src/xml_utils/mod.rs b/harmony-rs/opnsense-config-xml/src/xml_utils/mod.rs
index ea92079..bdd2fcd 100644
--- a/harmony-rs/opnsense-config-xml/src/xml_utils/mod.rs
+++ b/harmony-rs/opnsense-config-xml/src/xml_utils/mod.rs
@@ -1,6 +1,20 @@
-//mod generic_xml;
-//mod maybe_string;
-mod yaserde;
-//pub use generic_xml::*;
-//pub use maybe_string::*;
-pub use yaserde::*;
+use yaserde::YaSerialize;
+
+pub fn to_xml_str<T: YaSerialize>(model: &T) -> Result<String, String> {
+    let yaserde_cfg = yaserde::ser::Config {
+        perform_indent: true,
+        write_document_declaration: false,
+        pad_self_closing: false,
+        ..Default::default()
+    };
+    let serialized = yaserde::ser::to_string_with_config::<T>(model, &yaserde_cfg)?;
+
+    // Opnsense does not specify encoding in the document declaration
+    //
+    // yaserde / xml-rs does not allow disabling the encoding attribute in the
+    // document declaration
+    //
+    // So here we just manually prefix the xml document with the exact document declaration
+    // that opnsense uses
+    Ok(format!("<?xml version=\"1.0\"?>\n{serialized}\n"))
+}
diff --git a/harmony-rs/opnsense-config-xml/src/xml_utils/yaserde.rs b/harmony-rs/opnsense-config-xml/src/xml_utils/yaserde.rs
deleted file mode 100644
index bdd2fcd..0000000
--- a/harmony-rs/opnsense-config-xml/src/xml_utils/yaserde.rs
+++ /dev/null
@@ -1,20 +0,0 @@
-use yaserde::YaSerialize;
-
-pub fn to_xml_str<T: YaSerialize>(model: &T) -> Result<String, String> {
-    let yaserde_cfg = yaserde::ser::Config {
-        perform_indent: true,
-        write_document_declaration: false,
-        pad_self_closing: false,
-        ..Default::default()
-    };
-    let serialized = yaserde::ser::to_string_with_config::<T>(model, &yaserde_cfg)?;
-
-    // Opnsense does not specify encoding in the document declaration
-    //
-    // yaserde / xml-rs does not allow disabling the encoding attribute in the
-    // document declaration
-    //
-    // So here we just manually prefix the xml document with the exact document declaration
-    // that opnsense uses
-    Ok(format!("<?xml version=\"1.0\"?>\n{serialized}\n"))
-}
diff --git a/harmony-rs/opnsense-config/src/config.rs b/harmony-rs/opnsense-config/src/config.rs
index 36681f6..0a40aa3 100644
--- a/harmony-rs/opnsense-config/src/config.rs
+++ b/harmony-rs/opnsense-config/src/config.rs
@@ -170,9 +170,11 @@ impl Config {
 
 #[cfg(test)]
 mod tests {
+    use crate::modules::dhcp::DhcpConfig;
+
     use super::*;
-    use std::path::PathBuf;
     use pretty_assertions::assert_eq;
+    use std::path::PathBuf;
 
     #[tokio::test]
     async fn test_load_config_from_local_file() {
@@ -199,23 +201,31 @@ mod tests {
     #[tokio::test]
     async fn test_add_dhcpd_static_entry() {
         let mut test_file_path = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
-        test_file_path.push("src/tests/data/config-full-1.xml");
+        test_file_path.push("src/tests/data/config-structure.xml");
 
         let config_file_path = test_file_path.to_str().unwrap().to_string();
         println!("File path {config_file_path}");
         let repository = Box::new(LocalFileConfigRepository::new(config_file_path));
-        let config_file_str = repository.load().await.unwrap();
         let mut config = Config::new(repository)
             .await
             .expect("Failed to load config");
 
         println!("Config {:?}", config);
 
+        let mut dhcp_config = DhcpConfig::new(&mut config.opnsense);
+        dhcp_config.add_static_mapping("00:00:00:00:00:00", Ipv4Addr::new(192,168,20,100), "hostname").expect("Should add static mapping");
+
         let serialized = config.opnsense.to_xml();
 
         fs::write("/tmp/serialized.xml", &serialized).unwrap();
 
-        assert_eq!(config_file_str, serialized);
-        todo!();
+        let mut test_file_path = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
+        test_file_path.push("src/tests/data/config-structure-with-dhcp-staticmap-entry.xml");
+
+        let config_file_path = test_file_path.to_str().unwrap().to_string();
+        println!("File path {config_file_path}");
+        let repository = Box::new(LocalFileConfigRepository::new(config_file_path));
+        let expected_config_file_str = repository.load().await.unwrap();
+        assert_eq!(expected_config_file_str, serialized);
     }
 }
diff --git a/harmony-rs/opnsense-config/src/modules/dhcp.rs b/harmony-rs/opnsense-config/src/modules/dhcp.rs
index 4b50d18..983c1d5 100644
--- a/harmony-rs/opnsense-config/src/modules/dhcp.rs
+++ b/harmony-rs/opnsense-config/src/modules/dhcp.rs
@@ -51,7 +51,16 @@ impl<'a> DhcpConfig<'a> {
     ) -> Result<(), DhcpError> {
         let mac = mac.to_string();
         let hostname = hostname.to_string();
-        let range = &self.opnsense.dhcpd.lan.range;
+        let lan_dhcpd = &mut self
+            .opnsense
+            .dhcpd
+            .elements
+            .iter_mut()
+            .find(|(name, _config)| return name == "lan")
+            .expect("Interface lan should have dhcpd activated")
+            .1;
+
+        let range = &lan_dhcpd.range;
 
         if !Self::is_valid_mac(&mac) {
             return Err(DhcpError::InvalidMacAddress(mac));
@@ -61,7 +70,7 @@ impl<'a> DhcpConfig<'a> {
             return Err(DhcpError::IpAddressOutOfRange(ipaddr.to_string()));
         }
 
-        let existing_mappings = &self.opnsense.dhcpd.lan.staticmaps;
+        let existing_mappings: &mut Vec<StaticMap> = &mut lan_dhcpd.staticmaps;
 
         if existing_mappings.iter().any(|m| {
             m.ipaddr
@@ -86,14 +95,10 @@ impl<'a> DhcpConfig<'a> {
             ntpserver: Default::default(),
         };
 
-        self.opnsense.dhcpd.lan.staticmaps.push(static_map);
+        existing_mappings.push(static_map);
         Ok(())
     }
 
-    pub fn get_static_mappings(&self) -> &[StaticMap] {
-        &self.opnsense.dhcpd.lan.staticmaps
-    }
-
     fn is_valid_mac(mac: &str) -> bool {
         let parts: Vec<&str> = mac.split(':').collect();
         if parts.len() != 6 {
@@ -158,5 +163,4 @@ mod test {
         let ip = "192.168.1.201".parse::<Ipv4Addr>().unwrap();
         assert_eq!(DhcpConfig::is_ip_in_range(&ip, &range), false);
     }
-
 }
diff --git a/harmony-rs/opnsense-config/src/tests/data/config-full-1.xml b/harmony-rs/opnsense-config/src/tests/data/config-full-1.xml
index fd2853d..33eff7a 100644
--- a/harmony-rs/opnsense-config/src/tests/data/config-full-1.xml
+++ b/harmony-rs/opnsense-config/src/tests/data/config-full-1.xml
@@ -320,9 +320,9 @@
       <enable>1</enable>
       <lock>1</lock>
       <spoofmac/>
+      <ipaddr>pppoe</ipaddr>
       <blockpriv>1</blockpriv>
       <blockbogons>1</blockbogons>
-      <ipaddr>pppoe</ipaddr>
     </wan>
     <lan>
       <if>em1</if>
@@ -337,15 +337,15 @@
     </lan>
     <lo0>
       <internal_dynamic>1</internal_dynamic>
+      <if>lo0</if>
       <descr>Loopback</descr>
       <enable>1</enable>
-      <if>lo0</if>
       <ipaddr>127.0.0.1</ipaddr>
-      <ipaddrv6>::1</ipaddrv6>
-      <subnet>8</subnet>
-      <subnetv6>128</subnetv6>
       <type>none</type>
       <virtual>1</virtual>
+      <subnet>8</subnet>
+      <ipaddrv6>::1</ipaddrv6>
+      <subnetv6>128</subnetv6>
     </lo0>
     <opt1>
       <if>em5</if>
@@ -358,18 +358,18 @@
     </opt1>
     <wireguard>
       <internal_dynamic>1</internal_dynamic>
-      <descr>WireGuard (Group)</descr>
       <if>wireguard</if>
-      <virtual>1</virtual>
+      <descr>WireGuard (Group)</descr>
       <enable>1</enable>
       <type>group</type>
+      <virtual>1</virtual>
       <networks/>
     </wireguard>
     <openvpn>
       <internal_dynamic>1</internal_dynamic>
-      <enable>1</enable>
       <if>openvpn</if>
       <descr>OpenVPN</descr>
+      <enable>1</enable>
       <type>group</type>
       <virtual>1</virtual>
       <networks/>
diff --git a/harmony-rs/opnsense-config/src/tests/data/config-structure-with-dhcp-staticmap-entry.xml b/harmony-rs/opnsense-config/src/tests/data/config-structure-with-dhcp-staticmap-entry.xml
new file mode 100644
index 0000000..51d1a09
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/tests/data/config-structure-with-dhcp-staticmap-entry.xml
@@ -0,0 +1,1431 @@
+<?xml version="1.0"?>
+<opnsense>
+  <theme>opnsense</theme>
+  <sysctl>
+    <item>
+      <descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
+      <tunable>vfs.read_max</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set the ephemeral port range to be lower.</descr>
+      <tunable>net.inet.ip.portrange.first</tunable>
+      <value>default</value>
+    </item>
+  </sysctl>
+  <system>
+    <use_mfs_tmp/>
+    <use_mfs_var/>
+    <serialspeed>115200</serialspeed>
+    <primaryconsole>serial</primaryconsole>
+    <secondaryconsole>video</secondaryconsole>
+    <optimization>normal</optimization>
+    <hostname>OPN1</hostname>
+    <domain>somedomain.yourlocal.mcd</domain>
+    <group>
+      <name>admins</name>
+      <description>System Administrators</description>
+      <scope>system</scope>
+      <gid>1999</gid>
+      <member>0</member>
+      <member>2000</member>
+      <priv>page-all</priv>
+    </group>
+    <user>
+      <name>root</name>
+      <descr>System Administrator</descr>
+      <scope>system</scope>
+      <groupname>admins</groupname>
+      <password>$2y$10$5555555555o8dj21980j1doiOIJDIOASJOID!jidjeue19812y</password>
+      <uid>0</uid>
+      <expires/>
+      <authorizedkeys/>
+      <ipsecpsk/>
+      <otp_seed/>
+    </user>
+    <user>
+      <password>$2y$11$55555555556D8198uOASIDJaiojdjd1oijdijosaoijdaoidOIASJDoijdoiadOASdoiK</password>
+      <scope>user</scope>
+      <name>someuser</name>
+      <descr/>
+      <expires/>
+      <authorizedkeys/>
+      <ipsecpsk/>
+      <otp_seed/>
+      <shell>/bin/sh</shell>
+      <uid>2000</uid>
+    </user>
+    <nextuid>2001</nextuid>
+    <nextgid>2000</nextgid>
+    <timezone>Etc/UTC</timezone>
+    <timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
+    <webgui>
+      <protocol>https</protocol>
+      <ssl-certref>6155aba4c9375</ssl-certref>
+      <port/>
+      <ssl-ciphers/>
+      <interfaces/>
+      <compression/>
+    </webgui>
+    <usevirtualterminal>1</usevirtualterminal>
+    <disableconsolemenu>1</disableconsolemenu>
+    <disablevlanhwfilter>1</disablevlanhwfilter>
+    <disablechecksumoffloading>1</disablechecksumoffloading>
+    <disablesegmentationoffloading>1</disablesegmentationoffloading>
+    <disablelargereceiveoffloading>1</disablelargereceiveoffloading>
+    <ipv6allow>1</ipv6allow>
+    <powerd_ac_mode>hadp</powerd_ac_mode>
+    <powerd_battery_mode>hadp</powerd_battery_mode>
+    <powerd_normal_mode>hadp</powerd_normal_mode>
+    <bogons>
+      <interval>monthly</interval>
+    </bogons>
+    <crypto_hardware>aesni</crypto_hardware>
+    <pf_share_forward>1</pf_share_forward>
+    <lb_use_sticky>1</lb_use_sticky>
+    <kill_states>1</kill_states>
+    <ssh>
+      <group>admins</group>
+      <noauto>1</noauto>
+      <interfaces/>
+      <kex/>
+      <ciphers/>
+      <macs/>
+      <keys/>
+      <enabled>enabled</enabled>
+      <passwordauth>1</passwordauth>
+      <keysig/>
+      <permitrootlogin>1</permitrootlogin>
+    </ssh>
+    <firmware version="1.0.1">
+      <mirror/>
+      <flavour/>
+      <plugins>os-ddclient,os-dyndns,os-haproxy,os-wireguard</plugins>
+      <type/>
+      <subscription/>
+    </firmware>
+    <sudo_allow_wheel>1</sudo_allow_wheel>
+    <sudo_allow_group>admins</sudo_allow_group>
+    <enablenatreflectionhelper>yes</enablenatreflectionhelper>
+    <rulesetoptimization>basic</rulesetoptimization>
+    <maximumstates/>
+    <maximumfrags/>
+    <aliasesresolveinterval/>
+    <maximumtableentries/>
+    <language>en_US</language>
+    <dnsserver/>
+    <dns1gw>none</dns1gw>
+    <dns2gw>none</dns2gw>
+    <dns3gw>none</dns3gw>
+    <dns4gw>none</dns4gw>
+    <dns5gw>none</dns5gw>
+    <dns6gw>none</dns6gw>
+    <dns7gw>none</dns7gw>
+    <dns8gw>none</dns8gw>
+    <dnsallowoverride>1</dnsallowoverride>
+    <dnsallowoverride_exclude/>
+  </system>
+  <interfaces>
+    <wan>
+      <if>pppoe0</if>
+      <descr>WAN</descr>
+      <enable>1</enable>
+      <lock>1</lock>
+      <spoofmac/>
+      <ipaddr>pppoe</ipaddr>
+      <blockpriv>1</blockpriv>
+      <blockbogons>1</blockbogons>
+    </wan>
+    <lan>
+      <if>em1</if>
+      <descr>LAN</descr>
+      <enable>1</enable>
+      <spoofmac/>
+      <ipaddr>192.168.20.1</ipaddr>
+      <subnet>24</subnet>
+      <ipaddrv6>track6</ipaddrv6>
+      <track6-interface/>
+      <track6-prefix-id>0</track6-prefix-id>
+    </lan>
+    <lo0>
+      <internal_dynamic>1</internal_dynamic>
+      <if>lo0</if>
+      <descr>Loopback</descr>
+      <enable>1</enable>
+      <ipaddr>127.0.0.1</ipaddr>
+      <type>none</type>
+      <virtual>1</virtual>
+      <subnet>8</subnet>
+      <ipaddrv6>::1</ipaddrv6>
+      <subnetv6>128</subnetv6>
+    </lo0>
+    <opt1>
+      <if>em5</if>
+      <descr>backup_sync</descr>
+      <enable>1</enable>
+      <lock>1</lock>
+      <spoofmac/>
+      <ipaddr>10.10.5.1</ipaddr>
+      <subnet>24</subnet>
+    </opt1>
+    <wireguard>
+      <internal_dynamic>1</internal_dynamic>
+      <if>wireguard</if>
+      <descr>WireGuard (Group)</descr>
+      <enable>1</enable>
+      <type>group</type>
+      <virtual>1</virtual>
+      <networks/>
+    </wireguard>
+    <openvpn>
+      <internal_dynamic>1</internal_dynamic>
+      <if>openvpn</if>
+      <descr>OpenVPN</descr>
+      <enable>1</enable>
+      <type>group</type>
+      <virtual>1</virtual>
+      <networks/>
+    </openvpn>
+  </interfaces>
+  <dhcpd>
+    <lan>
+      <enable>1</enable>
+      <gateway>192.168.20.1</gateway>
+      <domain>somedomain.yourlocal.mcd</domain>
+      <ddnsdomainalgorithm>hmac-md5</ddnsdomainalgorithm>
+      <numberoptions>
+        <item/>
+      </numberoptions>
+      <range>
+        <from>192.168.20.50</from>
+        <to>192.168.20.200</to>
+      </range>
+      <winsserver/>
+      <dnsserver>192.168.20.1</dnsserver>
+      <ntpserver/>
+      <staticmap>
+        <mac>55:55:55:55:55:1c</mac>
+        <ipaddr>192.168.20.160</ipaddr>
+        <hostname>somehost983</hostname>
+        <descr>someservire8</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>55:55:55:55:55:1c</mac>
+        <ipaddr>192.168.20.155</ipaddr>
+        <hostname>somehost893</hostname>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>55:55:55:55:55:1c</mac>
+        <ipaddr>192.168.20.50</ipaddr>
+        <hostname>hostswitch2</hostname>
+        <descr>switch-2 (bottom)</descr>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <staticmap>
+        <mac>00:00:00:00:00:00</mac>
+        <ipaddr>192.168.20.100</ipaddr>
+        <hostname>hostname</hostname>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+      <pool/>
+    </lan>
+  </dhcpd>
+  <snmpd>
+    <syslocation/>
+    <syscontact/>
+    <rocommunity>public</rocommunity>
+  </snmpd>
+  <syslog>
+    <reverse/>
+    <preservelogs>3</preservelogs>
+  </syslog>
+  <nat>
+    <outbound>
+      <mode>automatic</mode>
+    </outbound>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr/>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_618812d37b8193.31302503</associated-rule-id>
+      <target>host_3</target>
+      <local-port>22</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>55555</port>
+      </destination>
+      <updated>
+        <username>root@192.168.1.118</username>
+        <time>1636307667.506</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.1.118</username>
+        <time>1636307667.506</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <protocol>tcp</protocol>
+      <interface>wan</interface>
+      <category/>
+      <ipprotocol>inet</ipprotocol>
+      <descr/>
+      <tag/>
+      <tagged/>
+      <poolopts/>
+      <associated-rule-id>nat_651ffc35e573d9.09092618</associated-rule-id>
+      <target>192.168.20.140</target>
+      <local-port>22</local-port>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>30140</port>
+      </destination>
+      <updated>
+        <username>root@172.12.0.11</username>
+        <time>1696594997.9399</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@172.12.0.11</username>
+        <time>1696594997.9399</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+  </nat>
+  <filter>
+    <rule uuid="36bf9a49-7705-40d4-9ea8-815a215ce007">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>allow public connections to vpn</descr>
+      <direction>in</direction>
+      <category>wireguard</category>
+      <quick>1</quick>
+      <protocol>udp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>51820</port>
+      </destination>
+      <updated>
+        <username>root@192.168.1.118</username>
+        <time>1636306863.2747</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.1.118</username>
+        <time>1636305029.8036</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule>
+      <associated-rule-id>nat_670979b3279551.73601303</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>port forwarding for virtual ip for someservice2 servers</descr>
+      <category/>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <address>192.168.20.1</address>
+        <port>55555</port>
+      </destination>
+      <created>
+        <username>root@172.12.0.12</username>
+        <time>1728674227.1622</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+      <disabled>1</disabled>
+    </rule>
+  </filter>
+  <load_balancer>
+    <monitor_type>
+      <name>ICMP</name>
+      <type>icmp</type>
+      <descr>ICMP</descr>
+      <options/>
+    </monitor_type>
+    <monitor_type>
+      <name>TCP</name>
+      <type>tcp</type>
+      <descr>Generic TCP</descr>
+      <options/>
+    </monitor_type>
+    <monitor_type>
+      <name>HTTP</name>
+      <type>http</type>
+      <descr>Generic HTTP</descr>
+      <options>
+        <path>/</path>
+        <host/>
+        <code>200</code>
+      </options>
+    </monitor_type>
+  </load_balancer>
+  <ntpd>
+    <prefer>0.opnsense.pool.ntp.org</prefer>
+  </ntpd>
+  <widgets>
+    <sequence>system_information-container:00000000-col3:show,traffic_graphs-container:00000001-col3:show,thermal_sensors-container:00000002-col3:show,log-container:00000003-col3:show,services_status-container:00000004-col4:show,gateways-container:00000005-col4:show,interface_list-container:00000006-col4:show,carp_status-container:00000007-col4:show,wireguard-container:00000008-col4:show,dyn_dns_status-container:00000009-col4:show,system_log-container:00000010-col4:show</sequence>
+    <column_count>2</column_count>
+  </widgets>
+  <revision>
+    <username>root@172.12.0.12</username>
+    <time>1728676391.9878</time>
+    <description>/firewall_nat.php made changes</description>
+  </revision>
+  <OPNsense>
+    <captiveportal version="1.0.1">
+      <zones/>
+      <templates/>
+    </captiveportal>
+    <cron version="1.0.4">
+      <jobs/>
+    </cron>
+    <Netflow version="1.0.1">
+      <capture>
+        <interfaces/>
+        <egress_only/>
+        <version>v9</version>
+        <targets/>
+      </capture>
+      <collect>
+        <enable>0</enable>
+      </collect>
+      <activeTimeout>1800</activeTimeout>
+      <inactiveTimeout>15</inactiveTimeout>
+    </Netflow>
+    <Firewall>
+      <Lvtemplate version="0.0.1">
+        <templates/>
+      </Lvtemplate>
+      <Category version="1.0.0">
+        <categories>
+          <category uuid="1d91d52b-7588-40c5-8c2c-05acdfcf8c1e">
+            <name>wireguard</name>
+            <auto>1</auto>
+            <color/>
+          </category>
+        </categories>
+      </Category>
+      <Alias version="1.0.1">
+        <geoip>
+          <url/>
+        </geoip>
+        <aliases>
+          <alias uuid="298089ad-f84a-4dda-9c10-6653a7464294">
+            <enabled>1</enabled>
+            <name>x3690_3</name>
+            <type>host</type>
+            <proto/>
+            <interface/>
+            <counters>0</counters>
+            <updatefreq/>
+            <content>192.168.1.136</content>
+            <categories/>
+            <description/>
+          </alias>
+          <alias uuid="e80d6d23-a0b0-4432-aff5-b5be0557eb01">
+            <enabled>1</enabled>
+            <name>someservice2_vip</name>
+            <type>host</type>
+            <proto/>
+            <interface/>
+            <counters>0</counters>
+            <updatefreq/>
+            <content>192.168.20.225</content>
+            <categories/>
+            <description>alias for someservice2 vip</description>
+          </alias>
+        </aliases>
+      </Alias>
+    </Firewall>
+    <IDS version="1.0.9">
+      <rules/>
+      <policies/>
+      <userDefinedRules/>
+      <files/>
+      <fileTags/>
+      <general>
+        <enabled>0</enabled>
+        <ips>0</ips>
+        <promisc>0</promisc>
+        <interfaces>wan</interfaces>
+        <homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
+        <defaultPacketSize/>
+        <UpdateCron/>
+        <AlertLogrotate>W0D23</AlertLogrotate>
+        <AlertSaveLogs>4</AlertSaveLogs>
+        <MPMAlgo>ac</MPMAlgo>
+        <detect>
+          <Profile>medium</Profile>
+          <toclient_groups/>
+          <toserver_groups/>
+        </detect>
+        <syslog>0</syslog>
+        <syslog_eve>0</syslog_eve>
+        <LogPayload>0</LogPayload>
+        <verbosity/>
+      </general>
+    </IDS>
+    <IPsec version="1.0.1">
+      <general>
+        <enabled/>
+      </general>
+      <keyPairs/>
+      <preSharedKeys/>
+    </IPsec>
+    <Interfaces>
+      <vxlans version="1.0.1"/>
+      <loopbacks version="1.0.0"/>
+    </Interfaces>
+    <monit version="1.0.12">
+      <general>
+        <enabled>0</enabled>
+        <interval>120</interval>
+        <startdelay>120</startdelay>
+        <mailserver>127.0.0.1</mailserver>
+        <port>25</port>
+        <username/>
+        <password/>
+        <ssl>0</ssl>
+        <sslversion>auto</sslversion>
+        <sslverify>1</sslverify>
+        <logfile>syslog facility log_daemon</logfile>
+        <statefile/>
+        <eventqueuePath/>
+        <eventqueueSlots/>
+        <httpdEnabled>0</httpdEnabled>
+        <httpdUsername>root</httpdUsername>
+        <httpdPassword>oiujds9889DSIJSDIJSDIjdj</httpdPassword>
+        <httpdPort>2812</httpdPort>
+        <httpdAllow/>
+        <mmonitUrl/>
+        <mmonitTimeout>5</mmonitTimeout>
+        <mmonitRegisterCredentials>1</mmonitRegisterCredentials>
+      </general>
+      <alert uuid="d307f1df-e759-4262-a4cd-7b9673f0ad36">
+        <enabled>0</enabled>
+        <recipient>root@localhost.local</recipient>
+        <noton>0</noton>
+        <events/>
+        <format/>
+        <reminder>10</reminder>
+        <description/>
+      </alert>
+      <service uuid="9f01617b-08c1-487d-9c8a-fa1340add37e">
+        <enabled>1</enabled>
+        <name>$HOST</name>
+        <description/>
+        <type>system</type>
+        <pidfile/>
+        <match/>
+        <path/>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>da6083fd-852c-44af-9ae7-8c9de443bbc9,4f18b847-c2ab-4707-9686-bf656e187ab8,62ea6632-3554-43be-bb0b-ceceab685338,f543f50a-4e52-4afd-85ce-95fe6d61dc54</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <test uuid="93365006-3a70-4d80-bab8-72fb9214a51b">
+        <name>Ping</name>
+        <type>NetworkPing</type>
+        <condition>failed ping</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="48a4ae66-c879-40fe-a554-0f354ee67770">
+        <name>NetworkLink</name>
+        <type>NetworkInterface</type>
+        <condition>failed link</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+    </monit>
+    <OpenVPNExport version="0.0.1">
+      <servers/>
+    </OpenVPNExport>
+    <proxy version="1.0.6">
+      <general>
+        <enabled>0</enabled>
+        <error_pages>opnsense</error_pages>
+        <icpPort/>
+        <logging>
+          <enable>
+            <accessLog>1</accessLog>
+            <storeLog>1</storeLog>
+          </enable>
+          <ignoreLogACL/>
+          <target/>
+        </logging>
+        <alternateDNSservers/>
+        <dnsV4First>0</dnsV4First>
+        <forwardedForHandling>on</forwardedForHandling>
+        <uriWhitespaceHandling>strip</uriWhitespaceHandling>
+        <enablePinger>1</enablePinger>
+        <useViaHeader>1</useViaHeader>
+        <suppressVersion>0</suppressVersion>
+        <connecttimeout/>
+        <VisibleEmail>admin@localhost.local</VisibleEmail>
+        <VisibleHostname/>
+        <cache>
+          <local>
+            <enabled>0</enabled>
+            <directory>/var/squid/cache</directory>
+            <cache_mem>256</cache_mem>
+            <maximum_object_size/>
+            <maximum_object_size_in_memory/>
+            <memory_cache_mode>always</memory_cache_mode>
+            <size>100</size>
+            <l1>16</l1>
+            <l2>256</l2>
+            <cache_linux_packages>0</cache_linux_packages>
+            <cache_windows_updates>0</cache_windows_updates>
+          </local>
+        </cache>
+        <traffic>
+          <enabled>0</enabled>
+          <maxDownloadSize>2048</maxDownloadSize>
+          <maxUploadSize>1024</maxUploadSize>
+          <OverallBandwidthTrotteling>1024</OverallBandwidthTrotteling>
+          <perHostTrotteling>256</perHostTrotteling>
+        </traffic>
+        <parentproxy>
+          <enabled>0</enabled>
+          <host/>
+          <enableauth>0</enableauth>
+          <user>username</user>
+          <password>password</password>
+          <port/>
+          <localdomains/>
+          <localips/>
+        </parentproxy>
+      </general>
+      <forward>
+        <interfaces>lan</interfaces>
+        <port>3128</port>
+        <sslbumpport>3129</sslbumpport>
+        <sslbump>0</sslbump>
+        <sslurlonly>0</sslurlonly>
+        <sslcertificate/>
+        <sslnobumpsites/>
+        <ssl_crtd_storage_max_size>4</ssl_crtd_storage_max_size>
+        <sslcrtd_children>5</sslcrtd_children>
+        <snmp_enable>0</snmp_enable>
+        <snmp_port>3401</snmp_port>
+        <snmp_password>public</snmp_password>
+        <ftpInterfaces/>
+        <ftpPort>2121</ftpPort>
+        <ftpTransparentMode>0</ftpTransparentMode>
+        <addACLforInterfaceSubnets>1</addACLforInterfaceSubnets>
+        <transparentMode>0</transparentMode>
+        <acl>
+          <allowedSubnets/>
+          <unrestricted/>
+          <bannedHosts/>
+          <whiteList/>
+          <blackList/>
+          <browser/>
+          <mimeType/>
+          <googleapps/>
+          <youtube/>
+          <safePorts>80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http</safePorts>
+          <sslPorts>443:https</sslPorts>
+          <remoteACLs>
+            <blacklists/>
+            <UpdateCron/>
+          </remoteACLs>
+        </acl>
+        <icap>
+          <enable>0</enable>
+          <RequestURL>icap://[::1]:1344/avscan</RequestURL>
+          <ResponseURL>icap://[::1]:1344/avscan</ResponseURL>
+          <SendClientIP>1</SendClientIP>
+          <SendUsername>0</SendUsername>
+          <EncodeUsername>0</EncodeUsername>
+          <UsernameHeader>X-Username</UsernameHeader>
+          <EnablePreview>1</EnablePreview>
+          <PreviewSize>1024</PreviewSize>
+          <OptionsTTL>60</OptionsTTL>
+          <exclude/>
+        </icap>
+        <authentication>
+          <method/>
+          <authEnforceGroup/>
+          <realm>OPNsense proxy authentication</realm>
+          <credentialsttl>2</credentialsttl>
+          <children>5</children>
+        </authentication>
+      </forward>
+      <pac/>
+      <error_pages>
+        <template/>
+      </error_pages>
+    </proxy>
+    <Syslog version="1.0.1">
+      <general>
+        <enabled>1</enabled>
+      </general>
+      <destinations/>
+    </Syslog>
+    <TrafficShaper version="1.0.3">
+      <pipes/>
+      <queues/>
+      <rules/>
+    </TrafficShaper>
+    <unboundplus version="1.0.8">
+      <general>
+        <enabled>1</enabled>
+        <port>53</port>
+        <stats/>
+        <active_interface/>
+        <dnssec/>
+        <dns64/>
+        <dns64prefix/>
+        <noarecords/>
+        <regdhcp>1</regdhcp>
+        <regdhcpdomain/>
+        <regdhcpstatic>1</regdhcpstatic>
+        <noreglladdr6/>
+        <noregrecords/>
+        <txtsupport/>
+        <cacheflush/>
+        <local_zone_type>transparent</local_zone_type>
+        <outgoing_interface/>
+        <enable_wpad/>
+      </general>
+      <advanced>
+        <hideidentity>0</hideidentity>
+        <hideversion>0</hideversion>
+        <prefetch>0</prefetch>
+        <prefetchkey>0</prefetchkey>
+        <dnssecstripped>0</dnssecstripped>
+        <serveexpired>0</serveexpired>
+        <serveexpiredreplyttl/>
+        <serveexpiredttl/>
+        <serveexpiredttlreset>0</serveexpiredttlreset>
+        <serveexpiredclienttimeout/>
+        <qnameminstrict>0</qnameminstrict>
+        <extendedstatistics>0</extendedstatistics>
+        <logqueries>0</logqueries>
+        <logreplies>0</logreplies>
+        <logtagqueryreply>0</logtagqueryreply>
+        <logservfail/>
+        <loglocalactions/>
+        <logverbosity>1</logverbosity>
+        <valloglevel>0</valloglevel>
+        <privatedomain/>
+        <privateaddress>0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10</privateaddress>
+        <insecuredomain/>
+        <msgcachesize/>
+        <rrsetcachesize/>
+        <outgoingnumtcp/>
+        <incomingnumtcp/>
+        <numqueriesperthread/>
+        <outgoingrange/>
+        <jostletimeout/>
+        <cachemaxttl/>
+        <cachemaxnegativettl/>
+        <cacheminttl/>
+        <infrahostttl/>
+        <infrakeepprobing/>
+        <infracachenumhosts/>
+        <unwantedreplythreshold/>
+      </advanced>
+      <acls>
+        <default_action>allow</default_action>
+      </acls>
+      <dnsbl>
+        <enabled>0</enabled>
+        <safesearch/>
+        <type/>
+        <lists/>
+        <whitelists/>
+        <blocklists/>
+        <wildcards/>
+        <address/>
+        <nxdomain>0</nxdomain>
+      </dnsbl>
+      <forwarding>
+        <enabled>0</enabled>
+      </forwarding>
+      <dots/>
+      <hosts>
+        <host uuid="a681fc39-70fa-4cf1-9331-79f5cbf9048f">
+          <enabled>1</enabled>
+          <hostname>api</hostname>
+          <domain>someapp.yourdomain.local.mcd</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <server>192.168.20.161</server>
+          <description>Some app local</description>
+        </host>
+        <host uuid="dd593e95-02bc-476f-8610-fa1ee454e950">
+          <enabled>1</enabled>
+          <hostname>api-int</hostname>
+          <domain>someapp.yourdomain.local.mcd</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <server>192.168.20.161</server>
+          <description>Some app local</description>
+        </host>
+        <host uuid="e1606f96-dd38-471f-a3d7-ad25e41e810d">
+          <enabled>1</enabled>
+          <hostname>*</hostname>
+          <domain>someapp.yourdomain.local.mcd</domain>
+          <rr>A</rr>
+          <mxprio/>
+          <mx/>
+          <server>192.168.20.161</server>
+          <description>Some app local</description>
+        </host>
+      </hosts>
+      <aliases/>
+      <domains/>
+    </unboundplus>
+    <wireguard>
+      <general version="0.0.1">
+        <enabled>1</enabled>
+      </general>
+      <server version="0.0.4">
+        <servers>
+          <server uuid="3ec7bf83-b3b7-4fba-b4f2-a96dafbfb162">
+            <enabled>1</enabled>
+            <name>publicwg</name>
+            <instance>0</instance>
+            <pubkey>89udsjiuod109jadsSUIDSAUIduhashuiauas/asdkj=</pubkey>
+            <privkey>eH555555555555555+892jdjiodsjiodsoijsdjiodj=</privkey>
+            <port>51820</port>
+            <mtu/>
+            <dns/>
+            <tunneladdress>172.12.0.1/24</tunneladdress>
+            <disableroutes>0</disableroutes>
+            <gateway/>
+            <carp_depend_on/>
+            <peers>03031aec-2e84-462e-9eab-57762dde667a,98e6ca3d-1de9-449b-be80-77022221b509,67c0ace5-e802-4d2b-a536-f8b7a2db6f99,74b60fff-7844-4097-9966-f1c2b1ad29ff,3de82ad5-bc1b-4b91-9598-f906e58ac937,a95e6b5e-24a4-40b5-bb41-b79e784f6f1c,6c9a12c6-c1ca-4c14-866b-975406a30590,c33b308b-7125-4688-9561-989ace8787b5,e43f004a-23bf-4027-8fb0-953fbb40479f</peers>
+          </server>
+        </servers>
+      </server>
+      <client version="0.0.7">
+        <clients>
+          <client uuid="98e6ca3d-1de9-449b-be80-77022221b509">
+            <enabled>1</enabled>
+            <name>some-laptop</name>
+            <pubkey>95555555555555555555555555555FN2aCHemL3RjA8=</pubkey>
+            <psk/>
+            <tunneladdress>172.12.0.8/32</tunneladdress>
+            <serveraddress/>
+            <serverport/>
+            <keepalive/>
+          </client>
+          <client uuid="74b60fff-7844-4097-9966-f1c2b1ad29ff">
+            <enabled>1</enabled>
+            <name>user2</name>
+            <pubkey>pJ555555555555555555xiUxuJof78XXugx1KUrrYg8=</pubkey>
+            <psk/>
+            <tunneladdress>172.12.0.6/32</tunneladdress>
+            <serveraddress/>
+            <serverport/>
+            <keepalive/>
+          </client>
+          <client uuid="67c0ace5-e802-4d2b-a536-f8b7a2db6f99">
+            <enabled>1</enabled>
+            <name>some-phone</name>
+            <pubkey>SLQXdM/555555555555555555MWhR2WSEkaSXh1ZpXU=</pubkey>
+            <psk/>
+            <tunneladdress>172.12.0.9/32</tunneladdress>
+            <serveraddress/>
+            <serverport/>
+            <keepalive/>
+          </client>
+        </clients>
+      </client>
+    </wireguard>
+    <Swanctl version="1.0.0">
+      <Connections/>
+      <locals/>
+      <remotes/>
+      <children/>
+      <Pools/>
+      <VTIs/>
+      <SPDs/>
+    </Swanctl>
+    <DynDNS version="1.5.1">
+      <general>
+        <enabled>1</enabled>
+        <verbose>0</verbose>
+        <allowipv6>0</allowipv6>
+        <daemon_delay>300</daemon_delay>
+        <backend>ddclient</backend>
+      </general>
+      <accounts>
+        <account uuid="5be8a905-3cde-4e34-b16c-e53623146c95">
+          <enabled>1</enabled>
+          <service>someddnsprovider</service>
+          <protocol/>
+          <server/>
+          <username>someusername.com</username>
+          <password>55555555555555555555555555555dsi</password>
+          <resourceId/>
+          <hostnames>yourpublic.host.com</hostnames>
+          <wildcard>0</wildcard>
+          <zone/>
+          <checkip>if</checkip>
+          <checkip_timeout>10</checkip_timeout>
+          <force_ssl>1</force_ssl>
+          <ttl>300</ttl>
+          <interface>wan</interface>
+          <description>yourpublic.host.com</description>
+        </account>
+      </accounts>
+    </DynDNS>
+    <OpenVPN version="1.0.0">
+      <Overwrites/>
+      <Instances/>
+      <StaticKeys/>
+    </OpenVPN>
+    <Gateways version="0.0.1"/>
+    <HAProxy version="4.0.0">
+      <general>
+        <enabled>1</enabled>
+        <gracefulStop>0</gracefulStop>
+        <hardStopAfter>60s</hardStopAfter>
+        <closeSpreadTime/>
+        <seamlessReload>0</seamlessReload>
+        <storeOcsp>0</storeOcsp>
+        <showIntro>1</showIntro>
+        <peers>
+          <enabled>0</enabled>
+          <name1/>
+          <listen1/>
+          <port1>1024</port1>
+          <name2/>
+          <listen2/>
+          <port2>1024</port2>
+        </peers>
+        <tuning>
+          <root>0</root>
+          <maxConnections/>
+          <nbthread>1</nbthread>
+          <sslServerVerify>ignore</sslServerVerify>
+          <maxDHSize>2048</maxDHSize>
+          <bufferSize>16384</bufferSize>
+          <spreadChecks>2</spreadChecks>
+          <bogusProxyEnabled>0</bogusProxyEnabled>
+          <luaMaxMem>0</luaMaxMem>
+          <customOptions/>
+          <ssl_defaultsEnabled>0</ssl_defaultsEnabled>
+          <ssl_bindOptions>prefer-client-ciphers</ssl_bindOptions>
+          <ssl_minVersion>TLSv1.2</ssl_minVersion>
+          <ssl_maxVersion/>
+          <ssl_cipherList>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256</ssl_cipherList>
+          <ssl_cipherSuites>TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256</ssl_cipherSuites>
+        </tuning>
+        <defaults>
+          <maxConnections/>
+          <maxConnectionsServers/>
+          <timeoutClient>30s</timeoutClient>
+          <timeoutConnect>30s</timeoutConnect>
+          <timeoutCheck/>
+          <timeoutServer>30s</timeoutServer>
+          <retries>3</retries>
+          <redispatch>x-1</redispatch>
+          <init_addr>last,libc</init_addr>
+          <customOptions/>
+        </defaults>
+        <logging>
+          <host>127.0.0.1</host>
+          <facility>local0</facility>
+          <level>info</level>
+          <length/>
+        </logging>
+        <stats>
+          <enabled>0</enabled>
+          <port>8822</port>
+          <remoteEnabled>0</remoteEnabled>
+          <remoteBind/>
+          <authEnabled>0</authEnabled>
+          <users/>
+          <allowedUsers/>
+          <allowedGroups/>
+          <customOptions/>
+          <prometheus_enabled>0</prometheus_enabled>
+          <prometheus_bind>*:8404</prometheus_bind>
+          <prometheus_path>/metrics</prometheus_path>
+        </stats>
+        <cache>
+          <enabled>0</enabled>
+          <totalMaxSize>4</totalMaxSize>
+          <maxAge>60</maxAge>
+          <maxObjectSize/>
+          <processVary>0</processVary>
+          <maxSecondaryEntries>10</maxSecondaryEntries>
+        </cache>
+      </general>
+      <frontends>
+        <frontend uuid="379ce7bf-4df6-4b12-8aee-a32cff084d92">
+          <id>6707fe74642f67.52019899</id>
+          <enabled>1</enabled>
+          <name>some-ingress</name>
+          <description>public service redirecting traffic</description>
+          <bind>192.168.20.55:55555</bind>
+          <bindOptions/>
+          <mode>tcp</mode>
+          <defaultBackend>f0c76bef-8623-4fa8-a992-61f83d504b87</defaultBackend>
+          <ssl_enabled>0</ssl_enabled>
+          <ssl_certificates/>
+          <ssl_default_certificate/>
+          <ssl_customOptions/>
+          <ssl_advancedEnabled>0</ssl_advancedEnabled>
+          <ssl_bindOptions>prefer-client-ciphers</ssl_bindOptions>
+          <ssl_minVersion>TLSv1.2</ssl_minVersion>
+          <ssl_maxVersion/>
+          <ssl_cipherList>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256</ssl_cipherList>
+          <ssl_cipherSuites>TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256</ssl_cipherSuites>
+          <ssl_hstsEnabled>1</ssl_hstsEnabled>
+          <ssl_hstsIncludeSubDomains>0</ssl_hstsIncludeSubDomains>
+          <ssl_hstsPreload>0</ssl_hstsPreload>
+          <ssl_hstsMaxAge>15768000</ssl_hstsMaxAge>
+          <ssl_clientAuthEnabled>0</ssl_clientAuthEnabled>
+          <ssl_clientAuthVerify>required</ssl_clientAuthVerify>
+          <ssl_clientAuthCAs/>
+          <ssl_clientAuthCRLs/>
+          <basicAuthEnabled>0</basicAuthEnabled>
+          <basicAuthUsers/>
+          <basicAuthGroups/>
+          <tuning_maxConnections/>
+          <tuning_timeoutClient/>
+          <tuning_timeoutHttpReq/>
+          <tuning_timeoutHttpKeepAlive/>
+          <linkedCpuAffinityRules/>
+          <tuning_shards/>
+          <logging_dontLogNull>0</logging_dontLogNull>
+          <logging_dontLogNormal>0</logging_dontLogNormal>
+          <logging_logSeparateErrors>0</logging_logSeparateErrors>
+          <logging_detailedLog>0</logging_detailedLog>
+          <logging_socketStats>0</logging_socketStats>
+          <stickiness_pattern/>
+          <stickiness_dataTypes/>
+          <stickiness_expire>30m</stickiness_expire>
+          <stickiness_size>50k</stickiness_size>
+          <stickiness_counter>1</stickiness_counter>
+          <stickiness_counter_key>src</stickiness_counter_key>
+          <stickiness_length/>
+          <stickiness_connRatePeriod>10s</stickiness_connRatePeriod>
+          <stickiness_sessRatePeriod>10s</stickiness_sessRatePeriod>
+          <stickiness_httpReqRatePeriod>10s</stickiness_httpReqRatePeriod>
+          <stickiness_httpErrRatePeriod>10s</stickiness_httpErrRatePeriod>
+          <stickiness_bytesInRatePeriod>1m</stickiness_bytesInRatePeriod>
+          <stickiness_bytesOutRatePeriod>1m</stickiness_bytesOutRatePeriod>
+          <http2Enabled>0</http2Enabled>
+          <http2Enabled_nontls>0</http2Enabled_nontls>
+          <advertised_protocols>h2,http11</advertised_protocols>
+          <forwardFor>0</forwardFor>
+          <prometheus_enabled>0</prometheus_enabled>
+          <prometheus_path>/metrics</prometheus_path>
+          <connectionBehaviour>http-keep-alive</connectionBehaviour>
+          <customOptions/>
+          <linkedActions/>
+          <linkedErrorfiles/>
+        </frontend>
+        <frontend uuid="e5cdd687-92a0-46a1-93c0-7b26431fea92">
+          <id>670979396dea69.72299427</id>
+          <enabled>0</enabled>
+          <name>another-ingress</name>
+          <description>public service redirecting traffic with non descriptive description</description>
+          <bind>192.168.20.1:55555</bind>
+          <bindOptions/>
+          <mode>tcp</mode>
+          <defaultBackend>f0c76bef-8623-4fa8-a992-61f83d504b87</defaultBackend>
+          <ssl_enabled>0</ssl_enabled>
+          <ssl_certificates/>
+          <ssl_default_certificate/>
+          <ssl_customOptions/>
+          <ssl_advancedEnabled>0</ssl_advancedEnabled>
+          <ssl_bindOptions>prefer-client-ciphers</ssl_bindOptions>
+          <ssl_minVersion>TLSv1.2</ssl_minVersion>
+          <ssl_maxVersion/>
+          <ssl_cipherList>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256</ssl_cipherList>
+          <ssl_cipherSuites>TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256</ssl_cipherSuites>
+          <ssl_hstsEnabled>1</ssl_hstsEnabled>
+          <ssl_hstsIncludeSubDomains>0</ssl_hstsIncludeSubDomains>
+          <ssl_hstsPreload>0</ssl_hstsPreload>
+          <ssl_hstsMaxAge>15768000</ssl_hstsMaxAge>
+          <ssl_clientAuthEnabled>0</ssl_clientAuthEnabled>
+          <ssl_clientAuthVerify>required</ssl_clientAuthVerify>
+          <ssl_clientAuthCAs/>
+          <ssl_clientAuthCRLs/>
+          <basicAuthEnabled>0</basicAuthEnabled>
+          <basicAuthUsers/>
+          <basicAuthGroups/>
+          <tuning_maxConnections/>
+          <tuning_timeoutClient/>
+          <tuning_timeoutHttpReq/>
+          <tuning_timeoutHttpKeepAlive/>
+          <linkedCpuAffinityRules/>
+          <tuning_shards/>
+          <logging_dontLogNull>0</logging_dontLogNull>
+          <logging_dontLogNormal>0</logging_dontLogNormal>
+          <logging_logSeparateErrors>0</logging_logSeparateErrors>
+          <logging_detailedLog>0</logging_detailedLog>
+          <logging_socketStats>0</logging_socketStats>
+          <stickiness_pattern/>
+          <stickiness_dataTypes/>
+          <stickiness_expire>30m</stickiness_expire>
+          <stickiness_size>50k</stickiness_size>
+          <stickiness_counter>1</stickiness_counter>
+          <stickiness_counter_key>src</stickiness_counter_key>
+          <stickiness_length/>
+          <stickiness_connRatePeriod>10s</stickiness_connRatePeriod>
+          <stickiness_sessRatePeriod>10s</stickiness_sessRatePeriod>
+          <stickiness_httpReqRatePeriod>10s</stickiness_httpReqRatePeriod>
+          <stickiness_httpErrRatePeriod>10s</stickiness_httpErrRatePeriod>
+          <stickiness_bytesInRatePeriod>1m</stickiness_bytesInRatePeriod>
+          <stickiness_bytesOutRatePeriod>1m</stickiness_bytesOutRatePeriod>
+          <http2Enabled>0</http2Enabled>
+          <http2Enabled_nontls>0</http2Enabled_nontls>
+          <advertised_protocols>h2,http11</advertised_protocols>
+          <forwardFor>0</forwardFor>
+          <prometheus_enabled>0</prometheus_enabled>
+          <prometheus_path>/metrics</prometheus_path>
+          <connectionBehaviour>http-keep-alive</connectionBehaviour>
+          <customOptions/>
+          <linkedActions/>
+          <linkedErrorfiles/>
+        </frontend>
+      </frontends>
+      <backends>
+        <backend uuid="f0c76bef-8623-4fa8-a992-61f83d504b87">
+          <id>6707fa71c3cb99.64451664</id>
+          <enabled>1</enabled>
+          <name>some_servers</name>
+          <description/>
+          <mode>tcp</mode>
+          <algorithm>roundrobin</algorithm>
+          <random_draws>2</random_draws>
+          <proxyProtocol/>
+          <linkedServers>c0364e69-459d-48b2-a1d1-808324fea9cb,187d8b79-4376-45fc-9fd7-476074a7a577</linkedServers>
+          <linkedFcgi/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <source/>
+          <healthCheckEnabled>1</healthCheckEnabled>
+          <healthCheck>5110db0c-afa9-4bad-bbbe-5bbeb52262bb</healthCheck>
+          <healthCheckLogStatus>0</healthCheckLogStatus>
+          <checkInterval/>
+          <checkDownInterval/>
+          <healthCheckFall/>
+          <healthCheckRise/>
+          <linkedMailer/>
+          <http2Enabled>0</http2Enabled>
+          <http2Enabled_nontls>0</http2Enabled_nontls>
+          <ba_advertised_protocols>h2,http11</ba_advertised_protocols>
+          <persistence>sticktable</persistence>
+          <persistence_cookiemode>piggyback</persistence_cookiemode>
+          <persistence_cookiename>SRVCOOKIE</persistence_cookiename>
+          <persistence_stripquotes>1</persistence_stripquotes>
+          <stickiness_pattern>sourceipv4</stickiness_pattern>
+          <stickiness_dataTypes/>
+          <stickiness_expire>30m</stickiness_expire>
+          <stickiness_size>50k</stickiness_size>
+          <stickiness_cookiename/>
+          <stickiness_cookielength/>
+          <stickiness_connRatePeriod>10s</stickiness_connRatePeriod>
+          <stickiness_sessRatePeriod>10s</stickiness_sessRatePeriod>
+          <stickiness_httpReqRatePeriod>10s</stickiness_httpReqRatePeriod>
+          <stickiness_httpErrRatePeriod>10s</stickiness_httpErrRatePeriod>
+          <stickiness_bytesInRatePeriod>1m</stickiness_bytesInRatePeriod>
+          <stickiness_bytesOutRatePeriod>1m</stickiness_bytesOutRatePeriod>
+          <basicAuthEnabled>0</basicAuthEnabled>
+          <basicAuthUsers/>
+          <basicAuthGroups/>
+          <tuning_timeoutConnect/>
+          <tuning_timeoutCheck/>
+          <tuning_timeoutServer/>
+          <tuning_retries/>
+          <customOptions/>
+          <tuning_defaultserver/>
+          <tuning_noport>0</tuning_noport>
+          <tuning_httpreuse>safe</tuning_httpreuse>
+          <tuning_caching>0</tuning_caching>
+          <linkedActions/>
+          <linkedErrorfiles/>
+        </backend>
+      </backends>
+      <servers>
+        <server uuid="c0364e69-459d-48b2-a1d1-808324fea9cb">
+          <id>6707f9a980b271.59222580</id>
+          <enabled>1</enabled>
+          <name>server1</name>
+          <description>server running on host</description>
+          <address>192.168.20.55</address>
+          <port>55555</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol>unspecified</multiplexer_protocol>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>1</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <weight>33</weight>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+        <server uuid="187d8b79-4376-45fc-9fd7-476074a7a577">
+          <id>6707faa46d5f57.14318783</id>
+          <enabled>1</enabled>
+          <name>server2</name>
+          <description>server running something</description>
+          <address>192.168.20.155</address>
+          <port>55555</port>
+          <checkport/>
+          <mode>active</mode>
+          <multiplexer_protocol>unspecified</multiplexer_protocol>
+          <type>static</type>
+          <serviceName/>
+          <number/>
+          <linkedResolver/>
+          <resolverOpts/>
+          <resolvePrefer/>
+          <ssl>0</ssl>
+          <sslSNI/>
+          <sslVerify>1</sslVerify>
+          <sslCA/>
+          <sslCRL/>
+          <sslClientCertificate/>
+          <maxConnections/>
+          <weight>67</weight>
+          <checkInterval/>
+          <checkDownInterval/>
+          <source/>
+          <advanced/>
+          <unix_socket/>
+        </server>
+      </servers>
+      <healthchecks>
+        <healthcheck uuid="5110db0c-afa9-4bad-bbbe-5bbeb52262bb">
+          <name>server-loadbalancer-monitor</name>
+          <description/>
+          <type>tcp</type>
+          <interval>2s</interval>
+          <ssl>nopref</ssl>
+          <sslSNI/>
+          <force_ssl>0</force_ssl>
+          <checkport/>
+          <http_method>options</http_method>
+          <http_uri>/</http_uri>
+          <http_version>http10</http_version>
+          <http_host>localhost</http_host>
+          <http_expressionEnabled>0</http_expressionEnabled>
+          <http_expression/>
+          <http_negate>0</http_negate>
+          <http_value/>
+          <tcp_enabled>0</tcp_enabled>
+          <tcp_sendValue/>
+          <tcp_matchType>string</tcp_matchType>
+          <tcp_negate>0</tcp_negate>
+          <tcp_matchValue/>
+          <agent_port/>
+          <mysql_user/>
+          <mysql_post41>0</mysql_post41>
+          <pgsql_user/>
+          <smtp_domain/>
+          <esmtp_domain/>
+          <agentPort/>
+          <dbUser/>
+          <smtpDomain/>
+        </healthcheck>
+      </healthchecks>
+      <acls/>
+      <actions/>
+      <luas/>
+      <fcgis/>
+      <errorfiles/>
+      <mapfiles/>
+      <groups/>
+      <users/>
+      <cpus/>
+      <resolvers/>
+      <mailers/>
+      <maintenance>
+        <cronjobs>
+          <syncCerts>0</syncCerts>
+          <syncCertsCron/>
+          <updateOcsp>0</updateOcsp>
+          <updateOcspCron/>
+          <reloadService>0</reloadService>
+          <reloadServiceCron/>
+          <restartService>0</restartService>
+          <restartServiceCron/>
+        </cronjobs>
+      </maintenance>
+    </HAProxy>
+  </OPNsense>
+  <staticroutes version="1.0.0">
+    <route/>
+  </staticroutes>
+  <ca/>
+  <gateways>
+    <gateway_item/>
+  </gateways>
+  <cert>
+    <refid>6155aba4c9375</refid>
+    <descr>Web GUI TLS certificate</descr>
+    <crt>LtCg==</crt>
+    <prv>L22o=</prv>
+  </cert>
+  <dhcpdv6/>
+  <virtualip version="1.0.0">
+    <vip uuid="756c3b4a-f61a-4406-8776-383bc429a5b3">
+      <interface>wan</interface>
+      <mode>ipalias</mode>
+      <subnet>192.168.20.155</subnet>
+      <subnet_bits>32</subnet_bits>
+      <gateway>10.11.16.17</gateway>
+      <noexpand>0</noexpand>
+      <nobind>0</nobind>
+      <password/>
+      <vhid/>
+      <advbase>1</advbase>
+      <advskew>0</advskew>
+      <descr>virtual ip for service</descr>
+    </vip>
+  </virtualip>
+  <openvpn>
+    <openvpn-server/>
+    <openvpn-client/>
+  </openvpn>
+  <ppps>
+    <ppp>
+      <ptpid>0</ptpid>
+      <type>pppoe</type>
+      <if>pppoe0</if>
+      <ports>em0</ports>
+      <username>someuser@ppoeserver.com</username>
+      <password>5555555555AyNA==</password>
+    </ppp>
+  </ppps>
+  <dyndnses>
+    <dyndns>
+      <type>someddnsprovider</type>
+      <username/>
+      <password>5555555555ee479874398u1298e98u18</password>
+      <host>yourpublic.host.com</host>
+      <mx/>
+      <interface>wan</interface>
+      <zoneid/>
+      <resourceid/>
+      <ttl/>
+      <updateurl/>
+      <resultmatch/>
+      <requestif>wan</requestif>
+      <descr/>
+      <id>0</id>
+    </dyndns>
+  </dyndnses>
+  <vlans version="1.0.0">
+    <vlan/>
+  </vlans>
+  <bridges>
+    <bridged/>
+  </bridges>
+  <gifs>
+    <gif/>
+  </gifs>
+  <gres>
+    <gre/>
+  </gres>
+  <laggs version="1.0.0"/>
+  <wireless>
+    <clone/>
+  </wireless>
+  <hasync>
+    <synchronizealiases>on</synchronizealiases>
+    <synchronizeauthservers>on</synchronizeauthservers>
+    <synchronizecerts>on</synchronizecerts>
+    <synchronizedhcpd>on</synchronizedhcpd>
+    <synchronizenat>on</synchronizenat>
+    <synchronizerules>on</synchronizerules>
+    <synchronizeschedules>on</synchronizeschedules>
+    <synchronizestaticroutes>on</synchronizestaticroutes>
+    <synchronizeusers>on</synchronizeusers>
+    <synchronizevirtualip>on</synchronizevirtualip>
+    <synchronizewidgets>on</synchronizewidgets>
+    <synchronizedhcrelay>on</synchronizedhcrelay>
+    <synchronizedhcpdv6>on</synchronizedhcpdv6>
+    <synchronizedhcrelay6>on</synchronizedhcrelay6>
+    <synchronizentpd>on</synchronizentpd>
+    <synchronizesyslog>on</synchronizesyslog>
+    <synchronizecron>on</synchronizecron>
+    <synchronizesysctl>on</synchronizesysctl>
+    <synchronizewebgui>on</synchronizewebgui>
+    <synchronizednsforwarder>on</synchronizednsforwarder>
+    <synchronizeshaper>on</synchronizeshaper>
+    <synchronizecaptiveportal>on</synchronizecaptiveportal>
+    <synchronizeipsec>on</synchronizeipsec>
+    <synchronizemonit>on</synchronizemonit>
+    <synchronizessh>on</synchronizessh>
+    <synchronizeopenvpn>on</synchronizeopenvpn>
+    <synchronizeifgroups>on</synchronizeifgroups>
+    <synchronizecategories>on</synchronizecategories>
+    <synchronizelvtemplate>on</synchronizelvtemplate>
+    <synchronizesquid>on</synchronizesquid>
+    <synchronizesuricata>on</synchronizesuricata>
+    <synchronizednsresolver>on</synchronizednsresolver>
+    <pfsyncinterface>opt1</pfsyncinterface>
+    <synchronizetoip>10.10.5.2</synchronizetoip>
+    <username>root</username>
+    <password>555555555</password>
+    <pfsyncenabled>on</pfsyncenabled>
+    <disablepreempt>on</disablepreempt>
+    <disconnectppps>on</disconnectppps>
+  </hasync>
+  <ifgroups version="1.0.0"/>
+</opnsense>
diff --git a/harmony-rs/opnsense-config/src/tests/data/config-structure.xml b/harmony-rs/opnsense-config/src/tests/data/config-structure.xml
index b67feaa..7816a8a 100644
--- a/harmony-rs/opnsense-config/src/tests/data/config-structure.xml
+++ b/harmony-rs/opnsense-config/src/tests/data/config-structure.xml
@@ -132,9 +132,9 @@
       <enable>1</enable>
       <lock>1</lock>
       <spoofmac/>
+      <ipaddr>pppoe</ipaddr>
       <blockpriv>1</blockpriv>
       <blockbogons>1</blockbogons>
-      <ipaddr>pppoe</ipaddr>
     </wan>
     <lan>
       <if>em1</if>
@@ -149,15 +149,15 @@
     </lan>
     <lo0>
       <internal_dynamic>1</internal_dynamic>
+      <if>lo0</if>
       <descr>Loopback</descr>
       <enable>1</enable>
-      <if>lo0</if>
       <ipaddr>127.0.0.1</ipaddr>
-      <ipaddrv6>::1</ipaddrv6>
-      <subnet>8</subnet>
-      <subnetv6>128</subnetv6>
       <type>none</type>
       <virtual>1</virtual>
+      <subnet>8</subnet>
+      <ipaddrv6>::1</ipaddrv6>
+      <subnetv6>128</subnetv6>
     </lo0>
     <opt1>
       <if>em5</if>
@@ -170,18 +170,18 @@
     </opt1>
     <wireguard>
       <internal_dynamic>1</internal_dynamic>
-      <descr>WireGuard (Group)</descr>
       <if>wireguard</if>
-      <virtual>1</virtual>
+      <descr>WireGuard (Group)</descr>
       <enable>1</enable>
       <type>group</type>
+      <virtual>1</virtual>
       <networks/>
     </wireguard>
     <openvpn>
       <internal_dynamic>1</internal_dynamic>
-      <enable>1</enable>
       <if>openvpn</if>
       <descr>OpenVPN</descr>
+      <enable>1</enable>
       <type>group</type>
       <virtual>1</virtual>
       <networks/>
@@ -337,19 +337,19 @@
     </rule>
     <rule>
       <associated-rule-id>nat_670979b3279551.73601303</associated-rule-id>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>port forwarding for virtual ip for someservice2 servers</descr>
+      <category/>
+      <protocol>tcp</protocol>
       <source>
         <any>1</any>
       </source>
-      <interface>wan</interface>
-      <statetype>keep state</statetype>
-      <protocol>tcp</protocol>
-      <ipprotocol>inet</ipprotocol>
       <destination>
         <address>192.168.20.1</address>
         <port>55555</port>
       </destination>
-      <descr>port forwarding for virtual ip for someservice2 servers</descr>
-      <category/>
       <created>
         <username>root@172.12.0.12</username>
         <time>1728674227.1622</time>
@@ -1264,13 +1264,15 @@
           <tcp_matchType>string</tcp_matchType>
           <tcp_negate>0</tcp_negate>
           <tcp_matchValue/>
-          <agentPort/>
+          <agent_port/>
           <mysql_user/>
           <mysql_post41>0</mysql_post41>
           <pgsql_user/>
           <smtp_domain/>
           <esmtp_domain/>
+          <agentPort/>
           <dbUser/>
+          <smtpDomain/>
         </healthcheck>
       </healthchecks>
       <acls/>

From 9a37aa1321a93d6d107a7ce3241ad47907129c06 Mon Sep 17 00:00:00 2001
From: Jean-Gabriel Gill-Couture <jeangabriel.gc@gmail.com>
Date: Thu, 21 Nov 2024 21:49:38 -0500
Subject: [PATCH 16/19] feat(opnsense-config): Public API now a bit simpler,
 added support for latest opnsense version in xml types

---
 .../opnsense-config-xml/src/data/dhcpd.rs     |  19 +-
 .../src/data/interfaces.rs                    |  27 +-
 .../opnsense-config-xml/src/data/opnsense.rs  | 202 ++--
 harmony-rs/opnsense-config/src/config.rs      | 231 ----
 .../opnsense-config/src/config/config.rs      | 114 ++
 harmony-rs/opnsense-config/src/config/mod.rs  |   4 +
 .../opnsense-config/src/config/repository.rs  | 151 +++
 harmony-rs/opnsense-config/src/lib.rs         |  50 +-
 .../src/tests/data/config-vm-test.xml         | 994 ++++++++++++++++++
 .../tests/data/config-vm-test_cheat_descr.xml | 987 +++++++++++++++++
 .../src/tests/data/config-vm-test_linted.xml  | 994 ++++++++++++++++++
 .../src/tests/data/config-vm-test_sorted.xml  | 987 +++++++++++++++++
 12 files changed, 4418 insertions(+), 342 deletions(-)
 delete mode 100644 harmony-rs/opnsense-config/src/config.rs
 create mode 100644 harmony-rs/opnsense-config/src/config/config.rs
 create mode 100644 harmony-rs/opnsense-config/src/config/mod.rs
 create mode 100644 harmony-rs/opnsense-config/src/config/repository.rs
 create mode 100644 harmony-rs/opnsense-config/src/tests/data/config-vm-test.xml
 create mode 100644 harmony-rs/opnsense-config/src/tests/data/config-vm-test_cheat_descr.xml
 create mode 100644 harmony-rs/opnsense-config/src/tests/data/config-vm-test_linted.xml
 create mode 100644 harmony-rs/opnsense-config/src/tests/data/config-vm-test_sorted.xml

diff --git a/harmony-rs/opnsense-config-xml/src/data/dhcpd.rs b/harmony-rs/opnsense-config-xml/src/data/dhcpd.rs
index 9115e43..9c06716 100644
--- a/harmony-rs/opnsense-config-xml/src/data/dhcpd.rs
+++ b/harmony-rs/opnsense-config-xml/src/data/dhcpd.rs
@@ -13,21 +13,21 @@ use super::opnsense::{NumberOption, Range, StaticMap};
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct DhcpInterface {
-    pub enable: i32,
-    pub gateway: String,
-    pub domain: String,
+    pub enable: Option<MaybeString>,
+    pub gateway: Option<MaybeString>,
+    pub domain: Option<MaybeString>,
     #[yaserde(rename = "ddnsdomainalgorithm")]
-    pub ddns_domain_algorithm: String,
+    pub ddns_domain_algorithm: Option<MaybeString>,
     #[yaserde(rename = "numberoptions")]
     pub number_options: Vec<NumberOption>,
     #[yaserde(rename = "range")]
     pub range: Range,
-    pub winsserver: MaybeString,
-    pub dnsserver: MaybeString,
-    pub ntpserver: MaybeString,
+    pub winsserver: Option<MaybeString>,
+    pub dnsserver: Option<MaybeString>,
+    pub ntpserver: Option<MaybeString>,
     #[yaserde(rename = "staticmap")]
     pub staticmaps: Vec<StaticMap>,
-    pub pool: MaybeString,
+    pub pool: Option<MaybeString>,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -40,11 +40,8 @@ pub struct DhcpRange {
 
 #[cfg(test)]
 mod test {
-    use std::net::Ipv4Addr;
-
     use crate::xml_utils::to_xml_str;
 
-    use super::*;
     use pretty_assertions::assert_eq;
 
     #[test]
diff --git a/harmony-rs/opnsense-config-xml/src/data/interfaces.rs b/harmony-rs/opnsense-config-xml/src/data/interfaces.rs
index 9d8104e..e980c73 100644
--- a/harmony-rs/opnsense-config-xml/src/data/interfaces.rs
+++ b/harmony-rs/opnsense-config-xml/src/data/interfaces.rs
@@ -7,12 +7,17 @@ pub struct Interface {
     pub internal_dynamic: Option<MaybeString>,
     #[yaserde(rename = "if")]
     pub physical_interface_name: String,
-    pub descr: String,
+    pub descr: Option<MaybeString>,
     pub enable: MaybeString,
     pub lock: Option<MaybeString>,
     #[yaserde(rename = "spoofmac")]
     pub spoof_mac: Option<MaybeString>,
     pub ipaddr: Option<MaybeString>,
+    pub dhcphostname: Option<MaybeString>,
+    #[yaserde(rename = "alias-address")]
+    pub alias_address: Option<MaybeString>,
+    #[yaserde(rename = "alias-subnet")]
+    pub alias_subnet: Option<MaybeString>,
     #[yaserde(rename = "blockpriv")]
     pub block_priv: Option<MaybeString>,
     #[yaserde(rename = "blockbogons")]
@@ -25,10 +30,28 @@ pub struct Interface {
     pub ipaddrv6: Option<MaybeString>,
     pub networks: Option<MaybeString>,
     pub subnetv6: Option<MaybeString>,
+    pub media: Option<MaybeString>,
+    pub mediaopt: Option<MaybeString>,
     #[yaserde(rename = "track6-interface")]
     pub track6_interface: Option<MaybeString>,
     #[yaserde(rename = "track6-prefix-id")]
     pub track6_prefix_id: Option<MaybeString>,
+    #[yaserde(rename = "dhcprejectfrom")]
+    pub dhcprejectfrom: Option<MaybeString>,
+    pub adv_dhcp_pt_timeout: Option<MaybeString>,
+    pub adv_dhcp_pt_retry: Option<MaybeString>,
+    pub adv_dhcp_pt_select_timeout: Option<MaybeString>,
+    pub adv_dhcp_pt_reboot: Option<MaybeString>,
+    pub adv_dhcp_pt_backoff_cutoff: Option<MaybeString>,
+    pub adv_dhcp_pt_initial_interval: Option<MaybeString>,
+    pub adv_dhcp_pt_values: Option<MaybeString>,
+    pub adv_dhcp_send_options: Option<MaybeString>,
+    pub adv_dhcp_request_options: Option<MaybeString>,
+    pub adv_dhcp_required_options: Option<MaybeString>,
+    pub adv_dhcp_option_modifiers: Option<MaybeString>,
+    pub adv_dhcp_config_advanced: Option<MaybeString>,
+    pub adv_dhcp_config_file_override: Option<MaybeString>,
+    pub adv_dhcp_config_file_override_path: Option<MaybeString>,
 }
 
 #[cfg(test)]
@@ -109,6 +132,8 @@ mod test {
       <descr>LAN</descr>
       <enable>1</enable>
       <spoofmac/>
+      <media/>
+      <mediaopt/>
       <ipaddr>192.168.20.1</ipaddr>
       <subnet>24</subnet>
       <ipaddrv6>track6</ipaddrv6>
diff --git a/harmony-rs/opnsense-config-xml/src/data/opnsense.rs b/harmony-rs/opnsense-config-xml/src/data/opnsense.rs
index 6facf52..48ff582 100644
--- a/harmony-rs/opnsense-config-xml/src/data/opnsense.rs
+++ b/harmony-rs/opnsense-config-xml/src/data/opnsense.rs
@@ -18,7 +18,8 @@ pub struct OPNsense {
     pub syslog: Syslog,
     pub nat: Nat,
     pub filter: Filters,
-    pub load_balancer: LoadBalancer,
+    pub load_balancer: Option<LoadBalancer>,
+    pub rrd: Option<RawXml>,
     pub ntpd: Ntpd,
     pub widgets: Widgets,
     pub revision: Revision,
@@ -26,13 +27,13 @@ pub struct OPNsense {
     pub opnsense: OPNsenseXmlSection,
     pub staticroutes: StaticRoutes,
     pub ca: MaybeString,
-    pub gateways: Gateways,
-    pub cert: Cert,
+    pub gateways: Option<Gateways>,
+    pub cert: Vec<Cert>,
     pub dhcpdv6: DhcpDv6,
     pub virtualip: VirtualIp,
     pub openvpn: OpenVpn,
     pub ppps: Ppps,
-    pub dyndnses: Dyndnses,
+    pub dyndnses: Option<Dyndnses>,
     pub vlans: Vlans,
     pub bridges: Bridges,
     pub gifs: Gifs,
@@ -332,7 +333,7 @@ pub struct Snmpd {
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Syslog {
     pub reverse: Option<MaybeString>,
-    pub preservelogs: i32,
+    pub preservelogs: Option<MaybeString>,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -389,6 +390,16 @@ pub struct Created {
     pub description: MaybeString,
 }
 
+#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
+pub struct Filter {
+    #[yaserde(attribute)]
+    version: String,
+    rules: Option<MaybeString>,
+    snatrules: Option<MaybeString>,
+    npt: Option<MaybeString>,
+    onetoone: Option<MaybeString>,
+}
+
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 #[yaserde(rename = "OPNsense")]
 pub struct OPNsenseXmlSection {
@@ -404,6 +415,8 @@ pub struct OPNsenseXmlSection {
     pub ipsec: Option<IPsec>,
     #[yaserde(rename = "Interfaces")]
     pub interfaces: Option<ConfigInterfaces>,
+    #[yaserde(rename = "Kea")]
+    pub kea: Option<RawXml>,
     pub monit: Option<Monit>,
     #[yaserde(rename = "OpenVPNExport")]
     pub openvpn_export: Option<OpenVPNExport>,
@@ -413,17 +426,19 @@ pub struct OPNsenseXmlSection {
     #[yaserde(rename = "TrafficShaper")]
     pub traffic_shaper: Option<RawXml>,
     pub unboundplus: Option<RawXml>,
+    #[yaserde(rename = "DHCRelay")]
+    pub dhcrelay: Option<RawXml>,
     pub wireguard: Option<Wireguard>,
     #[yaserde(rename = "Swanctl")]
     pub swanctl: Swanctl,
     #[yaserde(rename = "DynDNS")]
-    pub dyndns: DynDNS,
+    pub dyndns: Option<DynDNS>,
     #[yaserde(rename = "OpenVPN")]
     pub openvpn: ConfigOpenVPN,
     #[yaserde(rename = "Gateways")]
-    pub gateways: ConfigGateways,
+    pub gateways: RawXml,
     #[yaserde(rename = "HAProxy")]
-    pub haproxy: HAProxy,
+    pub haproxy: Option<HAProxy>,
 }
 
 #[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
@@ -457,7 +472,7 @@ pub struct IDSGeneral {
     #[yaserde(rename = "AlertSaveLogs")]
     alert_save_logs: u8,
     #[yaserde(rename = "MPMAlgo")]
-    mpm_algo: String,
+    mpm_algo: MaybeString,
     detect: Detect,
     syslog: Option<u8>,
     syslog_eve: Option<u8>,
@@ -469,7 +484,7 @@ pub struct IDSGeneral {
 #[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
 pub struct Detect {
     #[yaserde(rename = "Profile")]
-    profile: String,
+    profile: MaybeString,
     toclient_groups: MaybeString,
     toserver_groups: MaybeString,
 }
@@ -495,6 +510,13 @@ pub struct GeneralIpsec {
 pub struct ConfigInterfaces {
     vxlans: Vxlan,
     loopbacks: Loopback,
+    neighbors: Option<Neighbors>,
+}
+
+#[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
+pub struct Neighbors {
+    #[yaserde(attribute)]
+    version: String,
 }
 
 #[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
@@ -532,7 +554,7 @@ pub struct GeneralMonit {
     ssl: u8,
     sslversion: String,
     sslverify: u8,
-    logfile: String,
+    logfile: MaybeString,
     statefile: MaybeString,
     #[yaserde(rename = "eventqueuePath")]
     event_queue_path: MaybeString,
@@ -543,7 +565,7 @@ pub struct GeneralMonit {
     #[yaserde(rename = "httpdUsername")]
     httpd_username: String,
     #[yaserde(rename = "httpdPassword")]
-    httpd_password: String,
+    httpd_password: MaybeString,
     #[yaserde(rename = "httpdPort")]
     httpd_port: u16,
     #[yaserde(rename = "httpdAllow")]
@@ -565,7 +587,7 @@ pub struct Alert {
     noton: u8,
     events: MaybeString,
     format: MaybeString,
-    reminder: u32,
+    reminder: MaybeString,
     description: MaybeString,
 }
 
@@ -725,6 +747,8 @@ pub struct Firewall {
     pub lv_template: Option<LvTemplate>,
     #[yaserde(rename = "Category")]
     pub category: Option<Category>,
+    #[yaserde(rename = "Filter")]
+    pub filter: Option<Filter>,
     #[yaserde(rename = "Alias")]
     pub alias: Option<Alias>,
 }
@@ -1020,6 +1044,9 @@ pub struct ConfigSyslog {
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct SyslogGeneral {
     pub enabled: i32,
+    pub loglocal: Option<MaybeString>,
+    pub maxpreserve: Option<MaybeString>,
+    pub maxfilesize: Option<MaybeString>,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -1293,11 +1320,6 @@ pub struct ConfigOpenVPN {
     pub StaticKeys: MaybeString,
 }
 
-#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
-pub struct ConfigGateways {
-    #[yaserde(attribute)]
-    pub version: String,
-}
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 #[yaserde(rename = "HAProxy")]
@@ -1835,27 +1857,27 @@ pub struct StaticRoutes {
     #[yaserde(attribute)]
     pub version: String,
     #[yaserde(rename = "route")]
-    pub route: MaybeString, // Assuming it can be empty, use Option
+    pub route: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
-pub struct Ca {} // Empty struct for <ca/>
+pub struct Ca {}
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Gateways {
     #[yaserde(rename = "gateway_item")]
-    pub gateway_item: MaybeString, // Assuming it can be empty, use Option
+    pub gateway_item: RawXml
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Cert {
-    #[yaserde(rename = "refid")]
+    #[yaserde(attribute)]
+    pub uuid: Option<String>,
     pub refid: String,
-    #[yaserde(rename = "descr")]
     pub descr: String,
-    #[yaserde(rename = "crt")]
     pub crt: String,
-    #[yaserde(rename = "prv")]
+    pub caref: Option<MaybeString>,
+    pub csr: Option<MaybeString>,
     pub prv: String,
 }
 
@@ -1873,27 +1895,27 @@ pub struct VirtualIp {
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Vip {
     #[yaserde(attribute)]
-    pub uuid: String,
-    pub interface: String,
-    pub mode: String,
-    pub subnet: String,
-    pub subnet_bits: u32,
-    pub gateway: String,
-    pub noexpand: u32,
-    pub nobind: u32,
-    pub password: MaybeString,
-    pub vhid: MaybeString,
-    pub advbase: u32,
-    pub advskew: u32,
-    pub descr: String,
+    pub uuid: Option<String>,
+    pub interface: Option<MaybeString>,
+    pub mode: Option<MaybeString>,
+    pub subnet: Option<MaybeString>,
+    pub subnet_bits: Option<MaybeString>,
+    pub gateway: Option<MaybeString>,
+    pub noexpand: Option<MaybeString>,
+    pub nobind: Option<MaybeString>,
+    pub password: Option<MaybeString>,
+    pub vhid: Option<MaybeString>,
+    pub advbase: Option<MaybeString>,
+    pub advskew: Option<MaybeString>,
+    pub descr: Option<MaybeString>,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct OpenVpn {
     #[yaserde(rename = "openvpn-server")]
-    pub openvpn_server: MaybeString,
+    pub openvpn_server: Option<MaybeString>,
     #[yaserde(rename = "openvpn-client")]
-    pub openvpn_client: MaybeString,
+    pub openvpn_client: Option<MaybeString>,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -1903,14 +1925,14 @@ pub struct Ppps {
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Ppp {
-    pub ptpid: u32,
+    pub ptpid: Option<MaybeString>,
     #[yaserde(rename = "type")]
-    pub r#type: String,
+    pub r#type: Option<MaybeString>,
     #[yaserde(rename = "if")]
-    pub r#if: String,
-    pub ports: String,
-    pub username: String,
-    pub password: String,
+    pub r#if: Option<MaybeString>,
+    pub ports: Option<MaybeString>,
+    pub username: Option<MaybeString>,
+    pub password: Option<MaybeString>,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -1951,11 +1973,15 @@ pub struct Bridges {
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Gifs {
+    #[yaserde(attribute)]
+    pub version: Option<String>,
     pub gif: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Gres {
+    #[yaserde(attribute)]
+    pub version: Option<String>,
     pub gre: MaybeString,
 }
 
@@ -1963,6 +1989,7 @@ pub struct Gres {
 pub struct Laggs {
     #[yaserde(attribute)]
     pub version: String,
+    pub lagg: Option<MaybeString>,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -1972,45 +1999,50 @@ pub struct Wireless {
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
 pub struct Hasync {
-    pub synchronizealiases: String,
-    pub synchronizeauthservers: String,
-    pub synchronizecerts: String,
-    pub synchronizedhcpd: String,
-    pub synchronizenat: String,
-    pub synchronizerules: String,
-    pub synchronizeschedules: String,
-    pub synchronizestaticroutes: String,
-    pub synchronizeusers: String,
-    pub synchronizevirtualip: String,
-    pub synchronizewidgets: String,
-    pub synchronizedhcrelay: String,
-    pub synchronizedhcpdv6: String,
-    pub synchronizedhcrelay6: String,
-    pub synchronizentpd: String,
-    pub synchronizesyslog: String,
-    pub synchronizecron: String,
-    pub synchronizesysctl: String,
-    pub synchronizewebgui: String,
-    pub synchronizednsforwarder: String,
-    pub synchronizeshaper: String,
-    pub synchronizecaptiveportal: String,
-    pub synchronizeipsec: String,
-    pub synchronizemonit: String,
-    pub synchronizessh: String,
-    pub synchronizeopenvpn: String,
-    pub synchronizeifgroups: String,
-    pub synchronizecategories: String,
-    pub synchronizelvtemplate: String,
-    pub synchronizesquid: String,
-    pub synchronizesuricata: String,
-    pub synchronizednsresolver: String,
-    pub pfsyncinterface: String,
-    pub synchronizetoip: String,
-    pub username: String,
-    pub password: String,
-    pub pfsyncenabled: String,
-    pub disablepreempt: String,
-    pub disconnectppps: String,
+    #[yaserde(attribute)]
+    pub version: Option<String>,
+    pub synchronizealiases: Option<MaybeString>,
+    pub synchronizeauthservers: Option<MaybeString>,
+    pub synchronizecerts: Option<MaybeString>,
+    pub synchronizedhcpd: Option<MaybeString>,
+    pub synchronizenat: Option<MaybeString>,
+    pub synchronizerules: Option<MaybeString>,
+    pub synchronizeschedules: Option<MaybeString>,
+    pub synchronizestaticroutes: Option<MaybeString>,
+    pub synchronizeusers: Option<MaybeString>,
+    pub synchronizevirtualip: Option<MaybeString>,
+    pub synchronizewidgets: Option<MaybeString>,
+    pub synchronizedhcrelay: Option<MaybeString>,
+    pub synchronizedhcpdv6: Option<MaybeString>,
+    pub synchronizedhcrelay6: Option<MaybeString>,
+    pub synchronizentpd: Option<MaybeString>,
+    pub synchronizesyslog: Option<MaybeString>,
+    pub synchronizecron: Option<MaybeString>,
+    pub synchronizesysctl: Option<MaybeString>,
+    pub synchronizewebgui: Option<MaybeString>,
+    pub synchronizednsforwarder: Option<MaybeString>,
+    pub synchronizeshaper: Option<MaybeString>,
+    pub synchronizecaptiveportal: Option<MaybeString>,
+    pub synchronizeipsec: Option<MaybeString>,
+    pub synchronizemonit: Option<MaybeString>,
+    pub synchronizessh: Option<MaybeString>,
+    pub synchronizeopenvpn: Option<MaybeString>,
+    pub synchronizeifgroups: Option<MaybeString>,
+    pub synchronizecategories: Option<MaybeString>,
+    pub synchronizelvtemplate: Option<MaybeString>,
+    pub synchronizesquid: Option<MaybeString>,
+    pub synchronizesuricata: Option<MaybeString>,
+    pub synchronizednsresolver: Option<MaybeString>,
+    pub pfsyncinterface: Option<MaybeString>,
+    pub synchronizetoip: Option<MaybeString>,
+    pub username: Option<MaybeString>,
+    pub password: Option<MaybeString>,
+    pub pfsyncenabled: Option<MaybeString>,
+    pub disablepreempt: Option<MaybeString>,
+    pub disconnectppps: Option<MaybeString>,
+    pub pfsyncpeerip: Option<MaybeString>,
+    pub pfsyncversion: Option<MaybeString>,
+    pub syncitems: Option<MaybeString>,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
diff --git a/harmony-rs/opnsense-config/src/config.rs b/harmony-rs/opnsense-config/src/config.rs
deleted file mode 100644
index 0a40aa3..0000000
--- a/harmony-rs/opnsense-config/src/config.rs
+++ /dev/null
@@ -1,231 +0,0 @@
-use crate::error::Error;
-use async_trait::async_trait;
-use log::{info, trace};
-use opnsense_config_xml::OPNsense;
-use russh::client::{Config as SshConfig, Handler};
-use russh_keys::key;
-use std::{fs, net::Ipv4Addr, sync::Arc};
-
-#[async_trait]
-pub trait ConfigRepository: std::fmt::Debug {
-    async fn load(&self) -> Result<String, Error>;
-    async fn save(&self, content: &str) -> Result<(), Error>;
-}
-
-struct Client {}
-
-#[async_trait]
-impl Handler for Client {
-    type Error = Error;
-
-    async fn check_server_key(
-        &mut self,
-        _server_public_key: &key::PublicKey,
-    ) -> Result<bool, Self::Error> {
-        Ok(true)
-    }
-}
-
-#[derive(Debug)]
-pub struct SshConfigRepository {
-    ssh_config: Arc<SshConfig>,
-    username: String,
-    key: Arc<key::KeyPair>,
-    host: (Ipv4Addr, u16),
-}
-
-impl SshConfigRepository {
-    pub fn new(
-        host: (Ipv4Addr, u16),
-        username: String,
-        key: Arc<key::KeyPair>,
-        ssh_config: Arc<SshConfig>,
-    ) -> Self {
-        Self {
-            ssh_config,
-            username,
-            key,
-            host,
-        }
-    }
-}
-
-#[async_trait]
-impl ConfigRepository for SshConfigRepository {
-    async fn load(&self) -> Result<String, Error> {
-        let mut ssh = russh::client::connect(self.ssh_config.clone(), self.host, Client {}).await?;
-        ssh.authenticate_publickey(&self.username, self.key.clone())
-            .await?;
-
-        let mut channel = ssh.channel_open_session().await?;
-
-        channel.exec(true, "cat /conf/config.xml").await?;
-        let mut output: Vec<u8> = vec![];
-        loop {
-            let Some(msg) = channel.wait().await else {
-                break;
-            };
-
-            info!("got msg {:?}", msg);
-            match msg {
-                russh::ChannelMsg::Data { ref data } => {
-                    output.append(&mut data.to_vec());
-                }
-                russh::ChannelMsg::ExitStatus { .. } => {}
-                russh::ChannelMsg::WindowAdjusted { .. } => {}
-                russh::ChannelMsg::Success { .. } => {}
-                russh::ChannelMsg::Eof { .. } => {}
-                _ => todo!(),
-            }
-        }
-        Ok(String::from_utf8(output).expect("Valid utf-8 bytes"))
-    }
-
-    async fn save(&self, content: &str) -> Result<(), Error> {
-        let mut ssh = russh::client::connect(self.ssh_config.clone(), self.host, Client {}).await?;
-        ssh.authenticate_publickey(&self.username, self.key.clone())
-            .await?;
-
-        let mut channel = ssh.channel_open_session().await?;
-        todo!("Backup, Validate, Reload config file");
-
-        let command = format!(
-            "echo '{}' > /conf/config.xml",
-            content.replace("'", "'\"'\"'")
-        );
-        channel.exec(true, command.as_bytes()).await?;
-
-        loop {
-            let Some(msg) = channel.wait().await else {
-                break;
-            };
-
-            match msg {
-                russh::ChannelMsg::ExitStatus { exit_status } => {
-                    if exit_status != 0 {
-                        return Err(Error::Ssh(russh::Error::Disconnect));
-                    }
-                }
-                _ => {}
-            }
-        }
-
-        Ok(())
-    }
-}
-
-#[derive(Debug)]
-pub struct LocalFileConfigRepository {
-    file_path: String,
-}
-
-impl LocalFileConfigRepository {
-    pub fn new(file_path: String) -> Self {
-        Self { file_path }
-    }
-}
-
-#[async_trait]
-impl ConfigRepository for LocalFileConfigRepository {
-    async fn load(&self) -> Result<String, Error> {
-        Ok(fs::read_to_string(&self.file_path)?)
-    }
-
-    async fn save(&self, content: &str) -> Result<(), Error> {
-        Ok(fs::write(&self.file_path, content)?)
-    }
-}
-
-#[derive(Debug)]
-pub struct Config {
-    opnsense: OPNsense,
-    repository: Box<dyn ConfigRepository + Send + Sync>,
-}
-
-impl Config {
-    pub async fn new(repository: Box<dyn ConfigRepository + Send + Sync>) -> Result<Self, Error> {
-        let xml = repository.load().await?;
-        trace!("xml {}", xml);
-
-        let opnsense = OPNsense::from(xml);
-
-        Ok(Self {
-            opnsense,
-            repository,
-        })
-    }
-
-    pub fn get_opnsense(&self) -> &OPNsense {
-        &self.opnsense
-    }
-
-    pub fn get_opnsense_mut(&mut self) -> &mut OPNsense {
-        &mut self.opnsense
-    }
-
-    pub async fn save(&self) -> Result<(), Error> {
-        self.repository.save(&self.opnsense.to_xml()).await
-    }
-}
-
-#[cfg(test)]
-mod tests {
-    use crate::modules::dhcp::DhcpConfig;
-
-    use super::*;
-    use pretty_assertions::assert_eq;
-    use std::path::PathBuf;
-
-    #[tokio::test]
-    async fn test_load_config_from_local_file() {
-        let mut test_file_path = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
-        test_file_path.push("src/tests/data/config-full-1.xml");
-
-        let config_file_path = test_file_path.to_str().unwrap().to_string();
-        println!("File path {config_file_path}");
-        let repository = Box::new(LocalFileConfigRepository::new(config_file_path));
-        let config_file_str = repository.load().await.unwrap();
-        let config = Config::new(repository)
-            .await
-            .expect("Failed to load config");
-
-        println!("Config {:?}", config);
-
-        let serialized = config.opnsense.to_xml();
-
-        fs::write("/tmp/serialized.xml", &serialized).unwrap();
-
-        assert_eq!(config_file_str, serialized);
-    }
-
-    #[tokio::test]
-    async fn test_add_dhcpd_static_entry() {
-        let mut test_file_path = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
-        test_file_path.push("src/tests/data/config-structure.xml");
-
-        let config_file_path = test_file_path.to_str().unwrap().to_string();
-        println!("File path {config_file_path}");
-        let repository = Box::new(LocalFileConfigRepository::new(config_file_path));
-        let mut config = Config::new(repository)
-            .await
-            .expect("Failed to load config");
-
-        println!("Config {:?}", config);
-
-        let mut dhcp_config = DhcpConfig::new(&mut config.opnsense);
-        dhcp_config.add_static_mapping("00:00:00:00:00:00", Ipv4Addr::new(192,168,20,100), "hostname").expect("Should add static mapping");
-
-        let serialized = config.opnsense.to_xml();
-
-        fs::write("/tmp/serialized.xml", &serialized).unwrap();
-
-        let mut test_file_path = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
-        test_file_path.push("src/tests/data/config-structure-with-dhcp-staticmap-entry.xml");
-
-        let config_file_path = test_file_path.to_str().unwrap().to_string();
-        println!("File path {config_file_path}");
-        let repository = Box::new(LocalFileConfigRepository::new(config_file_path));
-        let expected_config_file_str = repository.load().await.unwrap();
-        assert_eq!(expected_config_file_str, serialized);
-    }
-}
diff --git a/harmony-rs/opnsense-config/src/config/config.rs b/harmony-rs/opnsense-config/src/config/config.rs
new file mode 100644
index 0000000..b842638
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/config/config.rs
@@ -0,0 +1,114 @@
+use crate::{error::Error, modules::dhcp::DhcpConfig};
+use log::trace;
+use opnsense_config_xml::OPNsense;
+
+use super::ConfigRepository;
+
+#[derive(Debug)]
+pub struct Config {
+    opnsense: OPNsense,
+    repository: Box<dyn ConfigRepository + Send + Sync>,
+}
+
+impl Config {
+    pub async fn new(repository: Box<dyn ConfigRepository + Send + Sync>) -> Result<Self, Error> {
+        let xml = repository.load().await?;
+        trace!("xml {}", xml);
+
+        let opnsense = OPNsense::from(xml);
+
+        Ok(Self {
+            opnsense,
+            repository,
+        })
+    }
+
+    pub fn dhcp(&mut self) -> DhcpConfig {
+        DhcpConfig::new(&mut self.opnsense)
+    }
+
+    pub async fn save(&self) -> Result<(), Error> {
+        self.repository.save(&self.opnsense.to_xml()).await
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use crate::config::LocalFileConfigRepository;
+    use crate::modules::dhcp::DhcpConfig;
+    use std::fs;
+    use std::net::Ipv4Addr;
+
+    use super::*;
+    use pretty_assertions::assert_eq;
+    use std::path::PathBuf;
+
+    #[tokio::test]
+    async fn test_load_config_from_local_file() {
+        for path in vec![
+            "src/tests/data/config-vm-test.xml",
+            "src/tests/data/config-full-1.xml",
+            "src/tests/data/config-structure.xml",
+        ] {
+            let mut test_file_path = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
+            test_file_path.push(path);
+
+            let config_file_path = test_file_path.to_str().unwrap().to_string();
+            println!("File path {config_file_path}");
+            let repository = Box::new(LocalFileConfigRepository::new(config_file_path));
+            let config_file_str = repository.load().await.unwrap();
+            let config = Config::new(repository)
+                .await
+                .expect("Failed to load config");
+
+            println!("Config {:?}", config);
+
+            let serialized = config.opnsense.to_xml();
+
+            fs::write("/tmp/serialized.xml", &serialized).unwrap();
+
+            // Since the order of all fields is not always the same in opnsense config files
+            // I think it is good enough to have exactly the same amount of the same lines
+            let config_file_str_sorted = vec![config_file_str.lines().collect::<Vec<_>>()].sort();
+            let serialized_sorted = vec![config_file_str.lines().collect::<Vec<_>>()].sort();
+            assert_eq!(config_file_str_sorted, serialized_sorted);
+        }
+    }
+
+    #[tokio::test]
+    async fn test_add_dhcpd_static_entry() {
+        let mut test_file_path = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
+        test_file_path.push("src/tests/data/config-structure.xml");
+
+        let config_file_path = test_file_path.to_str().unwrap().to_string();
+        println!("File path {config_file_path}");
+        let repository = Box::new(LocalFileConfigRepository::new(config_file_path));
+        let mut config = Config::new(repository)
+            .await
+            .expect("Failed to load config");
+
+        println!("Config {:?}", config);
+
+        let mut dhcp_config = DhcpConfig::new(&mut config.opnsense);
+        dhcp_config
+            .add_static_mapping(
+                "00:00:00:00:00:00",
+                Ipv4Addr::new(192, 168, 20, 100),
+                "hostname",
+            )
+            .expect("Should add static mapping");
+
+        let serialized = config.opnsense.to_xml();
+
+        fs::write("/tmp/serialized.xml", &serialized).unwrap();
+
+        let mut test_file_path = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
+        test_file_path.push("src/tests/data/config-structure-with-dhcp-staticmap-entry.xml");
+
+        let config_file_path = test_file_path.to_str().unwrap().to_string();
+        println!("File path {config_file_path}");
+        let repository = Box::new(LocalFileConfigRepository::new(config_file_path));
+        let expected_config_file_str = repository.load().await.unwrap();
+        assert_eq!(expected_config_file_str, serialized);
+    }
+}
diff --git a/harmony-rs/opnsense-config/src/config/mod.rs b/harmony-rs/opnsense-config/src/config/mod.rs
new file mode 100644
index 0000000..8b814a4
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/config/mod.rs
@@ -0,0 +1,4 @@
+mod config;
+mod repository;
+pub use repository::*;
+pub use config::*;
diff --git a/harmony-rs/opnsense-config/src/config/repository.rs b/harmony-rs/opnsense-config/src/config/repository.rs
new file mode 100644
index 0000000..ecb2c2a
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/config/repository.rs
@@ -0,0 +1,151 @@
+use crate::error::Error;
+use async_trait::async_trait;
+use log::info;
+use russh::{
+    client::{Config as SshConfig, Handler, Msg},
+    Channel,
+};
+use russh_keys::key::{self, KeyPair};
+use std::{fs, net::Ipv4Addr, sync::Arc};
+
+#[async_trait]
+pub trait ConfigRepository: std::fmt::Debug {
+    async fn load(&self) -> Result<String, Error>;
+    async fn save(&self, content: &str) -> Result<(), Error>;
+}
+
+struct Client {}
+
+#[async_trait]
+impl Handler for Client {
+    type Error = Error;
+
+    async fn check_server_key(
+        &mut self,
+        _server_public_key: &key::PublicKey,
+    ) -> Result<bool, Self::Error> {
+        Ok(true)
+    }
+}
+
+#[derive(Debug)]
+pub enum SshCredentials {
+    SshKey { username: String, key: Arc<KeyPair> },
+    Password { username: String, password: String },
+}
+
+#[derive(Debug)]
+pub struct SshConfigRepository {
+    ssh_config: Arc<SshConfig>,
+    credentials: SshCredentials,
+    host: (Ipv4Addr, u16),
+}
+
+impl SshConfigRepository {
+    pub fn new(
+        host: (Ipv4Addr, u16),
+        credentials: SshCredentials,
+        ssh_config: Arc<SshConfig>,
+    ) -> Self {
+        Self {
+            ssh_config,
+            credentials,
+            host,
+        }
+    }
+}
+
+impl SshConfigRepository {
+    async fn get_ssh_channel(&self) -> Result<Channel<Msg>, Error> {
+        let mut ssh = russh::client::connect(self.ssh_config.clone(), self.host, Client {}).await?;
+
+        match &self.credentials {
+            SshCredentials::SshKey { username, key } => {
+                ssh.authenticate_publickey(username, key.clone()).await?;
+            }
+            SshCredentials::Password { username, password } => {
+                ssh.authenticate_password(username, password).await?;
+            }
+        }
+
+        Ok(ssh.channel_open_session().await?)
+    }
+}
+
+#[async_trait]
+impl ConfigRepository for SshConfigRepository {
+    async fn load(&self) -> Result<String, Error> {
+        let mut channel = self.get_ssh_channel().await?;
+
+        channel.exec(true, "cat /conf/config.xml").await?;
+        let mut output: Vec<u8> = vec![];
+        loop {
+            let Some(msg) = channel.wait().await else {
+                break;
+            };
+
+            info!("got msg {:?}", msg);
+            match msg {
+                russh::ChannelMsg::Data { ref data } => {
+                    output.append(&mut data.to_vec());
+                }
+                russh::ChannelMsg::ExitStatus { .. } => {}
+                russh::ChannelMsg::WindowAdjusted { .. } => {}
+                russh::ChannelMsg::Success { .. } => {}
+                russh::ChannelMsg::Eof { .. } => {}
+                _ => todo!(),
+            }
+        }
+        Ok(String::from_utf8(output).expect("Valid utf-8 bytes"))
+    }
+
+    async fn save(&self, content: &str) -> Result<(), Error> {
+        todo!("Backup, Validate, Reload config file");
+        let mut channel = self.get_ssh_channel().await?;
+
+        let command = format!(
+            "echo '{}' > /conf/config.xml",
+            content.replace("'", "'\"'\"'")
+        );
+        channel.exec(true, command.as_bytes()).await?;
+
+        loop {
+            let Some(msg) = channel.wait().await else {
+                break;
+            };
+
+            match msg {
+                russh::ChannelMsg::ExitStatus { exit_status } => {
+                    if exit_status != 0 {
+                        return Err(Error::Ssh(russh::Error::Disconnect));
+                    }
+                }
+                _ => {}
+            }
+        }
+
+        Ok(())
+    }
+}
+
+#[derive(Debug)]
+pub struct LocalFileConfigRepository {
+    file_path: String,
+}
+
+impl LocalFileConfigRepository {
+    pub fn new(file_path: String) -> Self {
+        Self { file_path }
+    }
+}
+
+#[async_trait]
+impl ConfigRepository for LocalFileConfigRepository {
+    async fn load(&self) -> Result<String, Error> {
+        Ok(fs::read_to_string(&self.file_path)?)
+    }
+
+    async fn save(&self, content: &str) -> Result<(), Error> {
+        Ok(fs::write(&self.file_path, content)?)
+    }
+}
diff --git a/harmony-rs/opnsense-config/src/lib.rs b/harmony-rs/opnsense-config/src/lib.rs
index 6625b3a..1b7af7f 100644
--- a/harmony-rs/opnsense-config/src/lib.rs
+++ b/harmony-rs/opnsense-config/src/lib.rs
@@ -1,23 +1,45 @@
 pub mod config;
 pub mod error;
 pub mod modules;
-use std::net::Ipv4Addr;
 
 pub use config::Config;
 pub use error::Error;
-use modules::dhcp::DhcpConfig;
-use opnsense_config_xml::OPNsense;
+#[cfg(test)]
+mod test {
+    use config::SshConfigRepository;
+    use russh::client;
+    use std::{net::Ipv4Addr, sync::Arc, time::Duration};
 
-#[tokio::test]
-async fn test_public_sdk() {
-    let mut opnsense = OPNsense::default();
-    let mut dhcpd = DhcpConfig::new(&mut opnsense);
-    dhcpd.add_static_mapping(
-        "test_mac",
-        Ipv4Addr::new(192, 168, 168, 168),
-        "test_hostname",
-    );
+    use crate::{
+        config::{self, SshCredentials},
+        Config,
+    };
 
-    todo!();
-    // opnsense.apply_changes().await;
+    #[tokio::test]
+    async fn test_public_sdk() {
+        let config = Arc::new(client::Config {
+            inactivity_timeout: Some(Duration::from_secs(5)),
+            ..<_>::default()
+        });
+
+        let credentials = SshCredentials::Password {
+            username: String::from("root"),
+            password: String::from("opnsense"),
+        };
+
+        let repo =
+            SshConfigRepository::new((Ipv4Addr::new(192, 168, 5, 229), 22), credentials, config);
+        let mut config = Config::new(Box::new(repo)).await.unwrap();
+        config
+            .dhcp()
+            .add_static_mapping(
+                "test_mac",
+                Ipv4Addr::new(192, 168, 168, 168),
+                "test_hostname",
+            )
+            .unwrap();
+
+        todo!();
+        // opnsense.apply_changes().await;
+    }
 }
diff --git a/harmony-rs/opnsense-config/src/tests/data/config-vm-test.xml b/harmony-rs/opnsense-config/src/tests/data/config-vm-test.xml
new file mode 100644
index 0000000..1d176b4
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/tests/data/config-vm-test.xml
@@ -0,0 +1,994 @@
+<?xml version="1.0"?>
+<opnsense>
+  <theme>opnsense</theme>
+  <sysctl>
+    <item>
+      <descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
+      <tunable>vfs.read_max</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set the ephemeral port range to be lower.</descr>
+      <tunable>net.inet.ip.portrange.first</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Drop packets to closed TCP ports without returning a RST</descr>
+      <tunable>net.inet.tcp.blackhole</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
+      <tunable>net.inet.udp.blackhole</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Randomize the ID field in IP packets</descr>
+      <tunable>net.inet.ip.random_id</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>
+        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
+        It can also be used to probe for information about your internal networks. These functions come enabled
+        as part of the standard FreeBSD core system.
+      </descr>
+      <tunable>net.inet.ip.sourceroute</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>
+        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
+        It can also be used to probe for information about your internal networks. These functions come enabled
+        as part of the standard FreeBSD core system.
+      </descr>
+      <tunable>net.inet.ip.accept_sourceroute</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>
+        This option turns off the logging of redirect packets because there is no limit and this could fill
+        up your logs consuming your whole hard drive.
+      </descr>
+      <tunable>net.inet.icmp.log_redirect</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
+      <tunable>net.inet.tcp.drop_synfin</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Enable sending IPv6 redirects</descr>
+      <tunable>net.inet6.ip6.redirect</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
+      <tunable>net.inet6.ip6.use_tempaddr</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Prefer privacy addresses and use them over the normal addresses</descr>
+      <tunable>net.inet6.ip6.prefer_tempaddr</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
+      <tunable>net.inet.tcp.syncookies</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
+      <tunable>net.inet.tcp.recvspace</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
+      <tunable>net.inet.tcp.sendspace</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
+      <tunable>net.inet.tcp.delayed_ack</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum outgoing UDP datagram size</descr>
+      <tunable>net.inet.udp.maxdgram</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
+      <tunable>net.link.bridge.pfil_onlyip</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
+      <tunable>net.link.bridge.pfil_local_phys</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
+      <tunable>net.link.bridge.pfil_member</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set to 1 to enable filtering on the bridge interface</descr>
+      <tunable>net.link.bridge.pfil_bridge</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Allow unprivileged access to tap(4) device nodes</descr>
+      <tunable>net.link.tap.user_open</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
+      <tunable>kern.randompid</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
+      <tunable>hw.syscons.kbd_reboot</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Enable TCP extended debugging</descr>
+      <tunable>net.inet.tcp.log_debug</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set ICMP Limits</descr>
+      <tunable>net.inet.icmp.icmplim</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>TCP Offload Engine</descr>
+      <tunable>net.inet.tcp.tso</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>UDP Checksums</descr>
+      <tunable>net.inet.udp.checksum</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum socket buffer size</descr>
+      <tunable>kern.ipc.maxsockbuf</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Page Table Isolation (Meltdown mitigation, requires reboot.)</descr>
+      <tunable>vm.pmap.pti</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)</descr>
+      <tunable>hw.ibrs_disable</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Hide processes running as other groups</descr>
+      <tunable>security.bsd.see_other_gids</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Hide processes running as other users</descr>
+      <tunable>security.bsd.see_other_uids</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
+        and for the sender directly reachable, route and next hop is known.
+      </descr>
+      <tunable>net.inet.ip.redirect</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum outgoing UDP datagram size</descr>
+      <tunable>net.local.dgram.maxdgram</tunable>
+      <value>default</value>
+    </item>
+  </sysctl>
+  <system>
+    <optimization>normal</optimization>
+    <hostname>OPNsense</hostname>
+    <domain>localdomain</domain>
+    <dnsallowoverride>1</dnsallowoverride>
+    <group>
+      <name>admins</name>
+      <description>System Administrators</description>
+      <scope>system</scope>
+      <gid>1999</gid>
+      <member>0</member>
+      <priv>page-all</priv>
+    </group>
+    <user>
+      <name>root</name>
+      <descr>System Administrator</descr>
+      <scope>system</scope>
+      <groupname>admins</groupname>
+      <password>$2y$10$YRVoF4SgskIsrXOvOQjGieB9XqHPRra9R7d80B3BZdbY/j21TwBfS</password>
+      <uid>0</uid>
+    </user>
+    <nextuid>2000</nextuid>
+    <nextgid>2000</nextgid>
+    <timezone>Etc/UTC</timezone>
+    <timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
+    <webgui>
+      <protocol>https</protocol>
+      <ssl-certref>6734d6c82dc59</ssl-certref>
+      <port/>
+      <ssl-ciphers/>
+      <interfaces/>
+      <compression/>
+    </webgui>
+    <disablenatreflection>yes</disablenatreflection>
+    <usevirtualterminal>1</usevirtualterminal>
+    <disableconsolemenu>1</disableconsolemenu>
+    <disablevlanhwfilter>1</disablevlanhwfilter>
+    <disablechecksumoffloading>1</disablechecksumoffloading>
+    <disablesegmentationoffloading>1</disablesegmentationoffloading>
+    <disablelargereceiveoffloading>1</disablelargereceiveoffloading>
+    <ipv6allow>1</ipv6allow>
+    <powerd_ac_mode>hadp</powerd_ac_mode>
+    <powerd_battery_mode>hadp</powerd_battery_mode>
+    <powerd_normal_mode>hadp</powerd_normal_mode>
+    <bogons>
+      <interval>monthly</interval>
+    </bogons>
+    <pf_share_forward>1</pf_share_forward>
+    <lb_use_sticky>1</lb_use_sticky>
+    <ssh>
+      <group>admins</group>
+      <noauto>1</noauto>
+      <interfaces/>
+      <kex/>
+      <ciphers/>
+      <macs/>
+      <keys/>
+      <keysig/>
+      <enabled>enabled</enabled>
+      <passwordauth>1</passwordauth>
+      <permitrootlogin>1</permitrootlogin>
+    </ssh>
+    <rrdbackup>-1</rrdbackup>
+    <netflowbackup>-1</netflowbackup>
+    <firmware version="1.0.1">
+      <mirror/>
+      <flavour/>
+      <plugins/>
+      <type/>
+      <subscription/>
+      <reboot/>
+    </firmware>
+    <dnsserver>192.168.5.1</dnsserver>
+    <language>en_US</language>
+    <serialspeed>115200</serialspeed>
+    <primaryconsole>video</primaryconsole>
+    <secondaryconsole>serial</secondaryconsole>
+  </system>
+  <interfaces>
+    <lan>
+      <enable>1</enable>
+      <if>le1</if>
+      <ipaddr>10.100.8.1</ipaddr>
+      <subnet>24</subnet>
+      <ipaddrv6>track6</ipaddrv6>
+      <subnetv6>64</subnetv6>
+      <media/>
+      <mediaopt/>
+      <track6-interface>wan</track6-interface>
+      <track6-prefix-id>0</track6-prefix-id>
+    </lan>
+    <lo0>
+      <internal_dynamic>1</internal_dynamic>
+      <descr>Loopback</descr>
+      <enable>1</enable>
+      <if>lo0</if>
+      <ipaddr>127.0.0.1</ipaddr>
+      <ipaddrv6>::1</ipaddrv6>
+      <subnet>8</subnet>
+      <subnetv6>128</subnetv6>
+      <type>none</type>
+      <virtual>1</virtual>
+    </lo0>
+    <wan>
+      <if>le0</if>
+      <descr/>
+      <enable>1</enable>
+      <spoofmac/>
+      <ipaddr>dhcp</ipaddr>
+      <dhcphostname/>
+      <alias-address/>
+      <alias-subnet>32</alias-subnet>
+      <dhcprejectfrom/>
+      <adv_dhcp_pt_timeout/>
+      <adv_dhcp_pt_retry/>
+      <adv_dhcp_pt_select_timeout/>
+      <adv_dhcp_pt_reboot/>
+      <adv_dhcp_pt_backoff_cutoff/>
+      <adv_dhcp_pt_initial_interval/>
+      <adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
+      <adv_dhcp_send_options/>
+      <adv_dhcp_request_options/>
+      <adv_dhcp_required_options/>
+      <adv_dhcp_option_modifiers/>
+      <adv_dhcp_config_advanced/>
+      <adv_dhcp_config_file_override/>
+      <adv_dhcp_config_file_override_path/>
+    </wan>
+  </interfaces>
+  <dhcpd>
+    <lan>
+      <enable/>
+      <range>
+        <from>10.100.8.10</from>
+        <to>10.100.8.245</to>
+      </range>
+      <staticmap>
+        <mac>d8:5e:d3:e7:2c:8c</mac>
+        <ipaddr>10.100.8.15</ipaddr>
+        <hostname>rtx4090</hostname>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+    </lan>
+  </dhcpd>
+  <snmpd>
+    <syslocation/>
+    <syscontact/>
+    <rocommunity>public</rocommunity>
+  </snmpd>
+  <nat>
+    <outbound>
+      <mode>automatic</mode>
+    </outbound>
+  </nat>
+  <filter>
+    <rule uuid="f79eded0-3c11-4f57-9aaa-55d4888589fa">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>80</port>
+      </destination>
+      <updated>
+        <username>root@192.168.5.204</username>
+        <time>1731518072.7612</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.5.204</username>
+        <time>1731518072.7612</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="4a5e7b65-0d7f-4452-8a29-2ec61a47ec19">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>443</port>
+      </destination>
+      <updated>
+        <username>root@192.168.5.204</username>
+        <time>1731518084.0639</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.5.204</username>
+        <time>1731518084.0639</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="0465308d-8605-466c-bcb4-95eeb989251a">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>tcp/udp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <any>1</any>
+        <port>22</port>
+      </destination>
+      <updated>
+        <username>root@192.168.5.204</username>
+        <time>1731518114.2801</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.5.204</username>
+        <time>1731518114.2801</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="2df05591-13e7-4d91-a1b8-d25e338ada5f">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Allow ping</descr>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>icmp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>(self)</network>
+      </destination>
+      <updated>
+        <username>root@192.168.5.204</username>
+        <time>1731518356.7559</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.5.204</username>
+        <time>1731518311.7033</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="f2ee612c-c290-4445-8045-df82a86db0e5">
+      <type>pass</type>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Default allow LAN to any rule</descr>
+      <interface>lan</interface>
+      <source>
+        <network>lan</network>
+      </source>
+      <destination>
+        <any/>
+      </destination>
+    </rule>
+    <rule uuid="b21f808a-6a4a-4cd6-9a83-1660cc8ea58b">
+      <type>pass</type>
+      <ipprotocol>inet6</ipprotocol>
+      <descr>Default allow LAN IPv6 to any rule</descr>
+      <interface>lan</interface>
+      <source>
+        <network>lan</network>
+      </source>
+      <destination>
+        <any/>
+      </destination>
+    </rule>
+  </filter>
+  <rrd>
+    <enable/>
+  </rrd>
+  <ntpd>
+    <prefer>0.opnsense.pool.ntp.org</prefer>
+  </ntpd>
+  <widgets>
+    <sequence>system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show</sequence>
+    <column_count>2</column_count>
+  </widgets>
+  <revision>
+    <username>root@192.168.5.204</username>
+    <time>1731534516.7156</time>
+    <description>/interfaces.php made changes</description>
+  </revision>
+  <OPNsense>
+    <DHCRelay version="1.0.1"/>
+    <wireguard>
+      <client version="1.0.0">
+        <clients/>
+      </client>
+      <general version="0.0.1">
+        <enabled>0</enabled>
+      </general>
+      <server version="1.0.0">
+        <servers/>
+      </server>
+    </wireguard>
+    <IPsec version="1.0.1">
+      <general>
+        <enabled/>
+      </general>
+      <keyPairs/>
+      <preSharedKeys/>
+    </IPsec>
+    <Swanctl version="1.0.0">
+      <Connections/>
+      <locals/>
+      <remotes/>
+      <children/>
+      <Pools/>
+      <VTIs/>
+      <SPDs/>
+    </Swanctl>
+    <OpenVPNExport version="0.0.1">
+      <servers/>
+    </OpenVPNExport>
+    <OpenVPN version="1.0.0">
+      <Overwrites/>
+      <Instances/>
+      <StaticKeys/>
+    </OpenVPN>
+    <captiveportal version="1.0.2">
+      <zones/>
+      <templates/>
+    </captiveportal>
+    <cron version="1.0.4">
+      <jobs/>
+    </cron>
+    <Firewall>
+      <Lvtemplate version="0.0.1">
+        <templates/>
+      </Lvtemplate>
+      <Alias version="1.0.1">
+        <geoip>
+          <url/>
+        </geoip>
+        <aliases/>
+      </Alias>
+      <Category version="1.0.0">
+        <categories/>
+      </Category>
+      <Filter version="1.0.4">
+        <rules/>
+        <snatrules/>
+        <npt/>
+        <onetoone/>
+      </Filter>
+    </Firewall>
+    <Netflow version="1.0.1">
+      <capture>
+        <interfaces/>
+        <egress_only/>
+        <version>v9</version>
+        <targets/>
+      </capture>
+      <collect>
+        <enable>0</enable>
+      </collect>
+      <activeTimeout>1800</activeTimeout>
+      <inactiveTimeout>15</inactiveTimeout>
+    </Netflow>
+    <IDS version="1.0.9">
+      <rules/>
+      <policies/>
+      <userDefinedRules/>
+      <files/>
+      <fileTags/>
+      <general>
+        <enabled>0</enabled>
+        <ips>0</ips>
+        <promisc>0</promisc>
+        <interfaces>wan</interfaces>
+        <homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
+        <defaultPacketSize/>
+        <UpdateCron/>
+        <AlertLogrotate>W0D23</AlertLogrotate>
+        <AlertSaveLogs>4</AlertSaveLogs>
+        <MPMAlgo/>
+        <detect>
+          <Profile/>
+          <toclient_groups/>
+          <toserver_groups/>
+        </detect>
+        <syslog>0</syslog>
+        <syslog_eve>0</syslog_eve>
+        <LogPayload>0</LogPayload>
+        <verbosity/>
+      </general>
+    </IDS>
+    <Interfaces>
+      <loopbacks version="1.0.0"/>
+      <neighbors version="1.0.0"/>
+      <vxlans version="1.0.2"/>
+    </Interfaces>
+    <Kea>
+      <ctrl_agent version="0.0.1">
+        <general>
+          <enabled>0</enabled>
+          <http_host>127.0.0.1</http_host>
+          <http_port>8000</http_port>
+        </general>
+      </ctrl_agent>
+      <dhcp4 version="1.0.0">
+        <general>
+          <enabled>0</enabled>
+          <interfaces/>
+          <valid_lifetime>4000</valid_lifetime>
+          <fwrules>1</fwrules>
+        </general>
+        <ha>
+          <enabled>0</enabled>
+          <this_server_name/>
+        </ha>
+        <subnets/>
+        <reservations/>
+        <ha_peers/>
+      </dhcp4>
+    </Kea>
+    <monit version="1.0.13">
+      <general>
+        <enabled>0</enabled>
+        <interval>120</interval>
+        <startdelay>120</startdelay>
+        <mailserver>127.0.0.1</mailserver>
+        <port>25</port>
+        <username/>
+        <password/>
+        <ssl>0</ssl>
+        <sslversion>auto</sslversion>
+        <sslverify>1</sslverify>
+        <logfile/>
+        <statefile/>
+        <eventqueuePath/>
+        <eventqueueSlots/>
+        <httpdEnabled>0</httpdEnabled>
+        <httpdUsername>root</httpdUsername>
+        <httpdPassword/>
+        <httpdPort>2812</httpdPort>
+        <httpdAllow/>
+        <mmonitUrl/>
+        <mmonitTimeout>5</mmonitTimeout>
+        <mmonitRegisterCredentials>1</mmonitRegisterCredentials>
+      </general>
+      <alert uuid="15f1e9ca-5dd5-4b20-b595-b6b4f82245d0">
+        <enabled>0</enabled>
+        <recipient>root@localhost.local</recipient>
+        <noton>0</noton>
+        <events/>
+        <format/>
+        <reminder/>
+        <description/>
+      </alert>
+      <service uuid="c1e99556-91f5-4dbf-81d7-7915a3213de9">
+        <enabled>1</enabled>
+        <name>$HOST</name>
+        <description/>
+        <type>system</type>
+        <pidfile/>
+        <match/>
+        <path/>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>91b4e409-211b-49d5-9fa3-dc9054106646,cbe9cb72-e8c2-4740-990c-abcc486b0654,c0708923-88de-4178-abdd-819737440ce0,e887125d-c5d2-45e6-b40d-2c400d5449d1</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <service uuid="7513f341-7d21-4f11-903f-30d07b3aa41e">
+        <enabled>1</enabled>
+        <name>RootFs</name>
+        <description/>
+        <type>filesystem</type>
+        <pidfile/>
+        <match/>
+        <path>/</path>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>cc3684f2-701e-4de4-883d-803e08cf47b6</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <service uuid="f99ada79-ba1a-4ee1-81f1-ef570e8e5ea9">
+        <enabled>0</enabled>
+        <name>carp_status_change</name>
+        <description/>
+        <type>custom</type>
+        <pidfile/>
+        <match/>
+        <path>/usr/local/opnsense/scripts/OPNsense/Monit/carp_status</path>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>f2d734cb-2a0e-4375-9460-11bdd5b20503</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <service uuid="dca8a81f-d389-4baa-b477-8b348194fd25">
+        <enabled>0</enabled>
+        <name>gateway_alert</name>
+        <description/>
+        <type>custom</type>
+        <pidfile/>
+        <match/>
+        <path>/usr/local/opnsense/scripts/OPNsense/Monit/gateway_alert</path>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>865105a2-cbea-4a01-9979-c67818da9d99</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <test uuid="ea6b821c-4f30-455b-bd5b-23a6f0c20554">
+        <name>Ping</name>
+        <type>NetworkPing</type>
+        <condition>failed ping</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="16186b38-0e13-4cc3-ad18-ccc3fcc91837">
+        <name>NetworkLink</name>
+        <type>NetworkInterface</type>
+        <condition>failed link</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="69117d4d-8c41-4712-97c0-87b4fa7c9837">
+        <name>NetworkSaturation</name>
+        <type>NetworkInterface</type>
+        <condition>saturation is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="91b4e409-211b-49d5-9fa3-dc9054106646">
+        <name>MemoryUsage</name>
+        <type>SystemResource</type>
+        <condition>memory usage is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="cbe9cb72-e8c2-4740-990c-abcc486b0654">
+        <name>CPUUsage</name>
+        <type>SystemResource</type>
+        <condition>cpu usage is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="c0708923-88de-4178-abdd-819737440ce0">
+        <name>LoadAvg1</name>
+        <type>SystemResource</type>
+        <condition>loadavg (1min) is greater than 4</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="e887125d-c5d2-45e6-b40d-2c400d5449d1">
+        <name>LoadAvg5</name>
+        <type>SystemResource</type>
+        <condition>loadavg (5min) is greater than 3</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="c34aab30-9194-4667-b516-004b9c90c1c0">
+        <name>LoadAvg15</name>
+        <type>SystemResource</type>
+        <condition>loadavg (15min) is greater than 2</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="cc3684f2-701e-4de4-883d-803e08cf47b6">
+        <name>SpaceUsage</name>
+        <type>SpaceUsage</type>
+        <condition>space usage is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="f2d734cb-2a0e-4375-9460-11bdd5b20503">
+        <name>ChangedStatus</name>
+        <type>ProgramStatus</type>
+        <condition>changed status</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="865105a2-cbea-4a01-9979-c67818da9d99">
+        <name>NonZeroStatus</name>
+        <type>ProgramStatus</type>
+        <condition>status != 0</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+    </monit>
+    <Gateways version="1.0.0">
+      <gateway_item uuid="a6ea102d-68bb-430f-af8b-269d52498fe1">
+        <disabled>0</disabled>
+        <name>WAN_GW</name>
+        <descr>Interface WAN Gateway</descr>
+        <interface>wan</interface>
+        <ipprotocol>inet</ipprotocol>
+        <gateway>172.17.0.1</gateway>
+        <defaultgw>1</defaultgw>
+        <fargw>0</fargw>
+        <monitor_disable>1</monitor_disable>
+        <monitor_noroute/>
+        <monitor/>
+        <force_down/>
+        <priority>255</priority>
+        <weight>1</weight>
+        <latencylow/>
+        <latencyhigh/>
+        <losslow/>
+        <losshigh/>
+        <interval/>
+        <time_period/>
+        <loss_interval/>
+        <data_length/>
+      </gateway_item>
+    </Gateways>
+    <Syslog version="1.0.2">
+      <general>
+        <enabled>1</enabled>
+        <loglocal>1</loglocal>
+        <maxpreserve>31</maxpreserve>
+        <maxfilesize/>
+      </general>
+      <destinations/>
+    </Syslog>
+    <TrafficShaper version="1.0.3">
+      <pipes/>
+      <queues/>
+      <rules/>
+    </TrafficShaper>
+    <unboundplus version="1.0.9">
+      <general>
+        <enabled>1</enabled>
+        <port>53</port>
+        <stats/>
+        <active_interface/>
+        <dns64/>
+        <dns64prefix/>
+        <noarecords/>
+        <regdhcp/>
+        <regdhcpdomain/>
+        <regdhcpstatic/>
+        <noreglladdr6/>
+        <noregrecords/>
+        <txtsupport/>
+        <cacheflush/>
+        <local_zone_type>transparent</local_zone_type>
+        <outgoing_interface/>
+        <enable_wpad/>
+      </general>
+      <advanced>
+        <hideidentity/>
+        <hideversion/>
+        <prefetch/>
+        <prefetchkey/>
+        <aggressivensec>1</aggressivensec>
+        <serveexpired/>
+        <serveexpiredreplyttl/>
+        <serveexpiredttl/>
+        <serveexpiredttlreset/>
+        <serveexpiredclienttimeout/>
+        <qnameminstrict/>
+        <extendedstatistics/>
+        <logqueries/>
+        <logreplies/>
+        <logtagqueryreply/>
+        <logservfail/>
+        <loglocalactions/>
+        <logverbosity>1</logverbosity>
+        <valloglevel>0</valloglevel>
+        <privatedomain/>
+        <privateaddress>0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10</privateaddress>
+        <insecuredomain/>
+        <msgcachesize/>
+        <rrsetcachesize/>
+        <outgoingnumtcp/>
+        <incomingnumtcp/>
+        <numqueriesperthread/>
+        <outgoingrange/>
+        <jostletimeout/>
+        <cachemaxttl/>
+        <cachemaxnegativettl/>
+        <cacheminttl/>
+        <infrahostttl/>
+        <infrakeepprobing/>
+        <infracachenumhosts/>
+        <unwantedreplythreshold/>
+      </advanced>
+      <acls>
+        <default_action>allow</default_action>
+      </acls>
+      <dnsbl>
+        <enabled>0</enabled>
+        <safesearch/>
+        <type/>
+        <lists/>
+        <whitelists/>
+        <blocklists/>
+        <wildcards/>
+        <address/>
+        <nxdomain/>
+      </dnsbl>
+      <forwarding>
+        <enabled/>
+      </forwarding>
+      <dots/>
+      <hosts/>
+      <aliases/>
+      <domains/>
+    </unboundplus>
+  </OPNsense>
+  <hasync version="1.0.0">
+    <disablepreempt>0</disablepreempt>
+    <disconnectppps>0</disconnectppps>
+    <pfsyncenabled>0</pfsyncenabled>
+    <pfsyncinterface>lan</pfsyncinterface>
+    <pfsyncpeerip/>
+    <pfsyncversion>1400</pfsyncversion>
+    <synchronizetoip/>
+    <username/>
+    <password/>
+    <syncitems/>
+  </hasync>
+  <openvpn/>
+  <ifgroups version="1.0.0"/>
+  <gifs version="1.0.0">
+    <gif/>
+  </gifs>
+  <gres version="1.0.0">
+    <gre/>
+  </gres>
+  <laggs version="1.0.0">
+    <lagg/>
+  </laggs>
+  <virtualip version="1.0.0">
+    <vip/>
+  </virtualip>
+  <vlans version="1.0.0">
+    <vlan/>
+  </vlans>
+  <staticroutes version="1.0.0">
+    <route/>
+  </staticroutes>
+  <bridges>
+    <bridged/>
+  </bridges>
+  <ppps>
+    <ppp/>
+  </ppps>
+  <wireless>
+    <clone/>
+  </wireless>
+  <ca/>
+  <dhcpdv6/>
+  <cert uuid="547102e9-23ba-48b8-8af8-64be61049e96">
+    <refid>6734d13fa9e4a</refid>
+    <descr>Web GUI TLS certificate</descr>
+    <caref/>
+    <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVSUhVRkpwc253VGtzYWRrZmRDNUp1SDhqWnZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5ERXhNVE14TmpFNE1EbGFGdzB5TlRFeU1UVXhOakU0TURsYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURKU1FlZ1RYckp5dDVWYmk0Rk9IeHJrOXhxQ21FRU54V2pINVVwNDBFK3hjUzZQU1NyCkNEclc3ZDlYcVJkOEpEZENtdGtLRGlMYWNaUzJMUm1abnd6VnRzZGtBR2pOYm5OM1hSNmlFajdGL0JnbVBlcDEKU2pJWnBTZzNkOS9YeHFPQTNZQllzTS9uUk9vWHlmTHcycFJOLzhHVjN3MHoxbVFZUitMZWI3UTFuc1c3dTJ5NworVHc5STZGU0J4bkdaR3RyUFl5NkVBb0NMdm1GQnFCYWxkWTQ2ejdlWjlIRkZXaE8ybWpaUzVPdTE3ZVozVHBxCnBRTVB1T2JxV3FyaE0xdjVjdmJodU5kREhNZ3ZVVFVnQ0RNK2FkS3dIc0dNNGw5ZGtOQTgxdGlJcXpzN1BqcjEKUm0wMlVuUXRneW8zY3hPRXVsYk9nU0hsdGhTMmtUMXE2UmhyemYvRGRJSEhta1RROGtwWVloWGc0VmpMQVdpSQpQbm9ncnZsRUlWMERhQ3ZEMjZiRkRDbVkxc29FbDV1NGtYanJScDRXK29NUVRHeG80NzFMQnNBMlh1Si82ZFJBCkJMVzh4dXBFODhEYmlrWW51NVdQaUp6ZXh4UVIyNU1FQVd6TCtKK0lubFExbmpMVWwyN3R0c1VQQ1VjL3c0NXoKcHBERHYwZnU0Nnp1S3EzY0VWRitiREsrQWdlT0Q2SXNzUjVRRTdFNVdkWjYrNWl6ZHB4eWdUeGh0L1k1RlBkSApHQjlCbDFrejR4bHRhczlvbmZrSDFkVHk3dzFNck43Z1l5WjgvS0pMWW9EY2NBOVFuNGt6bGtPeFVUMENuS1ExCmtWNk90aFRsVFgzK2duaUpJK3RXWUQ5bTRldXNzYWN1anpyWDl5TTNZcEloMnZqODJ0NHpPNjIrNFFJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRkJRZytucWI5QW9HSWtoTUxhNHFzWGRvY0JGcE1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVUlIVUYKSnBzbndUa3NhZGtmZEM1SnVIOGpadk13SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQUZqNlQ1MmRIUklVMHJuZDE0d2dob2tjUkdrK0hIQloyTGlDRHpUeUwKNHdCeTJ1ZXJXQWdvYUZzeUlNQzhwWTBhWlc4TFlSd1BtRVB0OXlUS09ZZzF0NWtOUnk2RkF5akszeis5TGZTQwoxRlFpb0pma3FHRnhoc1IxV1R5RjBGNmJmM2tZRDZ4OWw1dEdqMXF3SndrekZWZWcvZGNtUVhvRTBmUDRqSFFvCmgxWXdiZ3pTa084TzRLUVhuWXVRM3g0bWdoZnBvR0hQM2xINlcybDJlWHpqSzllRjJtUG1ZS0p1M3JpSnkvL3gKRzhQWXBYNlNTN3RoVnNNeHF3cGJHbURXQXRuSnNrSmVsNDI1WUdOYlZ4YTNPOHE3RWxLNGFoNXpmai8wRnVwTgo3SnlqMWQyZjZFck14WlFnUi9EdmlUVnhISytRY1lBRXBqU2ZmZzBrRStpS1BlN0VYTVk1VU1aZUFTK1ZteG1LCjBPOWxaQXNpWUlEMzkwVjNTaDZxYjhoL2xMZ0V2NCtSNUw1VEpFaldYc0dQSUpGaHJNSFJWR1lhV3JIYWx3eHYKNjE5NFlpSXBEaUlHSVVSWGN1U3dNcndIQzN0bms2QVo2OW5CczVXT1JYM0NxOVhRRnVrVlA5eUMxQnRuSmFwbQpubUMzK3NtTTErRjkxUXlkVXJtbUxPNUVwUmtTMitBcmRTSklUR1NRNWt4L3VLNjhzV0QzVVdNNVRibUxrcWdOCkt6djZjemVCbzJiVExDT0JKUWJ4STFCckRPTUFMSDlCdXdUamVXdUVtWE9TWE1lTDFsejdhL2JZKzJxa1BSOVAKTE5IekE2QXZlVmxucDNaeFdqMjZFK3dwYnU5cHBaY0QzRGVHRnRnZzVJbUJ2ZDNWbjJ6UVc4a1ZMT1ZBdllSawptdWc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
+    <csr/>
+    <prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpSQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1M0d2dna3FBZ0VBQW9JQ0FRREpTUWVnVFhySnl0NVYKYmk0Rk9IeHJrOXhxQ21FRU54V2pINVVwNDBFK3hjUzZQU1NyQ0RyVzdkOVhxUmQ4SkRkQ210a0tEaUxhY1pTMgpMUm1abnd6VnRzZGtBR2pOYm5OM1hSNmlFajdGL0JnbVBlcDFTaklacFNnM2Q5L1h4cU9BM1lCWXNNL25ST29YCnlmTHcycFJOLzhHVjN3MHoxbVFZUitMZWI3UTFuc1c3dTJ5NytUdzlJNkZTQnhuR1pHdHJQWXk2RUFvQ0x2bUYKQnFCYWxkWTQ2ejdlWjlIRkZXaE8ybWpaUzVPdTE3ZVozVHBxcFFNUHVPYnFXcXJoTTF2NWN2Ymh1TmRESE1ndgpVVFVnQ0RNK2FkS3dIc0dNNGw5ZGtOQTgxdGlJcXpzN1BqcjFSbTAyVW5RdGd5bzNjeE9FdWxiT2dTSGx0aFMyCmtUMXE2UmhyemYvRGRJSEhta1RROGtwWVloWGc0VmpMQVdpSVBub2dydmxFSVYwRGFDdkQyNmJGRENtWTFzb0UKbDV1NGtYanJScDRXK29NUVRHeG80NzFMQnNBMlh1Si82ZFJBQkxXOHh1cEU4OERiaWtZbnU1V1BpSnpleHhRUgoyNU1FQVd6TCtKK0lubFExbmpMVWwyN3R0c1VQQ1VjL3c0NXpwcEREdjBmdTQ2enVLcTNjRVZGK2JESytBZ2VPCkQ2SXNzUjVRRTdFNVdkWjYrNWl6ZHB4eWdUeGh0L1k1RlBkSEdCOUJsMWt6NHhsdGFzOW9uZmtIMWRUeTd3MU0Kck43Z1l5WjgvS0pMWW9EY2NBOVFuNGt6bGtPeFVUMENuS1Exa1Y2T3RoVGxUWDMrZ25pSkkrdFdZRDltNGV1cwpzYWN1anpyWDl5TTNZcEloMnZqODJ0NHpPNjIrNFFJREFRQUJBb0lDQUNPNnZpc1BIY3pzb1NjK2dkWkU1dGNNCnZkc240UDFIenVRd0VzRUcrVG1zanVWMVBZbExrbkE4OU1DQmdDejEyOFpMcU51ZlUwSDkxK1Uzbjd2MGJ1bVAKd3BpR2R4UUNOMlpZaGZ2RWE5YW1qMTNZYjBJbks3b0FKbUdrT254NW91UFl6YlBRblBNRE9WK0VKa2JwTWRxZgptOHdmOWg2OXYzSk03bUZJS0UrOVVZR252UjhuMkhETTNwR3FONEhQS1A4MkE0RXlvQ2d2a1BTelRxc052bU5ICnBOY0RURW5rNlNsWUhUVDNOSzJjVnBldUhMUzUrazlqNWI5elhUSlE5TkpVZlN6bnEvUmFpMUZVNDY1K0xpUjEKMGVPWDdnajFWUExOcGgwcWtQQy9ubW0vZStVMmZXUGZZb2FDcWkrQ0VwU2twQXlQZ1FZZTJsSG0rYVU4MzZ2UQpuaHZuL0p5ZHJDL1NyTUFZaXpOZFYyZjlHTkNwcE1SbUZyOS9saVJiNEFpSzRLSDRETGdSRUxHaDJLNzJuOFRLCkxUSVhIV3RacisyMWU4c0Mxbm5MSENnK21wMHBvSWJsbEtoYk9VTmVxR09yWm95NFBXdDZMQndFYzN0MG1wVEMKODhiSUpqMzFCQngzTGE1SUE5b0FNRi9lbHJYdFhhVnl4bm5yTHdjYzFNVWpCV20rZDVqbC9WOEdIcEJRd3pXYwpPNWdNSXlQNUIvdzBacUcyZjV1akZkOHo4dElmcEFRRTJSbDNxRUFYNU1NY1JQaFlTNDJqTWl4czc3TmtOVldQCkpqUVoxVDVXQTVKOUxEL2FKRkplQ2MvbjhpNldOQ3FzdEQ5OVNPTCsrTTBFQTlka2lLNWtOcXFZeXZuRG9SZVcKSW84eXhvVnpObURsWjBkSU9UUzlBb0lCQVFEb2tvMWxPS05FNlBWWmRRU3lmS0JOTEZNcEl1V1VVZmp0ODU4awpJTTB0TnNyS0d2N3NmYkt0dlMvOWgwMGluU2FyWTJ4amVETG91WEI5VzdKY1B1NjRoNHYwek1lbXRhdDRyTUJnClA5bkQ3MW00dERqS2ZrZDAza2tUbk4ySTBxYkwzeFVoTjNEQlJZTU9veDFMa2M4MFFFMHhSUEM1YmRJaXcwemEKTWdtK1dOZVY1VEZoSkpQZ2dVRVo5U1A2aWV1VEY0OW9wRGNWdGUwQ0I0WnFUaTRWb3YvZFVDWGpNK0djRnNWdgpPWTZYTE9KTmRldHdnUVNkd1hlSzB1WlBpWnVKTGlsTEg4OFVKYWNoQThDZW1SclMxRUtxWElwK2dkQWV4MnhVCmY5amRMMGF2SlJEY0xqWlhETXBvWlJpc0JoWVArZzY3VHZza3FscDh4M2p2STlWVkFvSUJBUURkajZrdWNLM0MKYXprMzlqYllvM3RFZ0R5L2VGNnBjWFlpK21Ba1ZNRk9vSWJ5cmNyN3BqSnRMNFMyMEFDRmpBUGFQT042dWVVWQpQQm92dC9QODB1V1c5cGZCK29mRmdadzRqc3hLWFY4eEJmOVdLWVZndFBsOHhIL1RJcERTMjhVTlowNDlhUW4vCjlCRzNac0lyenk3RzFLRTZPLzBMMnVmMnFyaUxxRFQyV3dsdFVsbWs2Ym5NeThkR0sra1JLcFhvSm1RTlNHRHoKOXd4blU2ZmZ1NDdDLzRYMHRIVk1MVFVneFh4djdqN3BpSzI4dzBuZ1N5S3ozV0IzWTJwaFVsZEJIdEprQko1RQpoRm8zMXJCVDU5enhkb2crYXh1bkh4S3EySGFHRkt0ZUZ6RGpkTTFpQzE3bWNtWXBzR2tuenA0cjRjZm5FYTFSCko4Wmo5ZVFQaEVOZEFvSUJBUUN3d2hsbXNkb2MySFVJVFZDSm13QjJSdGJaYitWT2lkS0lmdDBYcHpwcFA3aDIKVEhndEl3ZDIxayt2LzNJWGVaclhMWlJHTVNkNEN1QTgxa0ZEckt6Z1lGeDFiR0hkQ1R2T1ZuVkxjWnUvTjUxWQpMTmp3eFhMbmxyMnhnMG8zMytuWERyQlBjNFJsejcvZ2t3WUQxa2pGckkwK2dlZjI5a2w4RkRUSHJMb05DaGFuCm5PNmZweDRneGZ2Rmo3T05pZDhhQnhEK2RiaEw3dDIzNmlJMWp6K2xRQ0g0Z1I2YWhHYldxOVBZU2NWZWprVmMKbTkrWnZPVFdSU0RteUkwMExDQ2k3UXVEUmlTcmFrYVFaL3F3VHlxOHk0ZnpWS3dKby8yYU52VFZiK2xSaWNuTgorWHpMNnU5dno0L1NNZXZEYWtqQVVjdDZmbmVQa1UxK2dsZ2VZSHlWQW9JQkFRRFJtYW0wVEZhbFdXaHMvNWtOClEwTkhINFhZb1JmMGRta0xXQStCNzBoY2lOS0JYRlp0ME9GZGw1bVdsSm9adk1hY1BBUDd3MGJ1c1ZVWWxZN1YKTy9LRTZVM1I3WjlxQWw1Mnh1aU81Vnc3ZFhBRDVBM1EyZ1EzdTNFdG5VS2lwOVA0QlNYb1JLbDRJVDV0WVdJSgpyZHVUciszQ3VLT0FCcHh4Snpxa3JBRkdtZ01HRCtUTWRXd1hTU1NBeHVPYklNMW1MSU4wYVdlSEJNMFFKdnptClZIb1BFVXA1b0FwamdWVUVacTk4K0VjK0NOWkxmL2d3bndQNllsQnpRWEtQRlNXRWJwTWNtWjNjTmRWZmc5T1YKM1FDUTBkQzhNL21hRlhSRWVibE95TmtCanpEcHpVTExJUFNyVDhoRVlpWm95VGVyVGRJZVVBUEZoYnBTTUhtTApFRlhsQW9JQkFRQ0VUdVJQRHZvMC9tdDhyTzhLNENsamtuU0gxZ1FBSjFha3U3UXg3NUJUTDB6OWRNY2lMK1JLCng1R1lFTW1wcUtNb2FPbWc0WFVRMVRlQ2Vic1R0NjMyWXp6cmNCU0d1RzVnN1o0UUVublUzRXU5QklIMUVSL2gKSEk0NWowU0xNRUpObkNiTkpnRVNRRUFCbzN3cHhrRTdiRGlNdTVPOXVqMlFRVTlTTm94QkFmbVFXRDJJaU1BRQpWYzV3QTNZajBMdElSYkJmdzNBTE9uNlRSc2xucy9JMnd2Z1RCQW9sU3NZbEtEK0NRY3hDZldlNmZwU21aYmlCClBGUE9DY1ZQTXhGeXBhZWFJMkRXNWRPNFNoNGQ0ZlZma2F3ck9LN1N2QnFZb0Y5L2VndThzQS9ZdklaRVltQUQKd0ZIOGs1QjJ4WXdiNkVmNmFFQ29ZTitsNWtlWmhNWTgKLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
+  </cert>
+  <cert uuid="cad18e13-92c5-48b6-9b44-ad2e5dcc799e">
+    <refid>6734d6c82dc59</refid>
+    <descr>Web GUI TLS certificate</descr>
+    <caref/>
+    <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVZkNETXpFclQ4dlVoenJaTVJta3JiT3dnSUdNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5ERXhNVE14TmpReE5EVmFGdzB5TlRFeU1UVXhOalF4TkRWYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURMc0xEbjRta1R4RXJYdHdqTXoxencyeHJhNTZ5bTYrYzlRNEM3UjMyMzVuWjVPM1ovCnczL2tNV2Y5L25GbGpnMkFXWERJSmNXZjk0NFJFblFMdmlha2NNTHR1Qm1KTVRYZnVQWnhsSWE4Wlc0S0ZuT20KVFM0WXFCVzhHQkpJd0xtQ2kxb2RoWXhmUEQ2TFdEZnZYMm1tWEIrUFNxL0l4WEhOSjdxZVB4YzVuSzUyMW1uNQpuQ0FtZFBDY2JmdmdXdUM2TnhWbXpkeXpta1QvNnVqRUJFYTZ6RkQyUUtDN1N6a2ptZUNpd2VDQjc5NjZqeEV5ClFrVlFqYlQ5MFlyeENvdE8rbTJIQU5QZHNjT3FvNldXMEhmSlNpa2k4K2NDWHlzbGRFSzFZbmxueTNFWlVqTEwKVmplRS9XQVU0Q1BZUmhYVFVGVTIxZFV2azNvYUVpeldVdmhKc1FHYnh2aFRUQlN3aVliOUQ3Ymx1MWl4UzJxNwo3Mzk5VWdRN3FTNUFhOElHbXA4NUNoUUlBWUVjSTd6RGVWTGtrOGpkWkFCaTdGbDl0M05OQTU3WlVZVzErWE45CitUZ3ljMTlTbGoxVW1RdkRvekxCQzk5TVJpLzREQTIxRFpIODY3ekFYenFqZWUrckorQkZvNzVEQjlqd2tMTmUKUGVpemxRenRIWmpSU0tnaWdSNU9KSmtSVHIvNjduaTBtbzVITGNkU3hBSDFmdXdXS0hWS2RHQlQrNjhhYkUrZwprUSsrVDhMenVhK1FtakxOUVFqMVJCSFYzSzVQL3dvbXJKZG02d1ZLbm85RXlNait4azFwS05wb0F4UnR1WllmCkNEVVVQWjR1cEJtbzBLN3dGNHdtV3VXYSttVndlb1ZTcDRXMEhOWVJGU1pyWWxrc1AzdWViSHcva1FJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRktidDd0QkRKN1daV1lMblQ5cEhTMklPdTg1TU1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVWZDRE0KekVyVDh2VWh6clpNUm1rcmJPd2dJR013SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQWNQbmllQ29FSmRjV25CVHdqRmE3bjZqTFMrZ1pUYUk2ZjAzWktQMFYKQ0pSaDUxWTNwb2dpcnJYcVNHQ1VGTVNHbGpsQ21mU2VhdW9GWFYwanZLejhnMGZ1NU9kYlhjd2FrZFBZSXgydQpVT0dMbllTaEdCNlpoMmhpWWdSVGFpemJoTVliQitzQkV4QU1CdHZRZElSZ3dBWkRNWE9jY0MwZnJaMFhRRlRFCnQ3by82VGYvZEprdnB0cmRYWW1INnFUWlA2MGxyTnlabVloTjc1NEluOFZLRVVSRWNZamg1ejlJanA1NTE1cU0Kb0VrSGNKbTBDNkh2VStETG1ybFpFYkV4bnVOMFQzWTBNZ0hiVFVhU2Y1L2FKVmlIM0dOMnMzbG1ZM0VXTS9Vcwo3azFyc2JTa2orZzJvQXlTcjU0Nlc4RkdaMjliZFlOYk1EaTQ4aXVRQWlzRlQrTGZXN3Y3RVl3WGJ3NUhSVkpNCjV2MlhnenJwN2Yxa08zckEzeXUyS1VSSktHdjJ1ZXhNSythb1VOZXhRT3ludmZGUTBCemRHQ1dlcmVvZTZ3bDMKbHc4Z2dCWDI1VGIxbzR3d1UzNXdtUUIrMC9rbjB0SXoveVBhY2JzbDAwZ0dJNFhTbWpRQmF0MUZYRHFEME1JMgp4S0RqMXZ2dkNTVnRKc09ESG95eDhLc3ptbno5UVFoV0ZNeC9LTXp1clh0OWtsWFRJc0t3d2NXMytZQWtQMzNaClgvOGJnZS8zK2RibTdNN3BndmFBNVFlU3VTbkwzNjdLT1g1NlNZNGFZWHhkc1haVDc0ZGxVRU1jbG9NU0NIOG4KR25QWlpyWTNHdnZaU2ovQWdqT2lDNHNBL2JSSmh4cCtUQndlRFByR0pFUEJFVW9sZEZHVXdraFJXMVVuRlc2YwpyTGM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
+    <csr/>
+    <prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRRExzTERuNG1rVHhFclgKdHdqTXoxencyeHJhNTZ5bTYrYzlRNEM3UjMyMzVuWjVPM1ovdzMva01XZjkvbkZsamcyQVdYRElKY1dmOTQ0UgpFblFMdmlha2NNTHR1Qm1KTVRYZnVQWnhsSWE4Wlc0S0ZuT21UUzRZcUJXOEdCSkl3TG1DaTFvZGhZeGZQRDZMCldEZnZYMm1tWEIrUFNxL0l4WEhOSjdxZVB4YzVuSzUyMW1uNW5DQW1kUENjYmZ2Z1d1QzZOeFZtemR5em1rVC8KNnVqRUJFYTZ6RkQyUUtDN1N6a2ptZUNpd2VDQjc5NjZqeEV5UWtWUWpiVDkwWXJ4Q290TyttMkhBTlBkc2NPcQpvNldXMEhmSlNpa2k4K2NDWHlzbGRFSzFZbmxueTNFWlVqTExWamVFL1dBVTRDUFlSaFhUVUZVMjFkVXZrM29hCkVpeldVdmhKc1FHYnh2aFRUQlN3aVliOUQ3Ymx1MWl4UzJxNzczOTlVZ1E3cVM1QWE4SUdtcDg1Q2hRSUFZRWMKSTd6RGVWTGtrOGpkWkFCaTdGbDl0M05OQTU3WlVZVzErWE45K1RneWMxOVNsajFVbVF2RG96TEJDOTlNUmkvNApEQTIxRFpIODY3ekFYenFqZWUrckorQkZvNzVEQjlqd2tMTmVQZWl6bFF6dEhaalJTS2dpZ1I1T0pKa1JUci82CjduaTBtbzVITGNkU3hBSDFmdXdXS0hWS2RHQlQrNjhhYkUrZ2tRKytUOEx6dWErUW1qTE5RUWoxUkJIVjNLNVAKL3dvbXJKZG02d1ZLbm85RXlNait4azFwS05wb0F4UnR1WllmQ0RVVVBaNHVwQm1vMEs3d0Y0d21XdVdhK21Wdwplb1ZTcDRXMEhOWVJGU1pyWWxrc1AzdWViSHcva1FJREFRQUJBb0lDQUFzc3hPL2IzSTd3a0hpWU9wdmQ3b2ZxClJXVm9HM0ZHOVBkSCtrcU1DQW9zVXlpZ2lnWkZhQUZSY3BhZFBJUnBVRFZQOHQrUUx2RHhTSEtJVkNTR3lLRHgKN01mVTkxV3ZCUGtpc1NhWEV2TklEMHJ2WTJYbXl4WWdOcDBNcHdnbHhxZXlWSDNWSTFmZ09zQXpWVkpGSmtzeAp0NnVKV2U2R1lwRnlVZ3MzZytNdHhPYVJLZHcvWkFZb0dVRkR5WE5NR1JNdVRYYkg2WWxTOStFZ2RxZTJZbGtDCk41amkvODUydUlwSytXZUVnbmd1ZkVZNDdpVVhQSzFJTVB0UjRURUxOb3hkTWVBYnZBUG9La2QwMWZOWnVaQ3EKQ0dxNS9kMEQ4cDZKNjlUK3M1RnR1R1UrdkxtcUg3NmtsZjVmTTZnOFpCc2xSNStNQ0xlay9DaHRBZGU2VXBQRApXQ2EwazU3dmdneUdQdGVlVXY2RVJBMEp6SjlJd2VHZGdVWHhNdW5LK3ZSNWYydWJKWFJoMVJpNTNFSTNvVUxYClFvWm9hOTY3VzNUajQ3UzR2RlQyK2dLb0g2OXlNckdVNVkwcjJrSTFXMVVhWEJ1aVVrMi94amdyWVdTblUzUUQKZkM3ZXllTlNlN3c4UW9MMVBEYXJwVXdaK2xGZ0w3NFVScldLQU12WVhxa3NTMHVtb0tTSWo4cjZMM0hVSUVaUgpZRzhBTU91dFhrQk5lMkNpTXRKM2NYUXNIOWloQU9QL3AvaE9BTTBGNkM3Ymt1Vm85d1pRdDVESWxRWUl4TlArClFRZ2doRnhBNTlTWmpwRk00QkN5L0hEOENJY3VuSURZOVNlbXNSYXdyUVY1eGk1akFScVdOYTdBSVMvVlArdUUKQkpmS0dDNFlZVmxqS1VLeEgxVUJBb0lCQVFEcnZOWXNrd3ZhQ2Z6MlcvbkIrRjNjVE1RbjM2RENSYnZwQ0s1dApldm96TjJGbjBJdWFnN2RrYzN2NTFxTVNEd0h1cVNkVTRHUHZMcm83alpJaFNEZ1AwLzBLWmc0VmxtZE5HbEovCk1lcXhmOGRkOFdTQjZiUksrK2FRcEhaeDd2SUFTWkE4eHkvZ3F2NGJpSmlqVDhUQ2lSeXdYSTQ0ZlRYM0xLZTIKVG1Uc29XNk9yQmErSWJRYjBpTEh4WE4rZ3JDM0cxWWxIUlNvTEpKUkU0eFVLMGsvM1JLNU16RjRIYUNZb1BWOQpDOFpQellMR253SE9ERU8zbHRtSGJvQUNFa0VrT2dFV3U4RFo2YlYrMXJBcVh6WnN0L3hNZnJ5KzlMRVdYQUwvCkRnOEdkall0YzdyUTFZd1BIY1h6cFo2clVIdXh2K0p6VEE1ZzNCS1p6aWhwNFdHaEFvSUJBUURkTXE3N0dRWGMKYW5hYlMxanlFT3VzNFp5ZlJ4cW10NEVFaHZjY0dRVVVrV0IrWk11bnpyaENxb3ZwQ1dhVU9zWVhuNG45Y3BQSAo3bm1mOUJHbFI4NVhCVHNLM2d4bE5NMUhjSGFTNXZSem9WQVBNd3o2VVV0ZFNLWXRLR0Q3Wkxmbm9ISXN1SlEzCnJ6WWIyTFhpVmx6MWlNNUVmT0VrL1J5UjBwMGtleXVwa0F0OXBRV0hzaURYb0pibDE2d1ZLc2NDNGUzNjdRRWsKcFdoeXcyS3A4bXdtOGxqQllxZWtHdUREeGVZSDMzMVlGa2FMUEJCT2xPQnlveFlOUDdBVVREUlV3KzB1T01jNwozb0N1VE9jWnAxVWMwQURBOXRTRVRINklWdlFEUXZlYzR6MWRTVGRmUEkxRzVUTCt4Mzlvam5OcGVoYng0bEwvCmRxTTBmcFlPL2ZmeEFvSUJBRmwzOU8wNzdjNlY1ZHoyY1djTnhVbThGT0p4UEVrZlFEOGtYVmNOeW5HdnZoY3gKamhwWmpUdmhuSmJvd0VFMVV1MXFZNVFTQ2J1WVIzUWN1ZTVKdzRVMlZwNGd0NDIzNUlMZHo1dVlyVk1xaE5jQgpxN3ltbnhlcVhRcGVjTm15NzBQdXA0QjV0SkVYTkpQc2xzbThsNWVoaERMbkhjOFFybStlRWhUZDBlNEJJcjJoClVJeGVyRVcyemg1MXNPeTkyeVhUaVRGU3hTbENxVkYrRXM5TEVtVGJtYVNTYWw4RkY1TjEyMVhYSnkvWWRwNjkKY0dqc1BMTXIzR2xMSmVnalYzZlJUK0o1NWFxT3lhUlhCTXRBRVo3WGdUampETzJJWHNGMnNHaHV4SU1XVUYrVgp3YnhLbi9xSXVUMU1pVmpKbGZpVE0vWEFVdUN1QlowOEloaDFRcUVDZ2dFQUZwdzJySzRMSGxPM21mb2l0bU9xClkzcVFVdXVtdXNIcEt6aE1qQSsycURxUC9YdDZJY1lNcWF2YkwwL3ByMTh1bm4yTlVsM2k0ejNxS3NKOUIwTUcKd1hoa1o2RDQ3V052VkUwWG9iNS80RTN0N0EvUTFNbDRoYW1HYXZsRXFJM01DcDRvN1k5VWZ6aW10RVA3bTQ0dQpaRjYranR1ZysvSHZlS3hwcWEvNWI1U3N5QVFWUTZDZW9Ndm1nTW9CNmd2OFdid1VZbURWakJSb1Q4clBEQVllCnJnQjV1QkxJaGdyRlROMnV2TUZJZzdlTE1ISk1UR3dGWVZKd1Q1eGgrRUV0M0RoR3gwSEFnOHNqcGkxd05md1gKeENFeTRvYVloSWw1S2FDUndyK1dwZS9JZHYrajdGVTVMN1QvK0hFV0FlOEZ0eE5td3dUYWJRaUllRFkwU29ZRgpVUUtDQVFFQXRiclZqbTFsaDQ1REhIWnVsem4xNllIQzJrMUYwWG9FZFVSQ3o0QTFsMHBEK3ljL2srdmJ0Qmg0Cm1RRDV1a3FicHFFZy9GNUhDZmdOaHlieHNNdVV6NzFaU24zN2dwczNDWUdiUyt4RkhjZTJBakNTbUlYQWIxQjgKR0Z2WnV4UlB5QXU0YVBvT1J3RzM3NVBOM0VNNk83bzdxbjlYeExTZWRIMHExM2U0YkhYYm4rc2xOa1RIM2xmcwpLVnBOUUhVSUNDSW5vQ0llV1dwdnAwQnFoYjlKclRsbXd2c25zOHpZVDNiY3F5QXZHZGRnNUs3Y0MwRVJaem9ECnFJTkI3S05FVjQ1NmF0eDZVT3VYUlpKREMvaHNJUTZNaVBveUJacHRsK1ZIMEtQbEFIWGExb0FXZmNuL0U3MFYKK0RaeVBiMWxkQUdpb1hqditGd2h5VzZlWEVrQlBnPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
+  </cert>
+  <syslog/>
+</opnsense>
diff --git a/harmony-rs/opnsense-config/src/tests/data/config-vm-test_cheat_descr.xml b/harmony-rs/opnsense-config/src/tests/data/config-vm-test_cheat_descr.xml
new file mode 100644
index 0000000..4f1442a
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/tests/data/config-vm-test_cheat_descr.xml
@@ -0,0 +1,987 @@
+<?xml version="1.0"?>
+<opnsense>
+  <theme>opnsense</theme>
+  <sysctl>
+    <item>
+      <descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
+      <tunable>vfs.read_max</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set the ephemeral port range to be lower.</descr>
+      <tunable>net.inet.ip.portrange.first</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Drop packets to closed TCP ports without returning a RST</descr>
+      <tunable>net.inet.tcp.blackhole</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
+      <tunable>net.inet.udp.blackhole</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Randomize the ID field in IP packets</descr>
+      <tunable>net.inet.ip.random_id</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
+        It can also be used to probe for information about your internal networks. These functions come enabled
+        as part of the standard FreeBSD core system.</descr>
+      <tunable>net.inet.ip.sourceroute</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
+        It can also be used to probe for information about your internal networks. These functions come enabled
+        as part of the standard FreeBSD core system.</descr>
+      <tunable>net.inet.ip.accept_sourceroute</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>This option turns off the logging of redirect packets because there is no limit and this could fill
+        up your logs consuming your whole hard drive.</descr>
+      <tunable>net.inet.icmp.log_redirect</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
+      <tunable>net.inet.tcp.drop_synfin</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Enable sending IPv6 redirects</descr>
+      <tunable>net.inet6.ip6.redirect</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
+      <tunable>net.inet6.ip6.use_tempaddr</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Prefer privacy addresses and use them over the normal addresses</descr>
+      <tunable>net.inet6.ip6.prefer_tempaddr</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
+      <tunable>net.inet.tcp.syncookies</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
+      <tunable>net.inet.tcp.recvspace</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
+      <tunable>net.inet.tcp.sendspace</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
+      <tunable>net.inet.tcp.delayed_ack</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum outgoing UDP datagram size</descr>
+      <tunable>net.inet.udp.maxdgram</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
+      <tunable>net.link.bridge.pfil_onlyip</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
+      <tunable>net.link.bridge.pfil_local_phys</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
+      <tunable>net.link.bridge.pfil_member</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set to 1 to enable filtering on the bridge interface</descr>
+      <tunable>net.link.bridge.pfil_bridge</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Allow unprivileged access to tap(4) device nodes</descr>
+      <tunable>net.link.tap.user_open</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
+      <tunable>kern.randompid</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
+      <tunable>hw.syscons.kbd_reboot</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Enable TCP extended debugging</descr>
+      <tunable>net.inet.tcp.log_debug</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set ICMP Limits</descr>
+      <tunable>net.inet.icmp.icmplim</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>TCP Offload Engine</descr>
+      <tunable>net.inet.tcp.tso</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>UDP Checksums</descr>
+      <tunable>net.inet.udp.checksum</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum socket buffer size</descr>
+      <tunable>kern.ipc.maxsockbuf</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Page Table Isolation (Meltdown mitigation, requires reboot.)</descr>
+      <tunable>vm.pmap.pti</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)</descr>
+      <tunable>hw.ibrs_disable</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Hide processes running as other groups</descr>
+      <tunable>security.bsd.see_other_gids</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Hide processes running as other users</descr>
+      <tunable>security.bsd.see_other_uids</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
+        and for the sender directly reachable, route and next hop is known.</descr>
+      <tunable>net.inet.ip.redirect</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum outgoing UDP datagram size</descr>
+      <tunable>net.local.dgram.maxdgram</tunable>
+      <value>default</value>
+    </item>
+  </sysctl>
+  <system>
+    <optimization>normal</optimization>
+    <hostname>OPNsense</hostname>
+    <domain>localdomain</domain>
+    <dnsallowoverride>1</dnsallowoverride>
+    <group>
+      <name>admins</name>
+      <description>System Administrators</description>
+      <scope>system</scope>
+      <gid>1999</gid>
+      <member>0</member>
+      <priv>page-all</priv>
+    </group>
+    <user>
+      <name>root</name>
+      <descr>System Administrator</descr>
+      <scope>system</scope>
+      <groupname>admins</groupname>
+      <password>$2y$10$YRVoF4SgskIsrXOvOQjGieB9XqHPRra9R7d80B3BZdbY/j21TwBfS</password>
+      <uid>0</uid>
+    </user>
+    <nextuid>2000</nextuid>
+    <nextgid>2000</nextgid>
+    <timezone>Etc/UTC</timezone>
+    <timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
+    <webgui>
+      <protocol>https</protocol>
+      <ssl-certref>6734d6c82dc59</ssl-certref>
+      <port/>
+      <ssl-ciphers/>
+      <interfaces/>
+      <compression/>
+    </webgui>
+    <disablenatreflection>yes</disablenatreflection>
+    <usevirtualterminal>1</usevirtualterminal>
+    <disableconsolemenu>1</disableconsolemenu>
+    <disablevlanhwfilter>1</disablevlanhwfilter>
+    <disablechecksumoffloading>1</disablechecksumoffloading>
+    <disablesegmentationoffloading>1</disablesegmentationoffloading>
+    <disablelargereceiveoffloading>1</disablelargereceiveoffloading>
+    <ipv6allow>1</ipv6allow>
+    <powerd_ac_mode>hadp</powerd_ac_mode>
+    <powerd_battery_mode>hadp</powerd_battery_mode>
+    <powerd_normal_mode>hadp</powerd_normal_mode>
+    <bogons>
+      <interval>monthly</interval>
+    </bogons>
+    <pf_share_forward>1</pf_share_forward>
+    <lb_use_sticky>1</lb_use_sticky>
+    <ssh>
+      <group>admins</group>
+      <noauto>1</noauto>
+      <interfaces/>
+      <kex/>
+      <ciphers/>
+      <macs/>
+      <keys/>
+      <keysig/>
+      <enabled>enabled</enabled>
+      <passwordauth>1</passwordauth>
+      <permitrootlogin>1</permitrootlogin>
+    </ssh>
+    <rrdbackup>-1</rrdbackup>
+    <netflowbackup>-1</netflowbackup>
+    <firmware version="1.0.1">
+      <mirror/>
+      <flavour/>
+      <plugins/>
+      <type/>
+      <subscription/>
+      <reboot/>
+    </firmware>
+    <dnsserver>192.168.5.1</dnsserver>
+    <language>en_US</language>
+    <serialspeed>115200</serialspeed>
+    <primaryconsole>video</primaryconsole>
+    <secondaryconsole>serial</secondaryconsole>
+  </system>
+  <interfaces>
+    <lan>
+      <enable>1</enable>
+      <if>le1</if>
+      <ipaddr>10.100.8.1</ipaddr>
+      <subnet>24</subnet>
+      <ipaddrv6>track6</ipaddrv6>
+      <subnetv6>64</subnetv6>
+      <media/>
+      <mediaopt/>
+      <track6-interface>wan</track6-interface>
+      <track6-prefix-id>0</track6-prefix-id>
+    </lan>
+    <lo0>
+      <internal_dynamic>1</internal_dynamic>
+      <descr>Loopback</descr>
+      <enable>1</enable>
+      <if>lo0</if>
+      <ipaddr>127.0.0.1</ipaddr>
+      <ipaddrv6>::1</ipaddrv6>
+      <subnet>8</subnet>
+      <subnetv6>128</subnetv6>
+      <type>none</type>
+      <virtual>1</virtual>
+    </lo0>
+    <wan>
+      <if>le0</if>
+      <descr/>
+      <enable>1</enable>
+      <spoofmac/>
+      <ipaddr>dhcp</ipaddr>
+      <dhcphostname/>
+      <alias-address/>
+      <alias-subnet>32</alias-subnet>
+      <dhcprejectfrom/>
+      <adv_dhcp_pt_timeout/>
+      <adv_dhcp_pt_retry/>
+      <adv_dhcp_pt_select_timeout/>
+      <adv_dhcp_pt_reboot/>
+      <adv_dhcp_pt_backoff_cutoff/>
+      <adv_dhcp_pt_initial_interval/>
+      <adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
+      <adv_dhcp_send_options/>
+      <adv_dhcp_request_options/>
+      <adv_dhcp_required_options/>
+      <adv_dhcp_option_modifiers/>
+      <adv_dhcp_config_advanced/>
+      <adv_dhcp_config_file_override/>
+      <adv_dhcp_config_file_override_path/>
+    </wan>
+  </interfaces>
+  <dhcpd>
+    <lan>
+      <enable/>
+      <range>
+        <from>10.100.8.10</from>
+        <to>10.100.8.245</to>
+      </range>
+      <staticmap>
+        <mac>d8:5e:d3:e7:2c:8c</mac>
+        <ipaddr>10.100.8.15</ipaddr>
+        <hostname>rtx4090</hostname>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+    </lan>
+  </dhcpd>
+  <snmpd>
+    <syslocation/>
+    <syscontact/>
+    <rocommunity>public</rocommunity>
+  </snmpd>
+  <nat>
+    <outbound>
+      <mode>automatic</mode>
+    </outbound>
+  </nat>
+  <filter>
+    <rule uuid="f79eded0-3c11-4f57-9aaa-55d4888589fa">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>80</port>
+      </destination>
+      <updated>
+        <username>root@192.168.5.204</username>
+        <time>1731518072.7612</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.5.204</username>
+        <time>1731518072.7612</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="4a5e7b65-0d7f-4452-8a29-2ec61a47ec19">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>443</port>
+      </destination>
+      <updated>
+        <username>root@192.168.5.204</username>
+        <time>1731518084.0639</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.5.204</username>
+        <time>1731518084.0639</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="0465308d-8605-466c-bcb4-95eeb989251a">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>tcp/udp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <any>1</any>
+        <port>22</port>
+      </destination>
+      <updated>
+        <username>root@192.168.5.204</username>
+        <time>1731518114.2801</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.5.204</username>
+        <time>1731518114.2801</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="2df05591-13e7-4d91-a1b8-d25e338ada5f">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Allow ping</descr>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>icmp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>(self)</network>
+      </destination>
+      <updated>
+        <username>root@192.168.5.204</username>
+        <time>1731518356.7559</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.5.204</username>
+        <time>1731518311.7033</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="f2ee612c-c290-4445-8045-df82a86db0e5">
+      <type>pass</type>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Default allow LAN to any rule</descr>
+      <interface>lan</interface>
+      <source>
+        <network>lan</network>
+      </source>
+      <destination>
+        <any/>
+      </destination>
+    </rule>
+    <rule uuid="b21f808a-6a4a-4cd6-9a83-1660cc8ea58b">
+      <type>pass</type>
+      <ipprotocol>inet6</ipprotocol>
+      <descr>Default allow LAN IPv6 to any rule</descr>
+      <interface>lan</interface>
+      <source>
+        <network>lan</network>
+      </source>
+      <destination>
+        <any/>
+      </destination>
+    </rule>
+  </filter>
+  <rrd>
+    <enable/>
+  </rrd>
+  <ntpd>
+    <prefer>0.opnsense.pool.ntp.org</prefer>
+  </ntpd>
+  <widgets>
+    <sequence>system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show</sequence>
+    <column_count>2</column_count>
+  </widgets>
+  <revision>
+    <username>root@192.168.5.204</username>
+    <time>1731534516.7156</time>
+    <description>/interfaces.php made changes</description>
+  </revision>
+  <OPNsense>
+    <DHCRelay version="1.0.1"/>
+    <wireguard>
+      <client version="1.0.0">
+        <clients/>
+      </client>
+      <general version="0.0.1">
+        <enabled>0</enabled>
+      </general>
+      <server version="1.0.0">
+        <servers/>
+      </server>
+    </wireguard>
+    <IPsec version="1.0.1">
+      <general>
+        <enabled/>
+      </general>
+      <keyPairs/>
+      <preSharedKeys/>
+    </IPsec>
+    <Swanctl version="1.0.0">
+      <Connections/>
+      <locals/>
+      <remotes/>
+      <children/>
+      <Pools/>
+      <VTIs/>
+      <SPDs/>
+    </Swanctl>
+    <OpenVPNExport version="0.0.1">
+      <servers/>
+    </OpenVPNExport>
+    <OpenVPN version="1.0.0">
+      <Overwrites/>
+      <Instances/>
+      <StaticKeys/>
+    </OpenVPN>
+    <captiveportal version="1.0.2">
+      <zones/>
+      <templates/>
+    </captiveportal>
+    <cron version="1.0.4">
+      <jobs/>
+    </cron>
+    <Firewall>
+      <Lvtemplate version="0.0.1">
+        <templates/>
+      </Lvtemplate>
+      <Alias version="1.0.1">
+        <geoip>
+          <url/>
+        </geoip>
+        <aliases/>
+      </Alias>
+      <Category version="1.0.0">
+        <categories/>
+      </Category>
+      <Filter version="1.0.4">
+        <rules/>
+        <snatrules/>
+        <npt/>
+        <onetoone/>
+      </Filter>
+    </Firewall>
+    <Netflow version="1.0.1">
+      <capture>
+        <interfaces/>
+        <egress_only/>
+        <version>v9</version>
+        <targets/>
+      </capture>
+      <collect>
+        <enable>0</enable>
+      </collect>
+      <activeTimeout>1800</activeTimeout>
+      <inactiveTimeout>15</inactiveTimeout>
+    </Netflow>
+    <IDS version="1.0.9">
+      <rules/>
+      <policies/>
+      <userDefinedRules/>
+      <files/>
+      <fileTags/>
+      <general>
+        <enabled>0</enabled>
+        <ips>0</ips>
+        <promisc>0</promisc>
+        <interfaces>wan</interfaces>
+        <homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
+        <defaultPacketSize/>
+        <UpdateCron/>
+        <AlertLogrotate>W0D23</AlertLogrotate>
+        <AlertSaveLogs>4</AlertSaveLogs>
+        <MPMAlgo/>
+        <detect>
+          <Profile/>
+          <toclient_groups/>
+          <toserver_groups/>
+        </detect>
+        <syslog>0</syslog>
+        <syslog_eve>0</syslog_eve>
+        <LogPayload>0</LogPayload>
+        <verbosity/>
+      </general>
+    </IDS>
+    <Interfaces>
+      <loopbacks version="1.0.0"/>
+      <neighbors version="1.0.0"/>
+      <vxlans version="1.0.2"/>
+    </Interfaces>
+    <Kea>
+      <ctrl_agent version="0.0.1">
+        <general>
+          <enabled>0</enabled>
+          <http_host>127.0.0.1</http_host>
+          <http_port>8000</http_port>
+        </general>
+      </ctrl_agent>
+      <dhcp4 version="1.0.0">
+        <general>
+          <enabled>0</enabled>
+          <interfaces/>
+          <valid_lifetime>4000</valid_lifetime>
+          <fwrules>1</fwrules>
+        </general>
+        <ha>
+          <enabled>0</enabled>
+          <this_server_name/>
+        </ha>
+        <subnets/>
+        <reservations/>
+        <ha_peers/>
+      </dhcp4>
+    </Kea>
+    <monit version="1.0.13">
+      <general>
+        <enabled>0</enabled>
+        <interval>120</interval>
+        <startdelay>120</startdelay>
+        <mailserver>127.0.0.1</mailserver>
+        <port>25</port>
+        <username/>
+        <password/>
+        <ssl>0</ssl>
+        <sslversion>auto</sslversion>
+        <sslverify>1</sslverify>
+        <logfile/>
+        <statefile/>
+        <eventqueuePath/>
+        <eventqueueSlots/>
+        <httpdEnabled>0</httpdEnabled>
+        <httpdUsername>root</httpdUsername>
+        <httpdPassword/>
+        <httpdPort>2812</httpdPort>
+        <httpdAllow/>
+        <mmonitUrl/>
+        <mmonitTimeout>5</mmonitTimeout>
+        <mmonitRegisterCredentials>1</mmonitRegisterCredentials>
+      </general>
+      <alert uuid="15f1e9ca-5dd5-4b20-b595-b6b4f82245d0">
+        <enabled>0</enabled>
+        <recipient>root@localhost.local</recipient>
+        <noton>0</noton>
+        <events/>
+        <format/>
+        <reminder/>
+        <description/>
+      </alert>
+      <service uuid="c1e99556-91f5-4dbf-81d7-7915a3213de9">
+        <enabled>1</enabled>
+        <name>$HOST</name>
+        <description/>
+        <type>system</type>
+        <pidfile/>
+        <match/>
+        <path/>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>91b4e409-211b-49d5-9fa3-dc9054106646,cbe9cb72-e8c2-4740-990c-abcc486b0654,c0708923-88de-4178-abdd-819737440ce0,e887125d-c5d2-45e6-b40d-2c400d5449d1</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <service uuid="7513f341-7d21-4f11-903f-30d07b3aa41e">
+        <enabled>1</enabled>
+        <name>RootFs</name>
+        <description/>
+        <type>filesystem</type>
+        <pidfile/>
+        <match/>
+        <path>/</path>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>cc3684f2-701e-4de4-883d-803e08cf47b6</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <service uuid="f99ada79-ba1a-4ee1-81f1-ef570e8e5ea9">
+        <enabled>0</enabled>
+        <name>carp_status_change</name>
+        <description/>
+        <type>custom</type>
+        <pidfile/>
+        <match/>
+        <path>/usr/local/opnsense/scripts/OPNsense/Monit/carp_status</path>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>f2d734cb-2a0e-4375-9460-11bdd5b20503</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <service uuid="dca8a81f-d389-4baa-b477-8b348194fd25">
+        <enabled>0</enabled>
+        <name>gateway_alert</name>
+        <description/>
+        <type>custom</type>
+        <pidfile/>
+        <match/>
+        <path>/usr/local/opnsense/scripts/OPNsense/Monit/gateway_alert</path>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>865105a2-cbea-4a01-9979-c67818da9d99</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <test uuid="ea6b821c-4f30-455b-bd5b-23a6f0c20554">
+        <name>Ping</name>
+        <type>NetworkPing</type>
+        <condition>failed ping</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="16186b38-0e13-4cc3-ad18-ccc3fcc91837">
+        <name>NetworkLink</name>
+        <type>NetworkInterface</type>
+        <condition>failed link</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="69117d4d-8c41-4712-97c0-87b4fa7c9837">
+        <name>NetworkSaturation</name>
+        <type>NetworkInterface</type>
+        <condition>saturation is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="91b4e409-211b-49d5-9fa3-dc9054106646">
+        <name>MemoryUsage</name>
+        <type>SystemResource</type>
+        <condition>memory usage is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="cbe9cb72-e8c2-4740-990c-abcc486b0654">
+        <name>CPUUsage</name>
+        <type>SystemResource</type>
+        <condition>cpu usage is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="c0708923-88de-4178-abdd-819737440ce0">
+        <name>LoadAvg1</name>
+        <type>SystemResource</type>
+        <condition>loadavg (1min) is greater than 4</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="e887125d-c5d2-45e6-b40d-2c400d5449d1">
+        <name>LoadAvg5</name>
+        <type>SystemResource</type>
+        <condition>loadavg (5min) is greater than 3</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="c34aab30-9194-4667-b516-004b9c90c1c0">
+        <name>LoadAvg15</name>
+        <type>SystemResource</type>
+        <condition>loadavg (15min) is greater than 2</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="cc3684f2-701e-4de4-883d-803e08cf47b6">
+        <name>SpaceUsage</name>
+        <type>SpaceUsage</type>
+        <condition>space usage is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="f2d734cb-2a0e-4375-9460-11bdd5b20503">
+        <name>ChangedStatus</name>
+        <type>ProgramStatus</type>
+        <condition>changed status</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="865105a2-cbea-4a01-9979-c67818da9d99">
+        <name>NonZeroStatus</name>
+        <type>ProgramStatus</type>
+        <condition>status != 0</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+    </monit>
+    <Gateways version="1.0.0">
+      <gateway_item uuid="a6ea102d-68bb-430f-af8b-269d52498fe1">
+        <disabled>0</disabled>
+        <name>WAN_GW</name>
+        <descr>Interface WAN Gateway</descr>
+        <interface>wan</interface>
+        <ipprotocol>inet</ipprotocol>
+        <gateway>172.17.0.1</gateway>
+        <defaultgw>1</defaultgw>
+        <fargw>0</fargw>
+        <monitor_disable>1</monitor_disable>
+        <monitor_noroute/>
+        <monitor/>
+        <force_down/>
+        <priority>255</priority>
+        <weight>1</weight>
+        <latencylow/>
+        <latencyhigh/>
+        <losslow/>
+        <losshigh/>
+        <interval/>
+        <time_period/>
+        <loss_interval/>
+        <data_length/>
+      </gateway_item>
+    </Gateways>
+    <Syslog version="1.0.2">
+      <general>
+        <enabled>1</enabled>
+        <loglocal>1</loglocal>
+        <maxpreserve>31</maxpreserve>
+        <maxfilesize/>
+      </general>
+      <destinations/>
+    </Syslog>
+    <TrafficShaper version="1.0.3">
+      <pipes/>
+      <queues/>
+      <rules/>
+    </TrafficShaper>
+    <unboundplus version="1.0.9">
+      <general>
+        <enabled>1</enabled>
+        <port>53</port>
+        <stats/>
+        <active_interface/>
+        <dns64/>
+        <dns64prefix/>
+        <noarecords/>
+        <regdhcp/>
+        <regdhcpdomain/>
+        <regdhcpstatic/>
+        <noreglladdr6/>
+        <noregrecords/>
+        <txtsupport/>
+        <cacheflush/>
+        <local_zone_type>transparent</local_zone_type>
+        <outgoing_interface/>
+        <enable_wpad/>
+      </general>
+      <advanced>
+        <hideidentity/>
+        <hideversion/>
+        <prefetch/>
+        <prefetchkey/>
+        <aggressivensec>1</aggressivensec>
+        <serveexpired/>
+        <serveexpiredreplyttl/>
+        <serveexpiredttl/>
+        <serveexpiredttlreset/>
+        <serveexpiredclienttimeout/>
+        <qnameminstrict/>
+        <extendedstatistics/>
+        <logqueries/>
+        <logreplies/>
+        <logtagqueryreply/>
+        <logservfail/>
+        <loglocalactions/>
+        <logverbosity>1</logverbosity>
+        <valloglevel>0</valloglevel>
+        <privatedomain/>
+        <privateaddress>0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10</privateaddress>
+        <insecuredomain/>
+        <msgcachesize/>
+        <rrsetcachesize/>
+        <outgoingnumtcp/>
+        <incomingnumtcp/>
+        <numqueriesperthread/>
+        <outgoingrange/>
+        <jostletimeout/>
+        <cachemaxttl/>
+        <cachemaxnegativettl/>
+        <cacheminttl/>
+        <infrahostttl/>
+        <infrakeepprobing/>
+        <infracachenumhosts/>
+        <unwantedreplythreshold/>
+      </advanced>
+      <acls>
+        <default_action>allow</default_action>
+      </acls>
+      <dnsbl>
+        <enabled>0</enabled>
+        <safesearch/>
+        <type/>
+        <lists/>
+        <whitelists/>
+        <blocklists/>
+        <wildcards/>
+        <address/>
+        <nxdomain/>
+      </dnsbl>
+      <forwarding>
+        <enabled/>
+      </forwarding>
+      <dots/>
+      <hosts/>
+      <aliases/>
+      <domains/>
+    </unboundplus>
+  </OPNsense>
+  <hasync version="1.0.0">
+    <disablepreempt>0</disablepreempt>
+    <disconnectppps>0</disconnectppps>
+    <pfsyncenabled>0</pfsyncenabled>
+    <pfsyncinterface>lan</pfsyncinterface>
+    <pfsyncpeerip/>
+    <pfsyncversion>1400</pfsyncversion>
+    <synchronizetoip/>
+    <username/>
+    <password/>
+    <syncitems/>
+  </hasync>
+  <openvpn/>
+  <ifgroups version="1.0.0"/>
+  <gifs version="1.0.0">
+    <gif/>
+  </gifs>
+  <gres version="1.0.0">
+    <gre/>
+  </gres>
+  <laggs version="1.0.0">
+    <lagg/>
+  </laggs>
+  <virtualip version="1.0.0">
+    <vip/>
+  </virtualip>
+  <vlans version="1.0.0">
+    <vlan/>
+  </vlans>
+  <staticroutes version="1.0.0">
+    <route/>
+  </staticroutes>
+  <bridges>
+    <bridged/>
+  </bridges>
+  <ppps>
+    <ppp/>
+  </ppps>
+  <wireless>
+    <clone/>
+  </wireless>
+  <ca/>
+  <dhcpdv6/>
+  <cert uuid="547102e9-23ba-48b8-8af8-64be61049e96">
+    <refid>6734d13fa9e4a</refid>
+    <descr>Web GUI TLS certificate</descr>
+    <caref/>
+    <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVSUhVRkpwc253VGtzYWRrZmRDNUp1SDhqWnZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5ERXhNVE14TmpFNE1EbGFGdzB5TlRFeU1UVXhOakU0TURsYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURKU1FlZ1RYckp5dDVWYmk0Rk9IeHJrOXhxQ21FRU54V2pINVVwNDBFK3hjUzZQU1NyCkNEclc3ZDlYcVJkOEpEZENtdGtLRGlMYWNaUzJMUm1abnd6VnRzZGtBR2pOYm5OM1hSNmlFajdGL0JnbVBlcDEKU2pJWnBTZzNkOS9YeHFPQTNZQllzTS9uUk9vWHlmTHcycFJOLzhHVjN3MHoxbVFZUitMZWI3UTFuc1c3dTJ5NworVHc5STZGU0J4bkdaR3RyUFl5NkVBb0NMdm1GQnFCYWxkWTQ2ejdlWjlIRkZXaE8ybWpaUzVPdTE3ZVozVHBxCnBRTVB1T2JxV3FyaE0xdjVjdmJodU5kREhNZ3ZVVFVnQ0RNK2FkS3dIc0dNNGw5ZGtOQTgxdGlJcXpzN1BqcjEKUm0wMlVuUXRneW8zY3hPRXVsYk9nU0hsdGhTMmtUMXE2UmhyemYvRGRJSEhta1RROGtwWVloWGc0VmpMQVdpSQpQbm9ncnZsRUlWMERhQ3ZEMjZiRkRDbVkxc29FbDV1NGtYanJScDRXK29NUVRHeG80NzFMQnNBMlh1Si82ZFJBCkJMVzh4dXBFODhEYmlrWW51NVdQaUp6ZXh4UVIyNU1FQVd6TCtKK0lubFExbmpMVWwyN3R0c1VQQ1VjL3c0NXoKcHBERHYwZnU0Nnp1S3EzY0VWRitiREsrQWdlT0Q2SXNzUjVRRTdFNVdkWjYrNWl6ZHB4eWdUeGh0L1k1RlBkSApHQjlCbDFrejR4bHRhczlvbmZrSDFkVHk3dzFNck43Z1l5WjgvS0pMWW9EY2NBOVFuNGt6bGtPeFVUMENuS1ExCmtWNk90aFRsVFgzK2duaUpJK3RXWUQ5bTRldXNzYWN1anpyWDl5TTNZcEloMnZqODJ0NHpPNjIrNFFJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRkJRZytucWI5QW9HSWtoTUxhNHFzWGRvY0JGcE1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVUlIVUYKSnBzbndUa3NhZGtmZEM1SnVIOGpadk13SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQUZqNlQ1MmRIUklVMHJuZDE0d2dob2tjUkdrK0hIQloyTGlDRHpUeUwKNHdCeTJ1ZXJXQWdvYUZzeUlNQzhwWTBhWlc4TFlSd1BtRVB0OXlUS09ZZzF0NWtOUnk2RkF5akszeis5TGZTQwoxRlFpb0pma3FHRnhoc1IxV1R5RjBGNmJmM2tZRDZ4OWw1dEdqMXF3SndrekZWZWcvZGNtUVhvRTBmUDRqSFFvCmgxWXdiZ3pTa084TzRLUVhuWXVRM3g0bWdoZnBvR0hQM2xINlcybDJlWHpqSzllRjJtUG1ZS0p1M3JpSnkvL3gKRzhQWXBYNlNTN3RoVnNNeHF3cGJHbURXQXRuSnNrSmVsNDI1WUdOYlZ4YTNPOHE3RWxLNGFoNXpmai8wRnVwTgo3SnlqMWQyZjZFck14WlFnUi9EdmlUVnhISytRY1lBRXBqU2ZmZzBrRStpS1BlN0VYTVk1VU1aZUFTK1ZteG1LCjBPOWxaQXNpWUlEMzkwVjNTaDZxYjhoL2xMZ0V2NCtSNUw1VEpFaldYc0dQSUpGaHJNSFJWR1lhV3JIYWx3eHYKNjE5NFlpSXBEaUlHSVVSWGN1U3dNcndIQzN0bms2QVo2OW5CczVXT1JYM0NxOVhRRnVrVlA5eUMxQnRuSmFwbQpubUMzK3NtTTErRjkxUXlkVXJtbUxPNUVwUmtTMitBcmRTSklUR1NRNWt4L3VLNjhzV0QzVVdNNVRibUxrcWdOCkt6djZjemVCbzJiVExDT0JKUWJ4STFCckRPTUFMSDlCdXdUamVXdUVtWE9TWE1lTDFsejdhL2JZKzJxa1BSOVAKTE5IekE2QXZlVmxucDNaeFdqMjZFK3dwYnU5cHBaY0QzRGVHRnRnZzVJbUJ2ZDNWbjJ6UVc4a1ZMT1ZBdllSawptdWc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
+    <csr/>
+    <prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpSQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1M0d2dna3FBZ0VBQW9JQ0FRREpTUWVnVFhySnl0NVYKYmk0Rk9IeHJrOXhxQ21FRU54V2pINVVwNDBFK3hjUzZQU1NyQ0RyVzdkOVhxUmQ4SkRkQ210a0tEaUxhY1pTMgpMUm1abnd6VnRzZGtBR2pOYm5OM1hSNmlFajdGL0JnbVBlcDFTaklacFNnM2Q5L1h4cU9BM1lCWXNNL25ST29YCnlmTHcycFJOLzhHVjN3MHoxbVFZUitMZWI3UTFuc1c3dTJ5NytUdzlJNkZTQnhuR1pHdHJQWXk2RUFvQ0x2bUYKQnFCYWxkWTQ2ejdlWjlIRkZXaE8ybWpaUzVPdTE3ZVozVHBxcFFNUHVPYnFXcXJoTTF2NWN2Ymh1TmRESE1ndgpVVFVnQ0RNK2FkS3dIc0dNNGw5ZGtOQTgxdGlJcXpzN1BqcjFSbTAyVW5RdGd5bzNjeE9FdWxiT2dTSGx0aFMyCmtUMXE2UmhyemYvRGRJSEhta1RROGtwWVloWGc0VmpMQVdpSVBub2dydmxFSVYwRGFDdkQyNmJGRENtWTFzb0UKbDV1NGtYanJScDRXK29NUVRHeG80NzFMQnNBMlh1Si82ZFJBQkxXOHh1cEU4OERiaWtZbnU1V1BpSnpleHhRUgoyNU1FQVd6TCtKK0lubFExbmpMVWwyN3R0c1VQQ1VjL3c0NXpwcEREdjBmdTQ2enVLcTNjRVZGK2JESytBZ2VPCkQ2SXNzUjVRRTdFNVdkWjYrNWl6ZHB4eWdUeGh0L1k1RlBkSEdCOUJsMWt6NHhsdGFzOW9uZmtIMWRUeTd3MU0Kck43Z1l5WjgvS0pMWW9EY2NBOVFuNGt6bGtPeFVUMENuS1Exa1Y2T3RoVGxUWDMrZ25pSkkrdFdZRDltNGV1cwpzYWN1anpyWDl5TTNZcEloMnZqODJ0NHpPNjIrNFFJREFRQUJBb0lDQUNPNnZpc1BIY3pzb1NjK2dkWkU1dGNNCnZkc240UDFIenVRd0VzRUcrVG1zanVWMVBZbExrbkE4OU1DQmdDejEyOFpMcU51ZlUwSDkxK1Uzbjd2MGJ1bVAKd3BpR2R4UUNOMlpZaGZ2RWE5YW1qMTNZYjBJbks3b0FKbUdrT254NW91UFl6YlBRblBNRE9WK0VKa2JwTWRxZgptOHdmOWg2OXYzSk03bUZJS0UrOVVZR252UjhuMkhETTNwR3FONEhQS1A4MkE0RXlvQ2d2a1BTelRxc052bU5ICnBOY0RURW5rNlNsWUhUVDNOSzJjVnBldUhMUzUrazlqNWI5elhUSlE5TkpVZlN6bnEvUmFpMUZVNDY1K0xpUjEKMGVPWDdnajFWUExOcGgwcWtQQy9ubW0vZStVMmZXUGZZb2FDcWkrQ0VwU2twQXlQZ1FZZTJsSG0rYVU4MzZ2UQpuaHZuL0p5ZHJDL1NyTUFZaXpOZFYyZjlHTkNwcE1SbUZyOS9saVJiNEFpSzRLSDRETGdSRUxHaDJLNzJuOFRLCkxUSVhIV3RacisyMWU4c0Mxbm5MSENnK21wMHBvSWJsbEtoYk9VTmVxR09yWm95NFBXdDZMQndFYzN0MG1wVEMKODhiSUpqMzFCQngzTGE1SUE5b0FNRi9lbHJYdFhhVnl4bm5yTHdjYzFNVWpCV20rZDVqbC9WOEdIcEJRd3pXYwpPNWdNSXlQNUIvdzBacUcyZjV1akZkOHo4dElmcEFRRTJSbDNxRUFYNU1NY1JQaFlTNDJqTWl4czc3TmtOVldQCkpqUVoxVDVXQTVKOUxEL2FKRkplQ2MvbjhpNldOQ3FzdEQ5OVNPTCsrTTBFQTlka2lLNWtOcXFZeXZuRG9SZVcKSW84eXhvVnpObURsWjBkSU9UUzlBb0lCQVFEb2tvMWxPS05FNlBWWmRRU3lmS0JOTEZNcEl1V1VVZmp0ODU4awpJTTB0TnNyS0d2N3NmYkt0dlMvOWgwMGluU2FyWTJ4amVETG91WEI5VzdKY1B1NjRoNHYwek1lbXRhdDRyTUJnClA5bkQ3MW00dERqS2ZrZDAza2tUbk4ySTBxYkwzeFVoTjNEQlJZTU9veDFMa2M4MFFFMHhSUEM1YmRJaXcwemEKTWdtK1dOZVY1VEZoSkpQZ2dVRVo5U1A2aWV1VEY0OW9wRGNWdGUwQ0I0WnFUaTRWb3YvZFVDWGpNK0djRnNWdgpPWTZYTE9KTmRldHdnUVNkd1hlSzB1WlBpWnVKTGlsTEg4OFVKYWNoQThDZW1SclMxRUtxWElwK2dkQWV4MnhVCmY5amRMMGF2SlJEY0xqWlhETXBvWlJpc0JoWVArZzY3VHZza3FscDh4M2p2STlWVkFvSUJBUURkajZrdWNLM0MKYXprMzlqYllvM3RFZ0R5L2VGNnBjWFlpK21Ba1ZNRk9vSWJ5cmNyN3BqSnRMNFMyMEFDRmpBUGFQT042dWVVWQpQQm92dC9QODB1V1c5cGZCK29mRmdadzRqc3hLWFY4eEJmOVdLWVZndFBsOHhIL1RJcERTMjhVTlowNDlhUW4vCjlCRzNac0lyenk3RzFLRTZPLzBMMnVmMnFyaUxxRFQyV3dsdFVsbWs2Ym5NeThkR0sra1JLcFhvSm1RTlNHRHoKOXd4blU2ZmZ1NDdDLzRYMHRIVk1MVFVneFh4djdqN3BpSzI4dzBuZ1N5S3ozV0IzWTJwaFVsZEJIdEprQko1RQpoRm8zMXJCVDU5enhkb2crYXh1bkh4S3EySGFHRkt0ZUZ6RGpkTTFpQzE3bWNtWXBzR2tuenA0cjRjZm5FYTFSCko4Wmo5ZVFQaEVOZEFvSUJBUUN3d2hsbXNkb2MySFVJVFZDSm13QjJSdGJaYitWT2lkS0lmdDBYcHpwcFA3aDIKVEhndEl3ZDIxayt2LzNJWGVaclhMWlJHTVNkNEN1QTgxa0ZEckt6Z1lGeDFiR0hkQ1R2T1ZuVkxjWnUvTjUxWQpMTmp3eFhMbmxyMnhnMG8zMytuWERyQlBjNFJsejcvZ2t3WUQxa2pGckkwK2dlZjI5a2w4RkRUSHJMb05DaGFuCm5PNmZweDRneGZ2Rmo3T05pZDhhQnhEK2RiaEw3dDIzNmlJMWp6K2xRQ0g0Z1I2YWhHYldxOVBZU2NWZWprVmMKbTkrWnZPVFdSU0RteUkwMExDQ2k3UXVEUmlTcmFrYVFaL3F3VHlxOHk0ZnpWS3dKby8yYU52VFZiK2xSaWNuTgorWHpMNnU5dno0L1NNZXZEYWtqQVVjdDZmbmVQa1UxK2dsZ2VZSHlWQW9JQkFRRFJtYW0wVEZhbFdXaHMvNWtOClEwTkhINFhZb1JmMGRta0xXQStCNzBoY2lOS0JYRlp0ME9GZGw1bVdsSm9adk1hY1BBUDd3MGJ1c1ZVWWxZN1YKTy9LRTZVM1I3WjlxQWw1Mnh1aU81Vnc3ZFhBRDVBM1EyZ1EzdTNFdG5VS2lwOVA0QlNYb1JLbDRJVDV0WVdJSgpyZHVUciszQ3VLT0FCcHh4Snpxa3JBRkdtZ01HRCtUTWRXd1hTU1NBeHVPYklNMW1MSU4wYVdlSEJNMFFKdnptClZIb1BFVXA1b0FwamdWVUVacTk4K0VjK0NOWkxmL2d3bndQNllsQnpRWEtQRlNXRWJwTWNtWjNjTmRWZmc5T1YKM1FDUTBkQzhNL21hRlhSRWVibE95TmtCanpEcHpVTExJUFNyVDhoRVlpWm95VGVyVGRJZVVBUEZoYnBTTUhtTApFRlhsQW9JQkFRQ0VUdVJQRHZvMC9tdDhyTzhLNENsamtuU0gxZ1FBSjFha3U3UXg3NUJUTDB6OWRNY2lMK1JLCng1R1lFTW1wcUtNb2FPbWc0WFVRMVRlQ2Vic1R0NjMyWXp6cmNCU0d1RzVnN1o0UUVublUzRXU5QklIMUVSL2gKSEk0NWowU0xNRUpObkNiTkpnRVNRRUFCbzN3cHhrRTdiRGlNdTVPOXVqMlFRVTlTTm94QkFmbVFXRDJJaU1BRQpWYzV3QTNZajBMdElSYkJmdzNBTE9uNlRSc2xucy9JMnd2Z1RCQW9sU3NZbEtEK0NRY3hDZldlNmZwU21aYmlCClBGUE9DY1ZQTXhGeXBhZWFJMkRXNWRPNFNoNGQ0ZlZma2F3ck9LN1N2QnFZb0Y5L2VndThzQS9ZdklaRVltQUQKd0ZIOGs1QjJ4WXdiNkVmNmFFQ29ZTitsNWtlWmhNWTgKLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
+  </cert>
+  <cert uuid="cad18e13-92c5-48b6-9b44-ad2e5dcc799e">
+    <refid>6734d6c82dc59</refid>
+    <descr>Web GUI TLS certificate</descr>
+    <caref/>
+    <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVZkNETXpFclQ4dlVoenJaTVJta3JiT3dnSUdNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5ERXhNVE14TmpReE5EVmFGdzB5TlRFeU1UVXhOalF4TkRWYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURMc0xEbjRta1R4RXJYdHdqTXoxencyeHJhNTZ5bTYrYzlRNEM3UjMyMzVuWjVPM1ovCnczL2tNV2Y5L25GbGpnMkFXWERJSmNXZjk0NFJFblFMdmlha2NNTHR1Qm1KTVRYZnVQWnhsSWE4Wlc0S0ZuT20KVFM0WXFCVzhHQkpJd0xtQ2kxb2RoWXhmUEQ2TFdEZnZYMm1tWEIrUFNxL0l4WEhOSjdxZVB4YzVuSzUyMW1uNQpuQ0FtZFBDY2JmdmdXdUM2TnhWbXpkeXpta1QvNnVqRUJFYTZ6RkQyUUtDN1N6a2ptZUNpd2VDQjc5NjZqeEV5ClFrVlFqYlQ5MFlyeENvdE8rbTJIQU5QZHNjT3FvNldXMEhmSlNpa2k4K2NDWHlzbGRFSzFZbmxueTNFWlVqTEwKVmplRS9XQVU0Q1BZUmhYVFVGVTIxZFV2azNvYUVpeldVdmhKc1FHYnh2aFRUQlN3aVliOUQ3Ymx1MWl4UzJxNwo3Mzk5VWdRN3FTNUFhOElHbXA4NUNoUUlBWUVjSTd6RGVWTGtrOGpkWkFCaTdGbDl0M05OQTU3WlVZVzErWE45CitUZ3ljMTlTbGoxVW1RdkRvekxCQzk5TVJpLzREQTIxRFpIODY3ekFYenFqZWUrckorQkZvNzVEQjlqd2tMTmUKUGVpemxRenRIWmpSU0tnaWdSNU9KSmtSVHIvNjduaTBtbzVITGNkU3hBSDFmdXdXS0hWS2RHQlQrNjhhYkUrZwprUSsrVDhMenVhK1FtakxOUVFqMVJCSFYzSzVQL3dvbXJKZG02d1ZLbm85RXlNait4azFwS05wb0F4UnR1WllmCkNEVVVQWjR1cEJtbzBLN3dGNHdtV3VXYSttVndlb1ZTcDRXMEhOWVJGU1pyWWxrc1AzdWViSHcva1FJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRktidDd0QkRKN1daV1lMblQ5cEhTMklPdTg1TU1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVWZDRE0KekVyVDh2VWh6clpNUm1rcmJPd2dJR013SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQWNQbmllQ29FSmRjV25CVHdqRmE3bjZqTFMrZ1pUYUk2ZjAzWktQMFYKQ0pSaDUxWTNwb2dpcnJYcVNHQ1VGTVNHbGpsQ21mU2VhdW9GWFYwanZLejhnMGZ1NU9kYlhjd2FrZFBZSXgydQpVT0dMbllTaEdCNlpoMmhpWWdSVGFpemJoTVliQitzQkV4QU1CdHZRZElSZ3dBWkRNWE9jY0MwZnJaMFhRRlRFCnQ3by82VGYvZEprdnB0cmRYWW1INnFUWlA2MGxyTnlabVloTjc1NEluOFZLRVVSRWNZamg1ejlJanA1NTE1cU0Kb0VrSGNKbTBDNkh2VStETG1ybFpFYkV4bnVOMFQzWTBNZ0hiVFVhU2Y1L2FKVmlIM0dOMnMzbG1ZM0VXTS9Vcwo3azFyc2JTa2orZzJvQXlTcjU0Nlc4RkdaMjliZFlOYk1EaTQ4aXVRQWlzRlQrTGZXN3Y3RVl3WGJ3NUhSVkpNCjV2MlhnenJwN2Yxa08zckEzeXUyS1VSSktHdjJ1ZXhNSythb1VOZXhRT3ludmZGUTBCemRHQ1dlcmVvZTZ3bDMKbHc4Z2dCWDI1VGIxbzR3d1UzNXdtUUIrMC9rbjB0SXoveVBhY2JzbDAwZ0dJNFhTbWpRQmF0MUZYRHFEME1JMgp4S0RqMXZ2dkNTVnRKc09ESG95eDhLc3ptbno5UVFoV0ZNeC9LTXp1clh0OWtsWFRJc0t3d2NXMytZQWtQMzNaClgvOGJnZS8zK2RibTdNN3BndmFBNVFlU3VTbkwzNjdLT1g1NlNZNGFZWHhkc1haVDc0ZGxVRU1jbG9NU0NIOG4KR25QWlpyWTNHdnZaU2ovQWdqT2lDNHNBL2JSSmh4cCtUQndlRFByR0pFUEJFVW9sZEZHVXdraFJXMVVuRlc2YwpyTGM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
+    <csr/>
+    <prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRRExzTERuNG1rVHhFclgKdHdqTXoxencyeHJhNTZ5bTYrYzlRNEM3UjMyMzVuWjVPM1ovdzMva01XZjkvbkZsamcyQVdYRElKY1dmOTQ0UgpFblFMdmlha2NNTHR1Qm1KTVRYZnVQWnhsSWE4Wlc0S0ZuT21UUzRZcUJXOEdCSkl3TG1DaTFvZGhZeGZQRDZMCldEZnZYMm1tWEIrUFNxL0l4WEhOSjdxZVB4YzVuSzUyMW1uNW5DQW1kUENjYmZ2Z1d1QzZOeFZtemR5em1rVC8KNnVqRUJFYTZ6RkQyUUtDN1N6a2ptZUNpd2VDQjc5NjZqeEV5UWtWUWpiVDkwWXJ4Q290TyttMkhBTlBkc2NPcQpvNldXMEhmSlNpa2k4K2NDWHlzbGRFSzFZbmxueTNFWlVqTExWamVFL1dBVTRDUFlSaFhUVUZVMjFkVXZrM29hCkVpeldVdmhKc1FHYnh2aFRUQlN3aVliOUQ3Ymx1MWl4UzJxNzczOTlVZ1E3cVM1QWE4SUdtcDg1Q2hRSUFZRWMKSTd6RGVWTGtrOGpkWkFCaTdGbDl0M05OQTU3WlVZVzErWE45K1RneWMxOVNsajFVbVF2RG96TEJDOTlNUmkvNApEQTIxRFpIODY3ekFYenFqZWUrckorQkZvNzVEQjlqd2tMTmVQZWl6bFF6dEhaalJTS2dpZ1I1T0pKa1JUci82CjduaTBtbzVITGNkU3hBSDFmdXdXS0hWS2RHQlQrNjhhYkUrZ2tRKytUOEx6dWErUW1qTE5RUWoxUkJIVjNLNVAKL3dvbXJKZG02d1ZLbm85RXlNait4azFwS05wb0F4UnR1WllmQ0RVVVBaNHVwQm1vMEs3d0Y0d21XdVdhK21Wdwplb1ZTcDRXMEhOWVJGU1pyWWxrc1AzdWViSHcva1FJREFRQUJBb0lDQUFzc3hPL2IzSTd3a0hpWU9wdmQ3b2ZxClJXVm9HM0ZHOVBkSCtrcU1DQW9zVXlpZ2lnWkZhQUZSY3BhZFBJUnBVRFZQOHQrUUx2RHhTSEtJVkNTR3lLRHgKN01mVTkxV3ZCUGtpc1NhWEV2TklEMHJ2WTJYbXl4WWdOcDBNcHdnbHhxZXlWSDNWSTFmZ09zQXpWVkpGSmtzeAp0NnVKV2U2R1lwRnlVZ3MzZytNdHhPYVJLZHcvWkFZb0dVRkR5WE5NR1JNdVRYYkg2WWxTOStFZ2RxZTJZbGtDCk41amkvODUydUlwSytXZUVnbmd1ZkVZNDdpVVhQSzFJTVB0UjRURUxOb3hkTWVBYnZBUG9La2QwMWZOWnVaQ3EKQ0dxNS9kMEQ4cDZKNjlUK3M1RnR1R1UrdkxtcUg3NmtsZjVmTTZnOFpCc2xSNStNQ0xlay9DaHRBZGU2VXBQRApXQ2EwazU3dmdneUdQdGVlVXY2RVJBMEp6SjlJd2VHZGdVWHhNdW5LK3ZSNWYydWJKWFJoMVJpNTNFSTNvVUxYClFvWm9hOTY3VzNUajQ3UzR2RlQyK2dLb0g2OXlNckdVNVkwcjJrSTFXMVVhWEJ1aVVrMi94amdyWVdTblUzUUQKZkM3ZXllTlNlN3c4UW9MMVBEYXJwVXdaK2xGZ0w3NFVScldLQU12WVhxa3NTMHVtb0tTSWo4cjZMM0hVSUVaUgpZRzhBTU91dFhrQk5lMkNpTXRKM2NYUXNIOWloQU9QL3AvaE9BTTBGNkM3Ymt1Vm85d1pRdDVESWxRWUl4TlArClFRZ2doRnhBNTlTWmpwRk00QkN5L0hEOENJY3VuSURZOVNlbXNSYXdyUVY1eGk1akFScVdOYTdBSVMvVlArdUUKQkpmS0dDNFlZVmxqS1VLeEgxVUJBb0lCQVFEcnZOWXNrd3ZhQ2Z6MlcvbkIrRjNjVE1RbjM2RENSYnZwQ0s1dApldm96TjJGbjBJdWFnN2RrYzN2NTFxTVNEd0h1cVNkVTRHUHZMcm83alpJaFNEZ1AwLzBLWmc0VmxtZE5HbEovCk1lcXhmOGRkOFdTQjZiUksrK2FRcEhaeDd2SUFTWkE4eHkvZ3F2NGJpSmlqVDhUQ2lSeXdYSTQ0ZlRYM0xLZTIKVG1Uc29XNk9yQmErSWJRYjBpTEh4WE4rZ3JDM0cxWWxIUlNvTEpKUkU0eFVLMGsvM1JLNU16RjRIYUNZb1BWOQpDOFpQellMR253SE9ERU8zbHRtSGJvQUNFa0VrT2dFV3U4RFo2YlYrMXJBcVh6WnN0L3hNZnJ5KzlMRVdYQUwvCkRnOEdkall0YzdyUTFZd1BIY1h6cFo2clVIdXh2K0p6VEE1ZzNCS1p6aWhwNFdHaEFvSUJBUURkTXE3N0dRWGMKYW5hYlMxanlFT3VzNFp5ZlJ4cW10NEVFaHZjY0dRVVVrV0IrWk11bnpyaENxb3ZwQ1dhVU9zWVhuNG45Y3BQSAo3bm1mOUJHbFI4NVhCVHNLM2d4bE5NMUhjSGFTNXZSem9WQVBNd3o2VVV0ZFNLWXRLR0Q3Wkxmbm9ISXN1SlEzCnJ6WWIyTFhpVmx6MWlNNUVmT0VrL1J5UjBwMGtleXVwa0F0OXBRV0hzaURYb0pibDE2d1ZLc2NDNGUzNjdRRWsKcFdoeXcyS3A4bXdtOGxqQllxZWtHdUREeGVZSDMzMVlGa2FMUEJCT2xPQnlveFlOUDdBVVREUlV3KzB1T01jNwozb0N1VE9jWnAxVWMwQURBOXRTRVRINklWdlFEUXZlYzR6MWRTVGRmUEkxRzVUTCt4Mzlvam5OcGVoYng0bEwvCmRxTTBmcFlPL2ZmeEFvSUJBRmwzOU8wNzdjNlY1ZHoyY1djTnhVbThGT0p4UEVrZlFEOGtYVmNOeW5HdnZoY3gKamhwWmpUdmhuSmJvd0VFMVV1MXFZNVFTQ2J1WVIzUWN1ZTVKdzRVMlZwNGd0NDIzNUlMZHo1dVlyVk1xaE5jQgpxN3ltbnhlcVhRcGVjTm15NzBQdXA0QjV0SkVYTkpQc2xzbThsNWVoaERMbkhjOFFybStlRWhUZDBlNEJJcjJoClVJeGVyRVcyemg1MXNPeTkyeVhUaVRGU3hTbENxVkYrRXM5TEVtVGJtYVNTYWw4RkY1TjEyMVhYSnkvWWRwNjkKY0dqc1BMTXIzR2xMSmVnalYzZlJUK0o1NWFxT3lhUlhCTXRBRVo3WGdUampETzJJWHNGMnNHaHV4SU1XVUYrVgp3YnhLbi9xSXVUMU1pVmpKbGZpVE0vWEFVdUN1QlowOEloaDFRcUVDZ2dFQUZwdzJySzRMSGxPM21mb2l0bU9xClkzcVFVdXVtdXNIcEt6aE1qQSsycURxUC9YdDZJY1lNcWF2YkwwL3ByMTh1bm4yTlVsM2k0ejNxS3NKOUIwTUcKd1hoa1o2RDQ3V052VkUwWG9iNS80RTN0N0EvUTFNbDRoYW1HYXZsRXFJM01DcDRvN1k5VWZ6aW10RVA3bTQ0dQpaRjYranR1ZysvSHZlS3hwcWEvNWI1U3N5QVFWUTZDZW9Ndm1nTW9CNmd2OFdid1VZbURWakJSb1Q4clBEQVllCnJnQjV1QkxJaGdyRlROMnV2TUZJZzdlTE1ISk1UR3dGWVZKd1Q1eGgrRUV0M0RoR3gwSEFnOHNqcGkxd05md1gKeENFeTRvYVloSWw1S2FDUndyK1dwZS9JZHYrajdGVTVMN1QvK0hFV0FlOEZ0eE5td3dUYWJRaUllRFkwU29ZRgpVUUtDQVFFQXRiclZqbTFsaDQ1REhIWnVsem4xNllIQzJrMUYwWG9FZFVSQ3o0QTFsMHBEK3ljL2srdmJ0Qmg0Cm1RRDV1a3FicHFFZy9GNUhDZmdOaHlieHNNdVV6NzFaU24zN2dwczNDWUdiUyt4RkhjZTJBakNTbUlYQWIxQjgKR0Z2WnV4UlB5QXU0YVBvT1J3RzM3NVBOM0VNNk83bzdxbjlYeExTZWRIMHExM2U0YkhYYm4rc2xOa1RIM2xmcwpLVnBOUUhVSUNDSW5vQ0llV1dwdnAwQnFoYjlKclRsbXd2c25zOHpZVDNiY3F5QXZHZGRnNUs3Y0MwRVJaem9ECnFJTkI3S05FVjQ1NmF0eDZVT3VYUlpKREMvaHNJUTZNaVBveUJacHRsK1ZIMEtQbEFIWGExb0FXZmNuL0U3MFYKK0RaeVBiMWxkQUdpb1hqditGd2h5VzZlWEVrQlBnPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
+  </cert>
+  <syslog/>
+</opnsense>
diff --git a/harmony-rs/opnsense-config/src/tests/data/config-vm-test_linted.xml b/harmony-rs/opnsense-config/src/tests/data/config-vm-test_linted.xml
new file mode 100644
index 0000000..1d176b4
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/tests/data/config-vm-test_linted.xml
@@ -0,0 +1,994 @@
+<?xml version="1.0"?>
+<opnsense>
+  <theme>opnsense</theme>
+  <sysctl>
+    <item>
+      <descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
+      <tunable>vfs.read_max</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set the ephemeral port range to be lower.</descr>
+      <tunable>net.inet.ip.portrange.first</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Drop packets to closed TCP ports without returning a RST</descr>
+      <tunable>net.inet.tcp.blackhole</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
+      <tunable>net.inet.udp.blackhole</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Randomize the ID field in IP packets</descr>
+      <tunable>net.inet.ip.random_id</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>
+        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
+        It can also be used to probe for information about your internal networks. These functions come enabled
+        as part of the standard FreeBSD core system.
+      </descr>
+      <tunable>net.inet.ip.sourceroute</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>
+        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
+        It can also be used to probe for information about your internal networks. These functions come enabled
+        as part of the standard FreeBSD core system.
+      </descr>
+      <tunable>net.inet.ip.accept_sourceroute</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>
+        This option turns off the logging of redirect packets because there is no limit and this could fill
+        up your logs consuming your whole hard drive.
+      </descr>
+      <tunable>net.inet.icmp.log_redirect</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
+      <tunable>net.inet.tcp.drop_synfin</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Enable sending IPv6 redirects</descr>
+      <tunable>net.inet6.ip6.redirect</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
+      <tunable>net.inet6.ip6.use_tempaddr</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Prefer privacy addresses and use them over the normal addresses</descr>
+      <tunable>net.inet6.ip6.prefer_tempaddr</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
+      <tunable>net.inet.tcp.syncookies</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
+      <tunable>net.inet.tcp.recvspace</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
+      <tunable>net.inet.tcp.sendspace</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
+      <tunable>net.inet.tcp.delayed_ack</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum outgoing UDP datagram size</descr>
+      <tunable>net.inet.udp.maxdgram</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
+      <tunable>net.link.bridge.pfil_onlyip</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
+      <tunable>net.link.bridge.pfil_local_phys</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
+      <tunable>net.link.bridge.pfil_member</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set to 1 to enable filtering on the bridge interface</descr>
+      <tunable>net.link.bridge.pfil_bridge</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Allow unprivileged access to tap(4) device nodes</descr>
+      <tunable>net.link.tap.user_open</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
+      <tunable>kern.randompid</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
+      <tunable>hw.syscons.kbd_reboot</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Enable TCP extended debugging</descr>
+      <tunable>net.inet.tcp.log_debug</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Set ICMP Limits</descr>
+      <tunable>net.inet.icmp.icmplim</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>TCP Offload Engine</descr>
+      <tunable>net.inet.tcp.tso</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>UDP Checksums</descr>
+      <tunable>net.inet.udp.checksum</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum socket buffer size</descr>
+      <tunable>kern.ipc.maxsockbuf</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Page Table Isolation (Meltdown mitigation, requires reboot.)</descr>
+      <tunable>vm.pmap.pti</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)</descr>
+      <tunable>hw.ibrs_disable</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Hide processes running as other groups</descr>
+      <tunable>security.bsd.see_other_gids</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Hide processes running as other users</descr>
+      <tunable>security.bsd.see_other_uids</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
+        and for the sender directly reachable, route and next hop is known.
+      </descr>
+      <tunable>net.inet.ip.redirect</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr>Maximum outgoing UDP datagram size</descr>
+      <tunable>net.local.dgram.maxdgram</tunable>
+      <value>default</value>
+    </item>
+  </sysctl>
+  <system>
+    <optimization>normal</optimization>
+    <hostname>OPNsense</hostname>
+    <domain>localdomain</domain>
+    <dnsallowoverride>1</dnsallowoverride>
+    <group>
+      <name>admins</name>
+      <description>System Administrators</description>
+      <scope>system</scope>
+      <gid>1999</gid>
+      <member>0</member>
+      <priv>page-all</priv>
+    </group>
+    <user>
+      <name>root</name>
+      <descr>System Administrator</descr>
+      <scope>system</scope>
+      <groupname>admins</groupname>
+      <password>$2y$10$YRVoF4SgskIsrXOvOQjGieB9XqHPRra9R7d80B3BZdbY/j21TwBfS</password>
+      <uid>0</uid>
+    </user>
+    <nextuid>2000</nextuid>
+    <nextgid>2000</nextgid>
+    <timezone>Etc/UTC</timezone>
+    <timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
+    <webgui>
+      <protocol>https</protocol>
+      <ssl-certref>6734d6c82dc59</ssl-certref>
+      <port/>
+      <ssl-ciphers/>
+      <interfaces/>
+      <compression/>
+    </webgui>
+    <disablenatreflection>yes</disablenatreflection>
+    <usevirtualterminal>1</usevirtualterminal>
+    <disableconsolemenu>1</disableconsolemenu>
+    <disablevlanhwfilter>1</disablevlanhwfilter>
+    <disablechecksumoffloading>1</disablechecksumoffloading>
+    <disablesegmentationoffloading>1</disablesegmentationoffloading>
+    <disablelargereceiveoffloading>1</disablelargereceiveoffloading>
+    <ipv6allow>1</ipv6allow>
+    <powerd_ac_mode>hadp</powerd_ac_mode>
+    <powerd_battery_mode>hadp</powerd_battery_mode>
+    <powerd_normal_mode>hadp</powerd_normal_mode>
+    <bogons>
+      <interval>monthly</interval>
+    </bogons>
+    <pf_share_forward>1</pf_share_forward>
+    <lb_use_sticky>1</lb_use_sticky>
+    <ssh>
+      <group>admins</group>
+      <noauto>1</noauto>
+      <interfaces/>
+      <kex/>
+      <ciphers/>
+      <macs/>
+      <keys/>
+      <keysig/>
+      <enabled>enabled</enabled>
+      <passwordauth>1</passwordauth>
+      <permitrootlogin>1</permitrootlogin>
+    </ssh>
+    <rrdbackup>-1</rrdbackup>
+    <netflowbackup>-1</netflowbackup>
+    <firmware version="1.0.1">
+      <mirror/>
+      <flavour/>
+      <plugins/>
+      <type/>
+      <subscription/>
+      <reboot/>
+    </firmware>
+    <dnsserver>192.168.5.1</dnsserver>
+    <language>en_US</language>
+    <serialspeed>115200</serialspeed>
+    <primaryconsole>video</primaryconsole>
+    <secondaryconsole>serial</secondaryconsole>
+  </system>
+  <interfaces>
+    <lan>
+      <enable>1</enable>
+      <if>le1</if>
+      <ipaddr>10.100.8.1</ipaddr>
+      <subnet>24</subnet>
+      <ipaddrv6>track6</ipaddrv6>
+      <subnetv6>64</subnetv6>
+      <media/>
+      <mediaopt/>
+      <track6-interface>wan</track6-interface>
+      <track6-prefix-id>0</track6-prefix-id>
+    </lan>
+    <lo0>
+      <internal_dynamic>1</internal_dynamic>
+      <descr>Loopback</descr>
+      <enable>1</enable>
+      <if>lo0</if>
+      <ipaddr>127.0.0.1</ipaddr>
+      <ipaddrv6>::1</ipaddrv6>
+      <subnet>8</subnet>
+      <subnetv6>128</subnetv6>
+      <type>none</type>
+      <virtual>1</virtual>
+    </lo0>
+    <wan>
+      <if>le0</if>
+      <descr/>
+      <enable>1</enable>
+      <spoofmac/>
+      <ipaddr>dhcp</ipaddr>
+      <dhcphostname/>
+      <alias-address/>
+      <alias-subnet>32</alias-subnet>
+      <dhcprejectfrom/>
+      <adv_dhcp_pt_timeout/>
+      <adv_dhcp_pt_retry/>
+      <adv_dhcp_pt_select_timeout/>
+      <adv_dhcp_pt_reboot/>
+      <adv_dhcp_pt_backoff_cutoff/>
+      <adv_dhcp_pt_initial_interval/>
+      <adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
+      <adv_dhcp_send_options/>
+      <adv_dhcp_request_options/>
+      <adv_dhcp_required_options/>
+      <adv_dhcp_option_modifiers/>
+      <adv_dhcp_config_advanced/>
+      <adv_dhcp_config_file_override/>
+      <adv_dhcp_config_file_override_path/>
+    </wan>
+  </interfaces>
+  <dhcpd>
+    <lan>
+      <enable/>
+      <range>
+        <from>10.100.8.10</from>
+        <to>10.100.8.245</to>
+      </range>
+      <staticmap>
+        <mac>d8:5e:d3:e7:2c:8c</mac>
+        <ipaddr>10.100.8.15</ipaddr>
+        <hostname>rtx4090</hostname>
+        <winsserver/>
+        <dnsserver/>
+        <ntpserver/>
+      </staticmap>
+    </lan>
+  </dhcpd>
+  <snmpd>
+    <syslocation/>
+    <syscontact/>
+    <rocommunity>public</rocommunity>
+  </snmpd>
+  <nat>
+    <outbound>
+      <mode>automatic</mode>
+    </outbound>
+  </nat>
+  <filter>
+    <rule uuid="f79eded0-3c11-4f57-9aaa-55d4888589fa">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>80</port>
+      </destination>
+      <updated>
+        <username>root@192.168.5.204</username>
+        <time>1731518072.7612</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.5.204</username>
+        <time>1731518072.7612</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="4a5e7b65-0d7f-4452-8a29-2ec61a47ec19">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>tcp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>443</port>
+      </destination>
+      <updated>
+        <username>root@192.168.5.204</username>
+        <time>1731518084.0639</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.5.204</username>
+        <time>1731518084.0639</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="0465308d-8605-466c-bcb4-95eeb989251a">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>tcp/udp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <any>1</any>
+        <port>22</port>
+      </destination>
+      <updated>
+        <username>root@192.168.5.204</username>
+        <time>1731518114.2801</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.5.204</username>
+        <time>1731518114.2801</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="2df05591-13e7-4d91-a1b8-d25e338ada5f">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Allow ping</descr>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>icmp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>(self)</network>
+      </destination>
+      <updated>
+        <username>root@192.168.5.204</username>
+        <time>1731518356.7559</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@192.168.5.204</username>
+        <time>1731518311.7033</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="f2ee612c-c290-4445-8045-df82a86db0e5">
+      <type>pass</type>
+      <ipprotocol>inet</ipprotocol>
+      <descr>Default allow LAN to any rule</descr>
+      <interface>lan</interface>
+      <source>
+        <network>lan</network>
+      </source>
+      <destination>
+        <any/>
+      </destination>
+    </rule>
+    <rule uuid="b21f808a-6a4a-4cd6-9a83-1660cc8ea58b">
+      <type>pass</type>
+      <ipprotocol>inet6</ipprotocol>
+      <descr>Default allow LAN IPv6 to any rule</descr>
+      <interface>lan</interface>
+      <source>
+        <network>lan</network>
+      </source>
+      <destination>
+        <any/>
+      </destination>
+    </rule>
+  </filter>
+  <rrd>
+    <enable/>
+  </rrd>
+  <ntpd>
+    <prefer>0.opnsense.pool.ntp.org</prefer>
+  </ntpd>
+  <widgets>
+    <sequence>system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show</sequence>
+    <column_count>2</column_count>
+  </widgets>
+  <revision>
+    <username>root@192.168.5.204</username>
+    <time>1731534516.7156</time>
+    <description>/interfaces.php made changes</description>
+  </revision>
+  <OPNsense>
+    <DHCRelay version="1.0.1"/>
+    <wireguard>
+      <client version="1.0.0">
+        <clients/>
+      </client>
+      <general version="0.0.1">
+        <enabled>0</enabled>
+      </general>
+      <server version="1.0.0">
+        <servers/>
+      </server>
+    </wireguard>
+    <IPsec version="1.0.1">
+      <general>
+        <enabled/>
+      </general>
+      <keyPairs/>
+      <preSharedKeys/>
+    </IPsec>
+    <Swanctl version="1.0.0">
+      <Connections/>
+      <locals/>
+      <remotes/>
+      <children/>
+      <Pools/>
+      <VTIs/>
+      <SPDs/>
+    </Swanctl>
+    <OpenVPNExport version="0.0.1">
+      <servers/>
+    </OpenVPNExport>
+    <OpenVPN version="1.0.0">
+      <Overwrites/>
+      <Instances/>
+      <StaticKeys/>
+    </OpenVPN>
+    <captiveportal version="1.0.2">
+      <zones/>
+      <templates/>
+    </captiveportal>
+    <cron version="1.0.4">
+      <jobs/>
+    </cron>
+    <Firewall>
+      <Lvtemplate version="0.0.1">
+        <templates/>
+      </Lvtemplate>
+      <Alias version="1.0.1">
+        <geoip>
+          <url/>
+        </geoip>
+        <aliases/>
+      </Alias>
+      <Category version="1.0.0">
+        <categories/>
+      </Category>
+      <Filter version="1.0.4">
+        <rules/>
+        <snatrules/>
+        <npt/>
+        <onetoone/>
+      </Filter>
+    </Firewall>
+    <Netflow version="1.0.1">
+      <capture>
+        <interfaces/>
+        <egress_only/>
+        <version>v9</version>
+        <targets/>
+      </capture>
+      <collect>
+        <enable>0</enable>
+      </collect>
+      <activeTimeout>1800</activeTimeout>
+      <inactiveTimeout>15</inactiveTimeout>
+    </Netflow>
+    <IDS version="1.0.9">
+      <rules/>
+      <policies/>
+      <userDefinedRules/>
+      <files/>
+      <fileTags/>
+      <general>
+        <enabled>0</enabled>
+        <ips>0</ips>
+        <promisc>0</promisc>
+        <interfaces>wan</interfaces>
+        <homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
+        <defaultPacketSize/>
+        <UpdateCron/>
+        <AlertLogrotate>W0D23</AlertLogrotate>
+        <AlertSaveLogs>4</AlertSaveLogs>
+        <MPMAlgo/>
+        <detect>
+          <Profile/>
+          <toclient_groups/>
+          <toserver_groups/>
+        </detect>
+        <syslog>0</syslog>
+        <syslog_eve>0</syslog_eve>
+        <LogPayload>0</LogPayload>
+        <verbosity/>
+      </general>
+    </IDS>
+    <Interfaces>
+      <loopbacks version="1.0.0"/>
+      <neighbors version="1.0.0"/>
+      <vxlans version="1.0.2"/>
+    </Interfaces>
+    <Kea>
+      <ctrl_agent version="0.0.1">
+        <general>
+          <enabled>0</enabled>
+          <http_host>127.0.0.1</http_host>
+          <http_port>8000</http_port>
+        </general>
+      </ctrl_agent>
+      <dhcp4 version="1.0.0">
+        <general>
+          <enabled>0</enabled>
+          <interfaces/>
+          <valid_lifetime>4000</valid_lifetime>
+          <fwrules>1</fwrules>
+        </general>
+        <ha>
+          <enabled>0</enabled>
+          <this_server_name/>
+        </ha>
+        <subnets/>
+        <reservations/>
+        <ha_peers/>
+      </dhcp4>
+    </Kea>
+    <monit version="1.0.13">
+      <general>
+        <enabled>0</enabled>
+        <interval>120</interval>
+        <startdelay>120</startdelay>
+        <mailserver>127.0.0.1</mailserver>
+        <port>25</port>
+        <username/>
+        <password/>
+        <ssl>0</ssl>
+        <sslversion>auto</sslversion>
+        <sslverify>1</sslverify>
+        <logfile/>
+        <statefile/>
+        <eventqueuePath/>
+        <eventqueueSlots/>
+        <httpdEnabled>0</httpdEnabled>
+        <httpdUsername>root</httpdUsername>
+        <httpdPassword/>
+        <httpdPort>2812</httpdPort>
+        <httpdAllow/>
+        <mmonitUrl/>
+        <mmonitTimeout>5</mmonitTimeout>
+        <mmonitRegisterCredentials>1</mmonitRegisterCredentials>
+      </general>
+      <alert uuid="15f1e9ca-5dd5-4b20-b595-b6b4f82245d0">
+        <enabled>0</enabled>
+        <recipient>root@localhost.local</recipient>
+        <noton>0</noton>
+        <events/>
+        <format/>
+        <reminder/>
+        <description/>
+      </alert>
+      <service uuid="c1e99556-91f5-4dbf-81d7-7915a3213de9">
+        <enabled>1</enabled>
+        <name>$HOST</name>
+        <description/>
+        <type>system</type>
+        <pidfile/>
+        <match/>
+        <path/>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>91b4e409-211b-49d5-9fa3-dc9054106646,cbe9cb72-e8c2-4740-990c-abcc486b0654,c0708923-88de-4178-abdd-819737440ce0,e887125d-c5d2-45e6-b40d-2c400d5449d1</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <service uuid="7513f341-7d21-4f11-903f-30d07b3aa41e">
+        <enabled>1</enabled>
+        <name>RootFs</name>
+        <description/>
+        <type>filesystem</type>
+        <pidfile/>
+        <match/>
+        <path>/</path>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>cc3684f2-701e-4de4-883d-803e08cf47b6</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <service uuid="f99ada79-ba1a-4ee1-81f1-ef570e8e5ea9">
+        <enabled>0</enabled>
+        <name>carp_status_change</name>
+        <description/>
+        <type>custom</type>
+        <pidfile/>
+        <match/>
+        <path>/usr/local/opnsense/scripts/OPNsense/Monit/carp_status</path>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>f2d734cb-2a0e-4375-9460-11bdd5b20503</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <service uuid="dca8a81f-d389-4baa-b477-8b348194fd25">
+        <enabled>0</enabled>
+        <name>gateway_alert</name>
+        <description/>
+        <type>custom</type>
+        <pidfile/>
+        <match/>
+        <path>/usr/local/opnsense/scripts/OPNsense/Monit/gateway_alert</path>
+        <timeout>300</timeout>
+        <starttimeout>30</starttimeout>
+        <address/>
+        <interface/>
+        <start/>
+        <stop/>
+        <tests>865105a2-cbea-4a01-9979-c67818da9d99</tests>
+        <depends/>
+        <polltime/>
+      </service>
+      <test uuid="ea6b821c-4f30-455b-bd5b-23a6f0c20554">
+        <name>Ping</name>
+        <type>NetworkPing</type>
+        <condition>failed ping</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="16186b38-0e13-4cc3-ad18-ccc3fcc91837">
+        <name>NetworkLink</name>
+        <type>NetworkInterface</type>
+        <condition>failed link</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="69117d4d-8c41-4712-97c0-87b4fa7c9837">
+        <name>NetworkSaturation</name>
+        <type>NetworkInterface</type>
+        <condition>saturation is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="91b4e409-211b-49d5-9fa3-dc9054106646">
+        <name>MemoryUsage</name>
+        <type>SystemResource</type>
+        <condition>memory usage is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="cbe9cb72-e8c2-4740-990c-abcc486b0654">
+        <name>CPUUsage</name>
+        <type>SystemResource</type>
+        <condition>cpu usage is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="c0708923-88de-4178-abdd-819737440ce0">
+        <name>LoadAvg1</name>
+        <type>SystemResource</type>
+        <condition>loadavg (1min) is greater than 4</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="e887125d-c5d2-45e6-b40d-2c400d5449d1">
+        <name>LoadAvg5</name>
+        <type>SystemResource</type>
+        <condition>loadavg (5min) is greater than 3</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="c34aab30-9194-4667-b516-004b9c90c1c0">
+        <name>LoadAvg15</name>
+        <type>SystemResource</type>
+        <condition>loadavg (15min) is greater than 2</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="cc3684f2-701e-4de4-883d-803e08cf47b6">
+        <name>SpaceUsage</name>
+        <type>SpaceUsage</type>
+        <condition>space usage is greater than 75%</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="f2d734cb-2a0e-4375-9460-11bdd5b20503">
+        <name>ChangedStatus</name>
+        <type>ProgramStatus</type>
+        <condition>changed status</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+      <test uuid="865105a2-cbea-4a01-9979-c67818da9d99">
+        <name>NonZeroStatus</name>
+        <type>ProgramStatus</type>
+        <condition>status != 0</condition>
+        <action>alert</action>
+        <path/>
+      </test>
+    </monit>
+    <Gateways version="1.0.0">
+      <gateway_item uuid="a6ea102d-68bb-430f-af8b-269d52498fe1">
+        <disabled>0</disabled>
+        <name>WAN_GW</name>
+        <descr>Interface WAN Gateway</descr>
+        <interface>wan</interface>
+        <ipprotocol>inet</ipprotocol>
+        <gateway>172.17.0.1</gateway>
+        <defaultgw>1</defaultgw>
+        <fargw>0</fargw>
+        <monitor_disable>1</monitor_disable>
+        <monitor_noroute/>
+        <monitor/>
+        <force_down/>
+        <priority>255</priority>
+        <weight>1</weight>
+        <latencylow/>
+        <latencyhigh/>
+        <losslow/>
+        <losshigh/>
+        <interval/>
+        <time_period/>
+        <loss_interval/>
+        <data_length/>
+      </gateway_item>
+    </Gateways>
+    <Syslog version="1.0.2">
+      <general>
+        <enabled>1</enabled>
+        <loglocal>1</loglocal>
+        <maxpreserve>31</maxpreserve>
+        <maxfilesize/>
+      </general>
+      <destinations/>
+    </Syslog>
+    <TrafficShaper version="1.0.3">
+      <pipes/>
+      <queues/>
+      <rules/>
+    </TrafficShaper>
+    <unboundplus version="1.0.9">
+      <general>
+        <enabled>1</enabled>
+        <port>53</port>
+        <stats/>
+        <active_interface/>
+        <dns64/>
+        <dns64prefix/>
+        <noarecords/>
+        <regdhcp/>
+        <regdhcpdomain/>
+        <regdhcpstatic/>
+        <noreglladdr6/>
+        <noregrecords/>
+        <txtsupport/>
+        <cacheflush/>
+        <local_zone_type>transparent</local_zone_type>
+        <outgoing_interface/>
+        <enable_wpad/>
+      </general>
+      <advanced>
+        <hideidentity/>
+        <hideversion/>
+        <prefetch/>
+        <prefetchkey/>
+        <aggressivensec>1</aggressivensec>
+        <serveexpired/>
+        <serveexpiredreplyttl/>
+        <serveexpiredttl/>
+        <serveexpiredttlreset/>
+        <serveexpiredclienttimeout/>
+        <qnameminstrict/>
+        <extendedstatistics/>
+        <logqueries/>
+        <logreplies/>
+        <logtagqueryreply/>
+        <logservfail/>
+        <loglocalactions/>
+        <logverbosity>1</logverbosity>
+        <valloglevel>0</valloglevel>
+        <privatedomain/>
+        <privateaddress>0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10</privateaddress>
+        <insecuredomain/>
+        <msgcachesize/>
+        <rrsetcachesize/>
+        <outgoingnumtcp/>
+        <incomingnumtcp/>
+        <numqueriesperthread/>
+        <outgoingrange/>
+        <jostletimeout/>
+        <cachemaxttl/>
+        <cachemaxnegativettl/>
+        <cacheminttl/>
+        <infrahostttl/>
+        <infrakeepprobing/>
+        <infracachenumhosts/>
+        <unwantedreplythreshold/>
+      </advanced>
+      <acls>
+        <default_action>allow</default_action>
+      </acls>
+      <dnsbl>
+        <enabled>0</enabled>
+        <safesearch/>
+        <type/>
+        <lists/>
+        <whitelists/>
+        <blocklists/>
+        <wildcards/>
+        <address/>
+        <nxdomain/>
+      </dnsbl>
+      <forwarding>
+        <enabled/>
+      </forwarding>
+      <dots/>
+      <hosts/>
+      <aliases/>
+      <domains/>
+    </unboundplus>
+  </OPNsense>
+  <hasync version="1.0.0">
+    <disablepreempt>0</disablepreempt>
+    <disconnectppps>0</disconnectppps>
+    <pfsyncenabled>0</pfsyncenabled>
+    <pfsyncinterface>lan</pfsyncinterface>
+    <pfsyncpeerip/>
+    <pfsyncversion>1400</pfsyncversion>
+    <synchronizetoip/>
+    <username/>
+    <password/>
+    <syncitems/>
+  </hasync>
+  <openvpn/>
+  <ifgroups version="1.0.0"/>
+  <gifs version="1.0.0">
+    <gif/>
+  </gifs>
+  <gres version="1.0.0">
+    <gre/>
+  </gres>
+  <laggs version="1.0.0">
+    <lagg/>
+  </laggs>
+  <virtualip version="1.0.0">
+    <vip/>
+  </virtualip>
+  <vlans version="1.0.0">
+    <vlan/>
+  </vlans>
+  <staticroutes version="1.0.0">
+    <route/>
+  </staticroutes>
+  <bridges>
+    <bridged/>
+  </bridges>
+  <ppps>
+    <ppp/>
+  </ppps>
+  <wireless>
+    <clone/>
+  </wireless>
+  <ca/>
+  <dhcpdv6/>
+  <cert uuid="547102e9-23ba-48b8-8af8-64be61049e96">
+    <refid>6734d13fa9e4a</refid>
+    <descr>Web GUI TLS certificate</descr>
+    <caref/>
+    <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVSUhVRkpwc253VGtzYWRrZmRDNUp1SDhqWnZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5ERXhNVE14TmpFNE1EbGFGdzB5TlRFeU1UVXhOakU0TURsYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURKU1FlZ1RYckp5dDVWYmk0Rk9IeHJrOXhxQ21FRU54V2pINVVwNDBFK3hjUzZQU1NyCkNEclc3ZDlYcVJkOEpEZENtdGtLRGlMYWNaUzJMUm1abnd6VnRzZGtBR2pOYm5OM1hSNmlFajdGL0JnbVBlcDEKU2pJWnBTZzNkOS9YeHFPQTNZQllzTS9uUk9vWHlmTHcycFJOLzhHVjN3MHoxbVFZUitMZWI3UTFuc1c3dTJ5NworVHc5STZGU0J4bkdaR3RyUFl5NkVBb0NMdm1GQnFCYWxkWTQ2ejdlWjlIRkZXaE8ybWpaUzVPdTE3ZVozVHBxCnBRTVB1T2JxV3FyaE0xdjVjdmJodU5kREhNZ3ZVVFVnQ0RNK2FkS3dIc0dNNGw5ZGtOQTgxdGlJcXpzN1BqcjEKUm0wMlVuUXRneW8zY3hPRXVsYk9nU0hsdGhTMmtUMXE2UmhyemYvRGRJSEhta1RROGtwWVloWGc0VmpMQVdpSQpQbm9ncnZsRUlWMERhQ3ZEMjZiRkRDbVkxc29FbDV1NGtYanJScDRXK29NUVRHeG80NzFMQnNBMlh1Si82ZFJBCkJMVzh4dXBFODhEYmlrWW51NVdQaUp6ZXh4UVIyNU1FQVd6TCtKK0lubFExbmpMVWwyN3R0c1VQQ1VjL3c0NXoKcHBERHYwZnU0Nnp1S3EzY0VWRitiREsrQWdlT0Q2SXNzUjVRRTdFNVdkWjYrNWl6ZHB4eWdUeGh0L1k1RlBkSApHQjlCbDFrejR4bHRhczlvbmZrSDFkVHk3dzFNck43Z1l5WjgvS0pMWW9EY2NBOVFuNGt6bGtPeFVUMENuS1ExCmtWNk90aFRsVFgzK2duaUpJK3RXWUQ5bTRldXNzYWN1anpyWDl5TTNZcEloMnZqODJ0NHpPNjIrNFFJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRkJRZytucWI5QW9HSWtoTUxhNHFzWGRvY0JGcE1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVUlIVUYKSnBzbndUa3NhZGtmZEM1SnVIOGpadk13SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQUZqNlQ1MmRIUklVMHJuZDE0d2dob2tjUkdrK0hIQloyTGlDRHpUeUwKNHdCeTJ1ZXJXQWdvYUZzeUlNQzhwWTBhWlc4TFlSd1BtRVB0OXlUS09ZZzF0NWtOUnk2RkF5akszeis5TGZTQwoxRlFpb0pma3FHRnhoc1IxV1R5RjBGNmJmM2tZRDZ4OWw1dEdqMXF3SndrekZWZWcvZGNtUVhvRTBmUDRqSFFvCmgxWXdiZ3pTa084TzRLUVhuWXVRM3g0bWdoZnBvR0hQM2xINlcybDJlWHpqSzllRjJtUG1ZS0p1M3JpSnkvL3gKRzhQWXBYNlNTN3RoVnNNeHF3cGJHbURXQXRuSnNrSmVsNDI1WUdOYlZ4YTNPOHE3RWxLNGFoNXpmai8wRnVwTgo3SnlqMWQyZjZFck14WlFnUi9EdmlUVnhISytRY1lBRXBqU2ZmZzBrRStpS1BlN0VYTVk1VU1aZUFTK1ZteG1LCjBPOWxaQXNpWUlEMzkwVjNTaDZxYjhoL2xMZ0V2NCtSNUw1VEpFaldYc0dQSUpGaHJNSFJWR1lhV3JIYWx3eHYKNjE5NFlpSXBEaUlHSVVSWGN1U3dNcndIQzN0bms2QVo2OW5CczVXT1JYM0NxOVhRRnVrVlA5eUMxQnRuSmFwbQpubUMzK3NtTTErRjkxUXlkVXJtbUxPNUVwUmtTMitBcmRTSklUR1NRNWt4L3VLNjhzV0QzVVdNNVRibUxrcWdOCkt6djZjemVCbzJiVExDT0JKUWJ4STFCckRPTUFMSDlCdXdUamVXdUVtWE9TWE1lTDFsejdhL2JZKzJxa1BSOVAKTE5IekE2QXZlVmxucDNaeFdqMjZFK3dwYnU5cHBaY0QzRGVHRnRnZzVJbUJ2ZDNWbjJ6UVc4a1ZMT1ZBdllSawptdWc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
+    <csr/>
+    <prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpSQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1M0d2dna3FBZ0VBQW9JQ0FRREpTUWVnVFhySnl0NVYKYmk0Rk9IeHJrOXhxQ21FRU54V2pINVVwNDBFK3hjUzZQU1NyQ0RyVzdkOVhxUmQ4SkRkQ210a0tEaUxhY1pTMgpMUm1abnd6VnRzZGtBR2pOYm5OM1hSNmlFajdGL0JnbVBlcDFTaklacFNnM2Q5L1h4cU9BM1lCWXNNL25ST29YCnlmTHcycFJOLzhHVjN3MHoxbVFZUitMZWI3UTFuc1c3dTJ5NytUdzlJNkZTQnhuR1pHdHJQWXk2RUFvQ0x2bUYKQnFCYWxkWTQ2ejdlWjlIRkZXaE8ybWpaUzVPdTE3ZVozVHBxcFFNUHVPYnFXcXJoTTF2NWN2Ymh1TmRESE1ndgpVVFVnQ0RNK2FkS3dIc0dNNGw5ZGtOQTgxdGlJcXpzN1BqcjFSbTAyVW5RdGd5bzNjeE9FdWxiT2dTSGx0aFMyCmtUMXE2UmhyemYvRGRJSEhta1RROGtwWVloWGc0VmpMQVdpSVBub2dydmxFSVYwRGFDdkQyNmJGRENtWTFzb0UKbDV1NGtYanJScDRXK29NUVRHeG80NzFMQnNBMlh1Si82ZFJBQkxXOHh1cEU4OERiaWtZbnU1V1BpSnpleHhRUgoyNU1FQVd6TCtKK0lubFExbmpMVWwyN3R0c1VQQ1VjL3c0NXpwcEREdjBmdTQ2enVLcTNjRVZGK2JESytBZ2VPCkQ2SXNzUjVRRTdFNVdkWjYrNWl6ZHB4eWdUeGh0L1k1RlBkSEdCOUJsMWt6NHhsdGFzOW9uZmtIMWRUeTd3MU0Kck43Z1l5WjgvS0pMWW9EY2NBOVFuNGt6bGtPeFVUMENuS1Exa1Y2T3RoVGxUWDMrZ25pSkkrdFdZRDltNGV1cwpzYWN1anpyWDl5TTNZcEloMnZqODJ0NHpPNjIrNFFJREFRQUJBb0lDQUNPNnZpc1BIY3pzb1NjK2dkWkU1dGNNCnZkc240UDFIenVRd0VzRUcrVG1zanVWMVBZbExrbkE4OU1DQmdDejEyOFpMcU51ZlUwSDkxK1Uzbjd2MGJ1bVAKd3BpR2R4UUNOMlpZaGZ2RWE5YW1qMTNZYjBJbks3b0FKbUdrT254NW91UFl6YlBRblBNRE9WK0VKa2JwTWRxZgptOHdmOWg2OXYzSk03bUZJS0UrOVVZR252UjhuMkhETTNwR3FONEhQS1A4MkE0RXlvQ2d2a1BTelRxc052bU5ICnBOY0RURW5rNlNsWUhUVDNOSzJjVnBldUhMUzUrazlqNWI5elhUSlE5TkpVZlN6bnEvUmFpMUZVNDY1K0xpUjEKMGVPWDdnajFWUExOcGgwcWtQQy9ubW0vZStVMmZXUGZZb2FDcWkrQ0VwU2twQXlQZ1FZZTJsSG0rYVU4MzZ2UQpuaHZuL0p5ZHJDL1NyTUFZaXpOZFYyZjlHTkNwcE1SbUZyOS9saVJiNEFpSzRLSDRETGdSRUxHaDJLNzJuOFRLCkxUSVhIV3RacisyMWU4c0Mxbm5MSENnK21wMHBvSWJsbEtoYk9VTmVxR09yWm95NFBXdDZMQndFYzN0MG1wVEMKODhiSUpqMzFCQngzTGE1SUE5b0FNRi9lbHJYdFhhVnl4bm5yTHdjYzFNVWpCV20rZDVqbC9WOEdIcEJRd3pXYwpPNWdNSXlQNUIvdzBacUcyZjV1akZkOHo4dElmcEFRRTJSbDNxRUFYNU1NY1JQaFlTNDJqTWl4czc3TmtOVldQCkpqUVoxVDVXQTVKOUxEL2FKRkplQ2MvbjhpNldOQ3FzdEQ5OVNPTCsrTTBFQTlka2lLNWtOcXFZeXZuRG9SZVcKSW84eXhvVnpObURsWjBkSU9UUzlBb0lCQVFEb2tvMWxPS05FNlBWWmRRU3lmS0JOTEZNcEl1V1VVZmp0ODU4awpJTTB0TnNyS0d2N3NmYkt0dlMvOWgwMGluU2FyWTJ4amVETG91WEI5VzdKY1B1NjRoNHYwek1lbXRhdDRyTUJnClA5bkQ3MW00dERqS2ZrZDAza2tUbk4ySTBxYkwzeFVoTjNEQlJZTU9veDFMa2M4MFFFMHhSUEM1YmRJaXcwemEKTWdtK1dOZVY1VEZoSkpQZ2dVRVo5U1A2aWV1VEY0OW9wRGNWdGUwQ0I0WnFUaTRWb3YvZFVDWGpNK0djRnNWdgpPWTZYTE9KTmRldHdnUVNkd1hlSzB1WlBpWnVKTGlsTEg4OFVKYWNoQThDZW1SclMxRUtxWElwK2dkQWV4MnhVCmY5amRMMGF2SlJEY0xqWlhETXBvWlJpc0JoWVArZzY3VHZza3FscDh4M2p2STlWVkFvSUJBUURkajZrdWNLM0MKYXprMzlqYllvM3RFZ0R5L2VGNnBjWFlpK21Ba1ZNRk9vSWJ5cmNyN3BqSnRMNFMyMEFDRmpBUGFQT042dWVVWQpQQm92dC9QODB1V1c5cGZCK29mRmdadzRqc3hLWFY4eEJmOVdLWVZndFBsOHhIL1RJcERTMjhVTlowNDlhUW4vCjlCRzNac0lyenk3RzFLRTZPLzBMMnVmMnFyaUxxRFQyV3dsdFVsbWs2Ym5NeThkR0sra1JLcFhvSm1RTlNHRHoKOXd4blU2ZmZ1NDdDLzRYMHRIVk1MVFVneFh4djdqN3BpSzI4dzBuZ1N5S3ozV0IzWTJwaFVsZEJIdEprQko1RQpoRm8zMXJCVDU5enhkb2crYXh1bkh4S3EySGFHRkt0ZUZ6RGpkTTFpQzE3bWNtWXBzR2tuenA0cjRjZm5FYTFSCko4Wmo5ZVFQaEVOZEFvSUJBUUN3d2hsbXNkb2MySFVJVFZDSm13QjJSdGJaYitWT2lkS0lmdDBYcHpwcFA3aDIKVEhndEl3ZDIxayt2LzNJWGVaclhMWlJHTVNkNEN1QTgxa0ZEckt6Z1lGeDFiR0hkQ1R2T1ZuVkxjWnUvTjUxWQpMTmp3eFhMbmxyMnhnMG8zMytuWERyQlBjNFJsejcvZ2t3WUQxa2pGckkwK2dlZjI5a2w4RkRUSHJMb05DaGFuCm5PNmZweDRneGZ2Rmo3T05pZDhhQnhEK2RiaEw3dDIzNmlJMWp6K2xRQ0g0Z1I2YWhHYldxOVBZU2NWZWprVmMKbTkrWnZPVFdSU0RteUkwMExDQ2k3UXVEUmlTcmFrYVFaL3F3VHlxOHk0ZnpWS3dKby8yYU52VFZiK2xSaWNuTgorWHpMNnU5dno0L1NNZXZEYWtqQVVjdDZmbmVQa1UxK2dsZ2VZSHlWQW9JQkFRRFJtYW0wVEZhbFdXaHMvNWtOClEwTkhINFhZb1JmMGRta0xXQStCNzBoY2lOS0JYRlp0ME9GZGw1bVdsSm9adk1hY1BBUDd3MGJ1c1ZVWWxZN1YKTy9LRTZVM1I3WjlxQWw1Mnh1aU81Vnc3ZFhBRDVBM1EyZ1EzdTNFdG5VS2lwOVA0QlNYb1JLbDRJVDV0WVdJSgpyZHVUciszQ3VLT0FCcHh4Snpxa3JBRkdtZ01HRCtUTWRXd1hTU1NBeHVPYklNMW1MSU4wYVdlSEJNMFFKdnptClZIb1BFVXA1b0FwamdWVUVacTk4K0VjK0NOWkxmL2d3bndQNllsQnpRWEtQRlNXRWJwTWNtWjNjTmRWZmc5T1YKM1FDUTBkQzhNL21hRlhSRWVibE95TmtCanpEcHpVTExJUFNyVDhoRVlpWm95VGVyVGRJZVVBUEZoYnBTTUhtTApFRlhsQW9JQkFRQ0VUdVJQRHZvMC9tdDhyTzhLNENsamtuU0gxZ1FBSjFha3U3UXg3NUJUTDB6OWRNY2lMK1JLCng1R1lFTW1wcUtNb2FPbWc0WFVRMVRlQ2Vic1R0NjMyWXp6cmNCU0d1RzVnN1o0UUVublUzRXU5QklIMUVSL2gKSEk0NWowU0xNRUpObkNiTkpnRVNRRUFCbzN3cHhrRTdiRGlNdTVPOXVqMlFRVTlTTm94QkFmbVFXRDJJaU1BRQpWYzV3QTNZajBMdElSYkJmdzNBTE9uNlRSc2xucy9JMnd2Z1RCQW9sU3NZbEtEK0NRY3hDZldlNmZwU21aYmlCClBGUE9DY1ZQTXhGeXBhZWFJMkRXNWRPNFNoNGQ0ZlZma2F3ck9LN1N2QnFZb0Y5L2VndThzQS9ZdklaRVltQUQKd0ZIOGs1QjJ4WXdiNkVmNmFFQ29ZTitsNWtlWmhNWTgKLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
+  </cert>
+  <cert uuid="cad18e13-92c5-48b6-9b44-ad2e5dcc799e">
+    <refid>6734d6c82dc59</refid>
+    <descr>Web GUI TLS certificate</descr>
+    <caref/>
+    <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVZkNETXpFclQ4dlVoenJaTVJta3JiT3dnSUdNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5ERXhNVE14TmpReE5EVmFGdzB5TlRFeU1UVXhOalF4TkRWYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURMc0xEbjRta1R4RXJYdHdqTXoxencyeHJhNTZ5bTYrYzlRNEM3UjMyMzVuWjVPM1ovCnczL2tNV2Y5L25GbGpnMkFXWERJSmNXZjk0NFJFblFMdmlha2NNTHR1Qm1KTVRYZnVQWnhsSWE4Wlc0S0ZuT20KVFM0WXFCVzhHQkpJd0xtQ2kxb2RoWXhmUEQ2TFdEZnZYMm1tWEIrUFNxL0l4WEhOSjdxZVB4YzVuSzUyMW1uNQpuQ0FtZFBDY2JmdmdXdUM2TnhWbXpkeXpta1QvNnVqRUJFYTZ6RkQyUUtDN1N6a2ptZUNpd2VDQjc5NjZqeEV5ClFrVlFqYlQ5MFlyeENvdE8rbTJIQU5QZHNjT3FvNldXMEhmSlNpa2k4K2NDWHlzbGRFSzFZbmxueTNFWlVqTEwKVmplRS9XQVU0Q1BZUmhYVFVGVTIxZFV2azNvYUVpeldVdmhKc1FHYnh2aFRUQlN3aVliOUQ3Ymx1MWl4UzJxNwo3Mzk5VWdRN3FTNUFhOElHbXA4NUNoUUlBWUVjSTd6RGVWTGtrOGpkWkFCaTdGbDl0M05OQTU3WlVZVzErWE45CitUZ3ljMTlTbGoxVW1RdkRvekxCQzk5TVJpLzREQTIxRFpIODY3ekFYenFqZWUrckorQkZvNzVEQjlqd2tMTmUKUGVpemxRenRIWmpSU0tnaWdSNU9KSmtSVHIvNjduaTBtbzVITGNkU3hBSDFmdXdXS0hWS2RHQlQrNjhhYkUrZwprUSsrVDhMenVhK1FtakxOUVFqMVJCSFYzSzVQL3dvbXJKZG02d1ZLbm85RXlNait4azFwS05wb0F4UnR1WllmCkNEVVVQWjR1cEJtbzBLN3dGNHdtV3VXYSttVndlb1ZTcDRXMEhOWVJGU1pyWWxrc1AzdWViSHcva1FJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRktidDd0QkRKN1daV1lMblQ5cEhTMklPdTg1TU1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVWZDRE0KekVyVDh2VWh6clpNUm1rcmJPd2dJR013SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQWNQbmllQ29FSmRjV25CVHdqRmE3bjZqTFMrZ1pUYUk2ZjAzWktQMFYKQ0pSaDUxWTNwb2dpcnJYcVNHQ1VGTVNHbGpsQ21mU2VhdW9GWFYwanZLejhnMGZ1NU9kYlhjd2FrZFBZSXgydQpVT0dMbllTaEdCNlpoMmhpWWdSVGFpemJoTVliQitzQkV4QU1CdHZRZElSZ3dBWkRNWE9jY0MwZnJaMFhRRlRFCnQ3by82VGYvZEprdnB0cmRYWW1INnFUWlA2MGxyTnlabVloTjc1NEluOFZLRVVSRWNZamg1ejlJanA1NTE1cU0Kb0VrSGNKbTBDNkh2VStETG1ybFpFYkV4bnVOMFQzWTBNZ0hiVFVhU2Y1L2FKVmlIM0dOMnMzbG1ZM0VXTS9Vcwo3azFyc2JTa2orZzJvQXlTcjU0Nlc4RkdaMjliZFlOYk1EaTQ4aXVRQWlzRlQrTGZXN3Y3RVl3WGJ3NUhSVkpNCjV2MlhnenJwN2Yxa08zckEzeXUyS1VSSktHdjJ1ZXhNSythb1VOZXhRT3ludmZGUTBCemRHQ1dlcmVvZTZ3bDMKbHc4Z2dCWDI1VGIxbzR3d1UzNXdtUUIrMC9rbjB0SXoveVBhY2JzbDAwZ0dJNFhTbWpRQmF0MUZYRHFEME1JMgp4S0RqMXZ2dkNTVnRKc09ESG95eDhLc3ptbno5UVFoV0ZNeC9LTXp1clh0OWtsWFRJc0t3d2NXMytZQWtQMzNaClgvOGJnZS8zK2RibTdNN3BndmFBNVFlU3VTbkwzNjdLT1g1NlNZNGFZWHhkc1haVDc0ZGxVRU1jbG9NU0NIOG4KR25QWlpyWTNHdnZaU2ovQWdqT2lDNHNBL2JSSmh4cCtUQndlRFByR0pFUEJFVW9sZEZHVXdraFJXMVVuRlc2YwpyTGM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
+    <csr/>
+    <prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRRExzTERuNG1rVHhFclgKdHdqTXoxencyeHJhNTZ5bTYrYzlRNEM3UjMyMzVuWjVPM1ovdzMva01XZjkvbkZsamcyQVdYRElKY1dmOTQ0UgpFblFMdmlha2NNTHR1Qm1KTVRYZnVQWnhsSWE4Wlc0S0ZuT21UUzRZcUJXOEdCSkl3TG1DaTFvZGhZeGZQRDZMCldEZnZYMm1tWEIrUFNxL0l4WEhOSjdxZVB4YzVuSzUyMW1uNW5DQW1kUENjYmZ2Z1d1QzZOeFZtemR5em1rVC8KNnVqRUJFYTZ6RkQyUUtDN1N6a2ptZUNpd2VDQjc5NjZqeEV5UWtWUWpiVDkwWXJ4Q290TyttMkhBTlBkc2NPcQpvNldXMEhmSlNpa2k4K2NDWHlzbGRFSzFZbmxueTNFWlVqTExWamVFL1dBVTRDUFlSaFhUVUZVMjFkVXZrM29hCkVpeldVdmhKc1FHYnh2aFRUQlN3aVliOUQ3Ymx1MWl4UzJxNzczOTlVZ1E3cVM1QWE4SUdtcDg1Q2hRSUFZRWMKSTd6RGVWTGtrOGpkWkFCaTdGbDl0M05OQTU3WlVZVzErWE45K1RneWMxOVNsajFVbVF2RG96TEJDOTlNUmkvNApEQTIxRFpIODY3ekFYenFqZWUrckorQkZvNzVEQjlqd2tMTmVQZWl6bFF6dEhaalJTS2dpZ1I1T0pKa1JUci82CjduaTBtbzVITGNkU3hBSDFmdXdXS0hWS2RHQlQrNjhhYkUrZ2tRKytUOEx6dWErUW1qTE5RUWoxUkJIVjNLNVAKL3dvbXJKZG02d1ZLbm85RXlNait4azFwS05wb0F4UnR1WllmQ0RVVVBaNHVwQm1vMEs3d0Y0d21XdVdhK21Wdwplb1ZTcDRXMEhOWVJGU1pyWWxrc1AzdWViSHcva1FJREFRQUJBb0lDQUFzc3hPL2IzSTd3a0hpWU9wdmQ3b2ZxClJXVm9HM0ZHOVBkSCtrcU1DQW9zVXlpZ2lnWkZhQUZSY3BhZFBJUnBVRFZQOHQrUUx2RHhTSEtJVkNTR3lLRHgKN01mVTkxV3ZCUGtpc1NhWEV2TklEMHJ2WTJYbXl4WWdOcDBNcHdnbHhxZXlWSDNWSTFmZ09zQXpWVkpGSmtzeAp0NnVKV2U2R1lwRnlVZ3MzZytNdHhPYVJLZHcvWkFZb0dVRkR5WE5NR1JNdVRYYkg2WWxTOStFZ2RxZTJZbGtDCk41amkvODUydUlwSytXZUVnbmd1ZkVZNDdpVVhQSzFJTVB0UjRURUxOb3hkTWVBYnZBUG9La2QwMWZOWnVaQ3EKQ0dxNS9kMEQ4cDZKNjlUK3M1RnR1R1UrdkxtcUg3NmtsZjVmTTZnOFpCc2xSNStNQ0xlay9DaHRBZGU2VXBQRApXQ2EwazU3dmdneUdQdGVlVXY2RVJBMEp6SjlJd2VHZGdVWHhNdW5LK3ZSNWYydWJKWFJoMVJpNTNFSTNvVUxYClFvWm9hOTY3VzNUajQ3UzR2RlQyK2dLb0g2OXlNckdVNVkwcjJrSTFXMVVhWEJ1aVVrMi94amdyWVdTblUzUUQKZkM3ZXllTlNlN3c4UW9MMVBEYXJwVXdaK2xGZ0w3NFVScldLQU12WVhxa3NTMHVtb0tTSWo4cjZMM0hVSUVaUgpZRzhBTU91dFhrQk5lMkNpTXRKM2NYUXNIOWloQU9QL3AvaE9BTTBGNkM3Ymt1Vm85d1pRdDVESWxRWUl4TlArClFRZ2doRnhBNTlTWmpwRk00QkN5L0hEOENJY3VuSURZOVNlbXNSYXdyUVY1eGk1akFScVdOYTdBSVMvVlArdUUKQkpmS0dDNFlZVmxqS1VLeEgxVUJBb0lCQVFEcnZOWXNrd3ZhQ2Z6MlcvbkIrRjNjVE1RbjM2RENSYnZwQ0s1dApldm96TjJGbjBJdWFnN2RrYzN2NTFxTVNEd0h1cVNkVTRHUHZMcm83alpJaFNEZ1AwLzBLWmc0VmxtZE5HbEovCk1lcXhmOGRkOFdTQjZiUksrK2FRcEhaeDd2SUFTWkE4eHkvZ3F2NGJpSmlqVDhUQ2lSeXdYSTQ0ZlRYM0xLZTIKVG1Uc29XNk9yQmErSWJRYjBpTEh4WE4rZ3JDM0cxWWxIUlNvTEpKUkU0eFVLMGsvM1JLNU16RjRIYUNZb1BWOQpDOFpQellMR253SE9ERU8zbHRtSGJvQUNFa0VrT2dFV3U4RFo2YlYrMXJBcVh6WnN0L3hNZnJ5KzlMRVdYQUwvCkRnOEdkall0YzdyUTFZd1BIY1h6cFo2clVIdXh2K0p6VEE1ZzNCS1p6aWhwNFdHaEFvSUJBUURkTXE3N0dRWGMKYW5hYlMxanlFT3VzNFp5ZlJ4cW10NEVFaHZjY0dRVVVrV0IrWk11bnpyaENxb3ZwQ1dhVU9zWVhuNG45Y3BQSAo3bm1mOUJHbFI4NVhCVHNLM2d4bE5NMUhjSGFTNXZSem9WQVBNd3o2VVV0ZFNLWXRLR0Q3Wkxmbm9ISXN1SlEzCnJ6WWIyTFhpVmx6MWlNNUVmT0VrL1J5UjBwMGtleXVwa0F0OXBRV0hzaURYb0pibDE2d1ZLc2NDNGUzNjdRRWsKcFdoeXcyS3A4bXdtOGxqQllxZWtHdUREeGVZSDMzMVlGa2FMUEJCT2xPQnlveFlOUDdBVVREUlV3KzB1T01jNwozb0N1VE9jWnAxVWMwQURBOXRTRVRINklWdlFEUXZlYzR6MWRTVGRmUEkxRzVUTCt4Mzlvam5OcGVoYng0bEwvCmRxTTBmcFlPL2ZmeEFvSUJBRmwzOU8wNzdjNlY1ZHoyY1djTnhVbThGT0p4UEVrZlFEOGtYVmNOeW5HdnZoY3gKamhwWmpUdmhuSmJvd0VFMVV1MXFZNVFTQ2J1WVIzUWN1ZTVKdzRVMlZwNGd0NDIzNUlMZHo1dVlyVk1xaE5jQgpxN3ltbnhlcVhRcGVjTm15NzBQdXA0QjV0SkVYTkpQc2xzbThsNWVoaERMbkhjOFFybStlRWhUZDBlNEJJcjJoClVJeGVyRVcyemg1MXNPeTkyeVhUaVRGU3hTbENxVkYrRXM5TEVtVGJtYVNTYWw4RkY1TjEyMVhYSnkvWWRwNjkKY0dqc1BMTXIzR2xMSmVnalYzZlJUK0o1NWFxT3lhUlhCTXRBRVo3WGdUampETzJJWHNGMnNHaHV4SU1XVUYrVgp3YnhLbi9xSXVUMU1pVmpKbGZpVE0vWEFVdUN1QlowOEloaDFRcUVDZ2dFQUZwdzJySzRMSGxPM21mb2l0bU9xClkzcVFVdXVtdXNIcEt6aE1qQSsycURxUC9YdDZJY1lNcWF2YkwwL3ByMTh1bm4yTlVsM2k0ejNxS3NKOUIwTUcKd1hoa1o2RDQ3V052VkUwWG9iNS80RTN0N0EvUTFNbDRoYW1HYXZsRXFJM01DcDRvN1k5VWZ6aW10RVA3bTQ0dQpaRjYranR1ZysvSHZlS3hwcWEvNWI1U3N5QVFWUTZDZW9Ndm1nTW9CNmd2OFdid1VZbURWakJSb1Q4clBEQVllCnJnQjV1QkxJaGdyRlROMnV2TUZJZzdlTE1ISk1UR3dGWVZKd1Q1eGgrRUV0M0RoR3gwSEFnOHNqcGkxd05md1gKeENFeTRvYVloSWw1S2FDUndyK1dwZS9JZHYrajdGVTVMN1QvK0hFV0FlOEZ0eE5td3dUYWJRaUllRFkwU29ZRgpVUUtDQVFFQXRiclZqbTFsaDQ1REhIWnVsem4xNllIQzJrMUYwWG9FZFVSQ3o0QTFsMHBEK3ljL2srdmJ0Qmg0Cm1RRDV1a3FicHFFZy9GNUhDZmdOaHlieHNNdVV6NzFaU24zN2dwczNDWUdiUyt4RkhjZTJBakNTbUlYQWIxQjgKR0Z2WnV4UlB5QXU0YVBvT1J3RzM3NVBOM0VNNk83bzdxbjlYeExTZWRIMHExM2U0YkhYYm4rc2xOa1RIM2xmcwpLVnBOUUhVSUNDSW5vQ0llV1dwdnAwQnFoYjlKclRsbXd2c25zOHpZVDNiY3F5QXZHZGRnNUs3Y0MwRVJaem9ECnFJTkI3S05FVjQ1NmF0eDZVT3VYUlpKREMvaHNJUTZNaVBveUJacHRsK1ZIMEtQbEFIWGExb0FXZmNuL0U3MFYKK0RaeVBiMWxkQUdpb1hqditGd2h5VzZlWEVrQlBnPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
+  </cert>
+  <syslog/>
+</opnsense>
diff --git a/harmony-rs/opnsense-config/src/tests/data/config-vm-test_sorted.xml b/harmony-rs/opnsense-config/src/tests/data/config-vm-test_sorted.xml
new file mode 100644
index 0000000..185d765
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/tests/data/config-vm-test_sorted.xml
@@ -0,0 +1,987 @@
+      </acls>
+      <acls>
+        <action>alert</action>
+        <action>alert</action>
+        <action>alert</action>
+        <action>alert</action>
+        <action>alert</action>
+        <action>alert</action>
+        <action>alert</action>
+        <action>alert</action>
+        <action>alert</action>
+        <action>alert</action>
+        <action>alert</action>
+        <active_interface/>
+      <activeTimeout>1800</activeTimeout>
+        <address/>
+        <address/>
+        <address/>
+        <address/>
+        <address/>
+      </advanced>
+      <advanced>
+      <adv_dhcp_config_advanced/>
+      <adv_dhcp_config_file_override/>
+      <adv_dhcp_config_file_override_path/>
+      <adv_dhcp_option_modifiers/>
+      <adv_dhcp_pt_backoff_cutoff/>
+      <adv_dhcp_pt_initial_interval/>
+      <adv_dhcp_pt_reboot/>
+      <adv_dhcp_pt_retry/>
+      <adv_dhcp_pt_select_timeout/>
+      <adv_dhcp_pt_timeout/>
+      <adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
+      <adv_dhcp_request_options/>
+      <adv_dhcp_required_options/>
+      <adv_dhcp_send_options/>
+        <aggressivensec>1</aggressivensec>
+      </alert>
+        <AlertLogrotate>W0D23</AlertLogrotate>
+        <AlertSaveLogs>4</AlertSaveLogs>
+      <alert uuid="15f1e9ca-5dd5-4b20-b595-b6b4f82245d0">
+      </Alias>
+      <alias-address/>
+        <aliases/>
+      <aliases/>
+      <alias-subnet>32</alias-subnet>
+      <Alias version="1.0.1">
+        and for the sender directly reachable, route and next hop is known.</descr>
+        <any/>
+        <any/>
+        <any>1</any>
+        <any>1</any>
+        <any>1</any>
+        <any>1</any>
+        <any>1</any>
+        as part of the standard FreeBSD core system.</descr>
+        as part of the standard FreeBSD core system.</descr>
+        <blocklists/>
+    </bogons>
+    <bogons>
+    <bridged/>
+  </bridges>
+  <bridges>
+  <ca/>
+        <cacheflush/>
+        <cachemaxnegativettl/>
+        <cachemaxttl/>
+        <cacheminttl/>
+    </captiveportal>
+    <captiveportal version="1.0.2">
+      </capture>
+      <capture>
+    <caref/>
+    <caref/>
+        <categories/>
+      </Category>
+      <Category version="1.0.0">
+  </cert>
+  </cert>
+  <cert uuid="547102e9-23ba-48b8-8af8-64be61049e96">
+  <cert uuid="cad18e13-92c5-48b6-9b44-ad2e5dcc799e">
+      <children/>
+      <ciphers/>
+      </client>
+        <clients/>
+      <client version="1.0.0">
+    <clone/>
+      </collect>
+      <collect>
+    <column_count>2</column_count>
+      <compression/>
+        <condition>changed status</condition>
+        <condition>cpu usage is greater than 75%</condition>
+        <condition>failed link</condition>
+        <condition>failed ping</condition>
+        <condition>loadavg (15min) is greater than 2</condition>
+        <condition>loadavg (1min) is greater than 4</condition>
+        <condition>loadavg (5min) is greater than 3</condition>
+        <condition>memory usage is greater than 75%</condition>
+        <condition>saturation is greater than 75%</condition>
+        <condition>space usage is greater than 75%</condition>
+        <condition>status != 0</condition>
+      <Connections/>
+      </created>
+      </created>
+      </created>
+      </created>
+      <created>
+      <created>
+      <created>
+      <created>
+    </cron>
+    <cron version="1.0.4">
+    <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVSUhVRkpwc253VGtzYWRrZmRDNUp1SDhqWnZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5ERXhNVE14TmpFNE1EbGFGdzB5TlRFeU1UVXhOakU0TURsYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURKU1FlZ1RYckp5dDVWYmk0Rk9IeHJrOXhxQ21FRU54V2pINVVwNDBFK3hjUzZQU1NyCkNEclc3ZDlYcVJkOEpEZENtdGtLRGlMYWNaUzJMUm1abnd6VnRzZGtBR2pOYm5OM1hSNmlFajdGL0JnbVBlcDEKU2pJWnBTZzNkOS9YeHFPQTNZQllzTS9uUk9vWHlmTHcycFJOLzhHVjN3MHoxbVFZUitMZWI3UTFuc1c3dTJ5NworVHc5STZGU0J4bkdaR3RyUFl5NkVBb0NMdm1GQnFCYWxkWTQ2ejdlWjlIRkZXaE8ybWpaUzVPdTE3ZVozVHBxCnBRTVB1T2JxV3FyaE0xdjVjdmJodU5kREhNZ3ZVVFVnQ0RNK2FkS3dIc0dNNGw5ZGtOQTgxdGlJcXpzN1BqcjEKUm0wMlVuUXRneW8zY3hPRXVsYk9nU0hsdGhTMmtUMXE2UmhyemYvRGRJSEhta1RROGtwWVloWGc0VmpMQVdpSQpQbm9ncnZsRUlWMERhQ3ZEMjZiRkRDbVkxc29FbDV1NGtYanJScDRXK29NUVRHeG80NzFMQnNBMlh1Si82ZFJBCkJMVzh4dXBFODhEYmlrWW51NVdQaUp6ZXh4UVIyNU1FQVd6TCtKK0lubFExbmpMVWwyN3R0c1VQQ1VjL3c0NXoKcHBERHYwZnU0Nnp1S3EzY0VWRitiREsrQWdlT0Q2SXNzUjVRRTdFNVdkWjYrNWl6ZHB4eWdUeGh0L1k1RlBkSApHQjlCbDFrejR4bHRhczlvbmZrSDFkVHk3dzFNck43Z1l5WjgvS0pMWW9EY2NBOVFuNGt6bGtPeFVUMENuS1ExCmtWNk90aFRsVFgzK2duaUpJK3RXWUQ5bTRldXNzYWN1anpyWDl5TTNZcEloMnZqODJ0NHpPNjIrNFFJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRkJRZytucWI5QW9HSWtoTUxhNHFzWGRvY0JGcE1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVUlIVUYKSnBzbndUa3NhZGtmZEM1SnVIOGpadk13SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQUZqNlQ1MmRIUklVMHJuZDE0d2dob2tjUkdrK0hIQloyTGlDRHpUeUwKNHdCeTJ1ZXJXQWdvYUZzeUlNQzhwWTBhWlc4TFlSd1BtRVB0OXlUS09ZZzF0NWtOUnk2RkF5akszeis5TGZTQwoxRlFpb0pma3FHRnhoc1IxV1R5RjBGNmJmM2tZRDZ4OWw1dEdqMXF3SndrekZWZWcvZGNtUVhvRTBmUDRqSFFvCmgxWXdiZ3pTa084TzRLUVhuWXVRM3g0bWdoZnBvR0hQM2xINlcybDJlWHpqSzllRjJtUG1ZS0p1M3JpSnkvL3gKRzhQWXBYNlNTN3RoVnNNeHF3cGJHbURXQXRuSnNrSmVsNDI1WUdOYlZ4YTNPOHE3RWxLNGFoNXpmai8wRnVwTgo3SnlqMWQyZjZFck14WlFnUi9EdmlUVnhISytRY1lBRXBqU2ZmZzBrRStpS1BlN0VYTVk1VU1aZUFTK1ZteG1LCjBPOWxaQXNpWUlEMzkwVjNTaDZxYjhoL2xMZ0V2NCtSNUw1VEpFaldYc0dQSUpGaHJNSFJWR1lhV3JIYWx3eHYKNjE5NFlpSXBEaUlHSVVSWGN1U3dNcndIQzN0bms2QVo2OW5CczVXT1JYM0NxOVhRRnVrVlA5eUMxQnRuSmFwbQpubUMzK3NtTTErRjkxUXlkVXJtbUxPNUVwUmtTMitBcmRTSklUR1NRNWt4L3VLNjhzV0QzVVdNNVRibUxrcWdOCkt6djZjemVCbzJiVExDT0JKUWJ4STFCckRPTUFMSDlCdXdUamVXdUVtWE9TWE1lTDFsejdhL2JZKzJxa1BSOVAKTE5IekE2QXZlVmxucDNaeFdqMjZFK3dwYnU5cHBaY0QzRGVHRnRnZzVJbUJ2ZDNWbjJ6UVc4a1ZMT1ZBdllSawptdWc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
+    <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVZkNETXpFclQ4dlVoenJaTVJta3JiT3dnSUdNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5ERXhNVE14TmpReE5EVmFGdzB5TlRFeU1UVXhOalF4TkRWYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURMc0xEbjRta1R4RXJYdHdqTXoxencyeHJhNTZ5bTYrYzlRNEM3UjMyMzVuWjVPM1ovCnczL2tNV2Y5L25GbGpnMkFXWERJSmNXZjk0NFJFblFMdmlha2NNTHR1Qm1KTVRYZnVQWnhsSWE4Wlc0S0ZuT20KVFM0WXFCVzhHQkpJd0xtQ2kxb2RoWXhmUEQ2TFdEZnZYMm1tWEIrUFNxL0l4WEhOSjdxZVB4YzVuSzUyMW1uNQpuQ0FtZFBDY2JmdmdXdUM2TnhWbXpkeXpta1QvNnVqRUJFYTZ6RkQyUUtDN1N6a2ptZUNpd2VDQjc5NjZqeEV5ClFrVlFqYlQ5MFlyeENvdE8rbTJIQU5QZHNjT3FvNldXMEhmSlNpa2k4K2NDWHlzbGRFSzFZbmxueTNFWlVqTEwKVmplRS9XQVU0Q1BZUmhYVFVGVTIxZFV2azNvYUVpeldVdmhKc1FHYnh2aFRUQlN3aVliOUQ3Ymx1MWl4UzJxNwo3Mzk5VWdRN3FTNUFhOElHbXA4NUNoUUlBWUVjSTd6RGVWTGtrOGpkWkFCaTdGbDl0M05OQTU3WlVZVzErWE45CitUZ3ljMTlTbGoxVW1RdkRvekxCQzk5TVJpLzREQTIxRFpIODY3ekFYenFqZWUrckorQkZvNzVEQjlqd2tMTmUKUGVpemxRenRIWmpSU0tnaWdSNU9KSmtSVHIvNjduaTBtbzVITGNkU3hBSDFmdXdXS0hWS2RHQlQrNjhhYkUrZwprUSsrVDhMenVhK1FtakxOUVFqMVJCSFYzSzVQL3dvbXJKZG02d1ZLbm85RXlNait4azFwS05wb0F4UnR1WllmCkNEVVVQWjR1cEJtbzBLN3dGNHdtV3VXYSttVndlb1ZTcDRXMEhOWVJGU1pyWWxrc1AzdWViSHcva1FJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRktidDd0QkRKN1daV1lMblQ5cEhTMklPdTg1TU1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVWZDRE0KekVyVDh2VWh6clpNUm1rcmJPd2dJR013SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQWNQbmllQ29FSmRjV25CVHdqRmE3bjZqTFMrZ1pUYUk2ZjAzWktQMFYKQ0pSaDUxWTNwb2dpcnJYcVNHQ1VGTVNHbGpsQ21mU2VhdW9GWFYwanZLejhnMGZ1NU9kYlhjd2FrZFBZSXgydQpVT0dMbllTaEdCNlpoMmhpWWdSVGFpemJoTVliQitzQkV4QU1CdHZRZElSZ3dBWkRNWE9jY0MwZnJaMFhRRlRFCnQ3by82VGYvZEprdnB0cmRYWW1INnFUWlA2MGxyTnlabVloTjc1NEluOFZLRVVSRWNZamg1ejlJanA1NTE1cU0Kb0VrSGNKbTBDNkh2VStETG1ybFpFYkV4bnVOMFQzWTBNZ0hiVFVhU2Y1L2FKVmlIM0dOMnMzbG1ZM0VXTS9Vcwo3azFyc2JTa2orZzJvQXlTcjU0Nlc4RkdaMjliZFlOYk1EaTQ4aXVRQWlzRlQrTGZXN3Y3RVl3WGJ3NUhSVkpNCjV2MlhnenJwN2Yxa08zckEzeXUyS1VSSktHdjJ1ZXhNSythb1VOZXhRT3ludmZGUTBCemRHQ1dlcmVvZTZ3bDMKbHc4Z2dCWDI1VGIxbzR3d1UzNXdtUUIrMC9rbjB0SXoveVBhY2JzbDAwZ0dJNFhTbWpRQmF0MUZYRHFEME1JMgp4S0RqMXZ2dkNTVnRKc09ESG95eDhLc3ptbno5UVFoV0ZNeC9LTXp1clh0OWtsWFRJc0t3d2NXMytZQWtQMzNaClgvOGJnZS8zK2RibTdNN3BndmFBNVFlU3VTbkwzNjdLT1g1NlNZNGFZWHhkc1haVDc0ZGxVRU1jbG9NU0NIOG4KR25QWlpyWTNHdnZaU2ovQWdqT2lDNHNBL2JSSmh4cCtUQndlRFByR0pFUEJFVW9sZEZHVXdraFJXMVVuRlc2YwpyTGM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
+    <csr/>
+    <csr/>
+      </ctrl_agent>
+      <ctrl_agent version="0.0.1">
+        <data_length/>
+        <default_action>allow</default_action>
+        <defaultgw>1</defaultgw>
+        <defaultPacketSize/>
+        <depends/>
+        <depends/>
+        <depends/>
+        <depends/>
+      <descr/>
+      <descr>Allow ping</descr>
+      <descr>Allow unprivileged access to tap(4) device nodes</descr>
+      <descr>Default allow LAN IPv6 to any rule</descr>
+      <descr>Default allow LAN to any rule</descr>
+      <descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
+      <descr>Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)</descr>
+      <descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
+      <descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
+      <descr>Drop packets to closed TCP ports without returning a RST</descr>
+      <descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
+      <descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
+      <descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
+      <descr>Enable sending IPv6 redirects</descr>
+      <descr>Enable TCP extended debugging</descr>
+      <descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
+      <descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
+      <descr>Hide processes running as other groups</descr>
+      <descr>Hide processes running as other users</descr>
+      <descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
+        <descr>Interface WAN Gateway</descr>
+        <description/>
+        <description/>
+        <description/>
+        <description/>
+        <description/>
+        <description>/firewall_rules_edit.php made changes</description>
+        <description>/firewall_rules_edit.php made changes</description>
+        <description>/firewall_rules_edit.php made changes</description>
+        <description>/firewall_rules_edit.php made changes</description>
+        <description>/firewall_rules_edit.php made changes</description>
+        <description>/firewall_rules_edit.php made changes</description>
+        <description>/firewall_rules_edit.php made changes</description>
+        <description>/firewall_rules_edit.php made changes</description>
+    <description>/interfaces.php made changes</description>
+      <description>System Administrators</description>
+      <descr>Loopback</descr>
+      <descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
+      <descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
+      <descr>Maximum outgoing UDP datagram size</descr>
+      <descr>Maximum outgoing UDP datagram size</descr>
+      <descr>Maximum socket buffer size</descr>
+      <descr>Page Table Isolation (Meltdown mitigation, requires reboot.)</descr>
+      <descr>Prefer privacy addresses and use them over the normal addresses</descr>
+      <descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
+      <descr>Randomize the ID field in IP packets</descr>
+      <descr>Set ICMP Limits</descr>
+      <descr>Set the ephemeral port range to be lower.</descr>
+      <descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
+      <descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
+      <descr>Set to 1 to enable filtering on the bridge interface</descr>
+      <descr>Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
+      <descr>Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
+      <descr>System Administrator</descr>
+      <descr>TCP Offload Engine</descr>
+      <descr>This option turns off the logging of redirect packets because there is no limit and this could fill
+      <descr>UDP Checksums</descr>
+    <descr>Web GUI TLS certificate</descr>
+    <descr>Web GUI TLS certificate</descr>
+      </destination>
+      </destination>
+      </destination>
+      </destination>
+      </destination>
+      </destination>
+      <destination>
+      <destination>
+      <destination>
+      <destination>
+      <destination>
+      <destination>
+      <destinations/>
+        </detect>
+        <detect>
+      </dhcp4>
+      <dhcp4 version="1.0.0">
+  </dhcpd>
+  <dhcpd>
+  <dhcpdv6/>
+      <dhcphostname/>
+      <dhcprejectfrom/>
+    <DHCRelay version="1.0.1"/>
+      <direction>in</direction>
+      <direction>in</direction>
+      <direction>in</direction>
+      <direction>in</direction>
+    <disablechecksumoffloading>1</disablechecksumoffloading>
+    <disableconsolemenu>1</disableconsolemenu>
+        <disabled>0</disabled>
+    <disablelargereceiveoffloading>1</disablelargereceiveoffloading>
+    <disablenatreflection>yes</disablenatreflection>
+    <disablepreempt>0</disablepreempt>
+    <disablesegmentationoffloading>1</disablesegmentationoffloading>
+    <disablevlanhwfilter>1</disablevlanhwfilter>
+    <disconnectppps>0</disconnectppps>
+        <dns64/>
+        <dns64prefix/>
+    <dnsallowoverride>1</dnsallowoverride>
+      </dnsbl>
+      <dnsbl>
+        <dnsserver/>
+    <dnsserver>192.168.5.1</dnsserver>
+    <domain>localdomain</domain>
+      <domains/>
+      <dots/>
+        <egress_only/>
+      <enable/>
+    <enable/>
+        <enable>0</enable>
+      <enable>1</enable>
+      <enable>1</enable>
+      <enable>1</enable>
+        <enabled/>
+        <enabled/>
+          <enabled>0</enabled>
+          <enabled>0</enabled>
+          <enabled>0</enabled>
+        <enabled>0</enabled>
+        <enabled>0</enabled>
+        <enabled>0</enabled>
+        <enabled>0</enabled>
+        <enabled>0</enabled>
+        <enabled>0</enabled>
+        <enabled>0</enabled>
+        <enabled>1</enabled>
+        <enabled>1</enabled>
+        <enabled>1</enabled>
+        <enabled>1</enabled>
+      <enabled>enabled</enabled>
+        <enable_wpad/>
+        <eventqueuePath/>
+        <eventqueueSlots/>
+        <events/>
+        <extendedstatistics/>
+        <fargw>0</fargw>
+      <files/>
+      <fileTags/>
+  </filter>
+  <filter>
+      </Filter>
+      <Filter version="1.0.4">
+    </Firewall>
+    <Firewall>
+    </firmware>
+    <firmware version="1.0.1">
+      <flavour/>
+        <force_down/>
+        <format/>
+      </forwarding>
+      <forwarding>
+        <from>10.100.8.10</from>
+          <fwrules>1</fwrules>
+        <gateway>172.17.0.1</gateway>
+      </gateway_item>
+      <gateway_item uuid="a6ea102d-68bb-430f-af8b-269d52498fe1">
+    </Gateways>
+    <Gateways version="1.0.0">
+        </general>
+        </general>
+        <general>
+        <general>
+      </general>
+      </general>
+      </general>
+      </general>
+      </general>
+      </general>
+      <general>
+      <general>
+      <general>
+      <general>
+      <general>
+      <general version="0.0.1">
+        </geoip>
+        <geoip>
+      <gid>1999</gid>
+    <gif/>
+  </gifs>
+  <gifs version="1.0.0">
+    <gre/>
+  </gres>
+  <gres version="1.0.0">
+    </group>
+    <group>
+      <group>admins</group>
+      <groupname>admins</groupname>
+        </ha>
+        <ha>
+        <ha_peers/>
+  </hasync>
+  <hasync version="1.0.0">
+        <hideidentity/>
+        <hideversion/>
+        <homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
+    <hostname>OPNsense</hostname>
+        <hostname>rtx4090</hostname>
+      <hosts/>
+        <httpdAllow/>
+        <httpdEnabled>0</httpdEnabled>
+        <httpdPassword/>
+        <httpdPort>2812</httpdPort>
+        <httpdUsername>root</httpdUsername>
+          <http_host>127.0.0.1</http_host>
+          <http_port>8000</http_port>
+    </IDS>
+    <IDS version="1.0.9">
+  <ifgroups version="1.0.0"/>
+      <if>le0</if>
+      <if>le1</if>
+      <if>lo0</if>
+      <inactiveTimeout>15</inactiveTimeout>
+        <incomingnumtcp/>
+        <infracachenumhosts/>
+        <infrahostttl/>
+        <infrakeepprobing/>
+        <insecuredomain/>
+      <Instances/>
+        <interface/>
+        <interface/>
+        <interface/>
+        <interface/>
+      <interface>lan</interface>
+      <interface>lan</interface>
+          <interfaces/>
+        <interfaces/>
+      <interfaces/>
+      <interfaces/>
+  </interfaces>
+  <interfaces>
+    </Interfaces>
+    <Interfaces>
+        <interfaces>wan</interfaces>
+        <interface>wan</interface>
+      <interface>wan</interface>
+      <interface>wan</interface>
+      <interface>wan</interface>
+      <interface>wan</interface>
+      <internal_dynamic>1</internal_dynamic>
+        <interval/>
+        <interval>120</interval>
+      <interval>monthly</interval>
+        <ipaddr>10.100.8.15</ipaddr>
+      <ipaddr>10.100.8.1</ipaddr>
+      <ipaddr>127.0.0.1</ipaddr>
+      <ipaddr>dhcp</ipaddr>
+      <ipaddrv6>::1</ipaddrv6>
+      <ipaddrv6>track6</ipaddrv6>
+      <ipprotocol>inet6</ipprotocol>
+        <ipprotocol>inet</ipprotocol>
+      <ipprotocol>inet</ipprotocol>
+      <ipprotocol>inet</ipprotocol>
+      <ipprotocol>inet</ipprotocol>
+      <ipprotocol>inet</ipprotocol>
+      <ipprotocol>inet</ipprotocol>
+        <ips>0</ips>
+    </IPsec>
+    <IPsec version="1.0.1">
+    <ipv6allow>1</ipv6allow>
+        It can also be used to probe for information about your internal networks. These functions come enabled
+        It can also be used to probe for information about your internal networks. These functions come enabled
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    </item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+    <item>
+      <jobs/>
+        <jostletimeout/>
+    </Kea>
+    <Kea>
+      <kex/>
+      <keyPairs/>
+      <keys/>
+      <keysig/>
+    <lagg/>
+  </laggs>
+  <laggs version="1.0.0">
+    </lan>
+    </lan>
+    <lan>
+    <lan>
+    <language>en_US</language>
+        <latencyhigh/>
+        <latencylow/>
+    <lb_use_sticky>1</lb_use_sticky>
+        <lists/>
+    </lo0>
+    <lo0>
+      <locals/>
+        <local_zone_type>transparent</local_zone_type>
+        <logfile/>
+        <loglocal>1</loglocal>
+        <loglocalactions/>
+        <LogPayload>0</LogPayload>
+        <logqueries/>
+        <logreplies/>
+        <logservfail/>
+        <logtagqueryreply/>
+        <logverbosity>1</logverbosity>
+      <loopbacks version="1.0.0"/>
+        <losshigh/>
+        <loss_interval/>
+        <losslow/>
+      </Lvtemplate>
+      <Lvtemplate version="0.0.1">
+        <mac>d8:5e:d3:e7:2c:8c</mac>
+      <macs/>
+        <mailserver>127.0.0.1</mailserver>
+        <match/>
+        <match/>
+        <match/>
+        <match/>
+        <maxfilesize/>
+        <maxpreserve>31</maxpreserve>
+      <media/>
+      <mediaopt/>
+      <member>0</member>
+      <mirror/>
+        <mmonitRegisterCredentials>1</mmonitRegisterCredentials>
+        <mmonitTimeout>5</mmonitTimeout>
+        <mmonitUrl/>
+      <mode>automatic</mode>
+    </monit>
+        <monitor/>
+        <monitor_disable>1</monitor_disable>
+        <monitor_noroute/>
+    <monit version="1.0.13">
+        <MPMAlgo/>
+        <msgcachesize/>
+        <name>$HOST</name>
+      <name>admins</name>
+        <name>carp_status_change</name>
+        <name>ChangedStatus</name>
+        <name>CPUUsage</name>
+        <name>gateway_alert</name>
+        <name>LoadAvg15</name>
+        <name>LoadAvg1</name>
+        <name>LoadAvg5</name>
+        <name>MemoryUsage</name>
+        <name>NetworkLink</name>
+        <name>NetworkSaturation</name>
+        <name>NonZeroStatus</name>
+        <name>Ping</name>
+        <name>RootFs</name>
+      <name>root</name>
+        <name>SpaceUsage</name>
+        <name>WAN_GW</name>
+  </nat>
+  <nat>
+      <neighbors version="1.0.0"/>
+    </Netflow>
+    <netflowbackup>-1</netflowbackup>
+    <Netflow version="1.0.1">
+        <network>lan</network>
+        <network>lan</network>
+        <network>(self)</network>
+        <network>wanip</network>
+        <network>wanip</network>
+    <nextgid>2000</nextgid>
+    <nextuid>2000</nextuid>
+        <noarecords/>
+      <noauto>1</noauto>
+        <noreglladdr6/>
+        <noregrecords/>
+        <noton>0</noton>
+        <npt/>
+  </ntpd>
+  <ntpd>
+        <ntpserver/>
+        <numqueriesperthread/>
+        <nxdomain/>
+        <onetoone/>
+  <openvpn/>
+    </OpenVPN>
+    </OpenVPNExport>
+    <OpenVPNExport version="0.0.1">
+    <OpenVPN version="1.0.0">
+</opnsense>
+<opnsense>
+  </OPNsense>
+  <OPNsense>
+    <optimization>normal</optimization>
+    </outbound>
+    <outbound>
+        <outgoing_interface/>
+        <outgoingnumtcp/>
+        <outgoingrange/>
+      <Overwrites/>
+        <password/>
+    <password/>
+      <password>$2y$10$YRVoF4SgskIsrXOvOQjGieB9XqHPRra9R7d80B3BZdbY/j21TwBfS</password>
+      <passwordauth>1</passwordauth>
+        <path/>
+        <path/>
+        <path/>
+        <path/>
+        <path/>
+        <path/>
+        <path/>
+        <path/>
+        <path/>
+        <path/>
+        <path/>
+        <path/>
+        <path>/</path>
+        <path>/usr/local/opnsense/scripts/OPNsense/Monit/carp_status</path>
+        <path>/usr/local/opnsense/scripts/OPNsense/Monit/gateway_alert</path>
+      <permitrootlogin>1</permitrootlogin>
+    <pf_share_forward>1</pf_share_forward>
+    <pfsyncenabled>0</pfsyncenabled>
+    <pfsyncinterface>lan</pfsyncinterface>
+    <pfsyncpeerip/>
+    <pfsyncversion>1400</pfsyncversion>
+        <pidfile/>
+        <pidfile/>
+        <pidfile/>
+        <pidfile/>
+      <pipes/>
+      <plugins/>
+      <policies/>
+        <polltime/>
+        <polltime/>
+        <polltime/>
+        <polltime/>
+      <Pools/>
+      <port/>
+        <port>22</port>
+        <port>25</port>
+        <port>443</port>
+        <port>53</port>
+        <port>80</port>
+    <powerd_ac_mode>hadp</powerd_ac_mode>
+    <powerd_battery_mode>hadp</powerd_battery_mode>
+    <powerd_normal_mode>hadp</powerd_normal_mode>
+    <ppp/>
+  </ppps>
+  <ppps>
+    <prefer>0.opnsense.pool.ntp.org</prefer>
+        <prefetch/>
+        <prefetchkey/>
+      <preSharedKeys/>
+    <primaryconsole>video</primaryconsole>
+        <priority>255</priority>
+        <privateaddress>0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10</privateaddress>
+        <privatedomain/>
+      <priv>page-all</priv>
+          <Profile/>
+        <promisc>0</promisc>
+      <protocol>https</protocol>
+      <protocol>icmp</protocol>
+      <protocol>tcp</protocol>
+      <protocol>tcp</protocol>
+      <protocol>tcp/udp</protocol>
+    <prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRRExzTERuNG1rVHhFclgKdHdqTXoxencyeHJhNTZ5bTYrYzlRNEM3UjMyMzVuWjVPM1ovdzMva01XZjkvbkZsamcyQVdYRElKY1dmOTQ0UgpFblFMdmlha2NNTHR1Qm1KTVRYZnVQWnhsSWE4Wlc0S0ZuT21UUzRZcUJXOEdCSkl3TG1DaTFvZGhZeGZQRDZMCldEZnZYMm1tWEIrUFNxL0l4WEhOSjdxZVB4YzVuSzUyMW1uNW5DQW1kUENjYmZ2Z1d1QzZOeFZtemR5em1rVC8KNnVqRUJFYTZ6RkQyUUtDN1N6a2ptZUNpd2VDQjc5NjZqeEV5UWtWUWpiVDkwWXJ4Q290TyttMkhBTlBkc2NPcQpvNldXMEhmSlNpa2k4K2NDWHlzbGRFSzFZbmxueTNFWlVqTExWamVFL1dBVTRDUFlSaFhUVUZVMjFkVXZrM29hCkVpeldVdmhKc1FHYnh2aFRUQlN3aVliOUQ3Ymx1MWl4UzJxNzczOTlVZ1E3cVM1QWE4SUdtcDg1Q2hRSUFZRWMKSTd6RGVWTGtrOGpkWkFCaTdGbDl0M05OQTU3WlVZVzErWE45K1RneWMxOVNsajFVbVF2RG96TEJDOTlNUmkvNApEQTIxRFpIODY3ekFYenFqZWUrckorQkZvNzVEQjlqd2tMTmVQZWl6bFF6dEhaalJTS2dpZ1I1T0pKa1JUci82CjduaTBtbzVITGNkU3hBSDFmdXdXS0hWS2RHQlQrNjhhYkUrZ2tRKytUOEx6dWErUW1qTE5RUWoxUkJIVjNLNVAKL3dvbXJKZG02d1ZLbm85RXlNait4azFwS05wb0F4UnR1WllmQ0RVVVBaNHVwQm1vMEs3d0Y0d21XdVdhK21Wdwplb1ZTcDRXMEhOWVJGU1pyWWxrc1AzdWViSHcva1FJREFRQUJBb0lDQUFzc3hPL2IzSTd3a0hpWU9wdmQ3b2ZxClJXVm9HM0ZHOVBkSCtrcU1DQW9zVXlpZ2lnWkZhQUZSY3BhZFBJUnBVRFZQOHQrUUx2RHhTSEtJVkNTR3lLRHgKN01mVTkxV3ZCUGtpc1NhWEV2TklEMHJ2WTJYbXl4WWdOcDBNcHdnbHhxZXlWSDNWSTFmZ09zQXpWVkpGSmtzeAp0NnVKV2U2R1lwRnlVZ3MzZytNdHhPYVJLZHcvWkFZb0dVRkR5WE5NR1JNdVRYYkg2WWxTOStFZ2RxZTJZbGtDCk41amkvODUydUlwSytXZUVnbmd1ZkVZNDdpVVhQSzFJTVB0UjRURUxOb3hkTWVBYnZBUG9La2QwMWZOWnVaQ3EKQ0dxNS9kMEQ4cDZKNjlUK3M1RnR1R1UrdkxtcUg3NmtsZjVmTTZnOFpCc2xSNStNQ0xlay9DaHRBZGU2VXBQRApXQ2EwazU3dmdneUdQdGVlVXY2RVJBMEp6SjlJd2VHZGdVWHhNdW5LK3ZSNWYydWJKWFJoMVJpNTNFSTNvVUxYClFvWm9hOTY3VzNUajQ3UzR2RlQyK2dLb0g2OXlNckdVNVkwcjJrSTFXMVVhWEJ1aVVrMi94amdyWVdTblUzUUQKZkM3ZXllTlNlN3c4UW9MMVBEYXJwVXdaK2xGZ0w3NFVScldLQU12WVhxa3NTMHVtb0tTSWo4cjZMM0hVSUVaUgpZRzhBTU91dFhrQk5lMkNpTXRKM2NYUXNIOWloQU9QL3AvaE9BTTBGNkM3Ymt1Vm85d1pRdDVESWxRWUl4TlArClFRZ2doRnhBNTlTWmpwRk00QkN5L0hEOENJY3VuSURZOVNlbXNSYXdyUVY1eGk1akFScVdOYTdBSVMvVlArdUUKQkpmS0dDNFlZVmxqS1VLeEgxVUJBb0lCQVFEcnZOWXNrd3ZhQ2Z6MlcvbkIrRjNjVE1RbjM2RENSYnZwQ0s1dApldm96TjJGbjBJdWFnN2RrYzN2NTFxTVNEd0h1cVNkVTRHUHZMcm83alpJaFNEZ1AwLzBLWmc0VmxtZE5HbEovCk1lcXhmOGRkOFdTQjZiUksrK2FRcEhaeDd2SUFTWkE4eHkvZ3F2NGJpSmlqVDhUQ2lSeXdYSTQ0ZlRYM0xLZTIKVG1Uc29XNk9yQmErSWJRYjBpTEh4WE4rZ3JDM0cxWWxIUlNvTEpKUkU0eFVLMGsvM1JLNU16RjRIYUNZb1BWOQpDOFpQellMR253SE9ERU8zbHRtSGJvQUNFa0VrT2dFV3U4RFo2YlYrMXJBcVh6WnN0L3hNZnJ5KzlMRVdYQUwvCkRnOEdkall0YzdyUTFZd1BIY1h6cFo2clVIdXh2K0p6VEE1ZzNCS1p6aWhwNFdHaEFvSUJBUURkTXE3N0dRWGMKYW5hYlMxanlFT3VzNFp5ZlJ4cW10NEVFaHZjY0dRVVVrV0IrWk11bnpyaENxb3ZwQ1dhVU9zWVhuNG45Y3BQSAo3bm1mOUJHbFI4NVhCVHNLM2d4bE5NMUhjSGFTNXZSem9WQVBNd3o2VVV0ZFNLWXRLR0Q3Wkxmbm9ISXN1SlEzCnJ6WWIyTFhpVmx6MWlNNUVmT0VrL1J5UjBwMGtleXVwa0F0OXBRV0hzaURYb0pibDE2d1ZLc2NDNGUzNjdRRWsKcFdoeXcyS3A4bXdtOGxqQllxZWtHdUREeGVZSDMzMVlGa2FMUEJCT2xPQnlveFlOUDdBVVREUlV3KzB1T01jNwozb0N1VE9jWnAxVWMwQURBOXRTRVRINklWdlFEUXZlYzR6MWRTVGRmUEkxRzVUTCt4Mzlvam5OcGVoYng0bEwvCmRxTTBmcFlPL2ZmeEFvSUJBRmwzOU8wNzdjNlY1ZHoyY1djTnhVbThGT0p4UEVrZlFEOGtYVmNOeW5HdnZoY3gKamhwWmpUdmhuSmJvd0VFMVV1MXFZNVFTQ2J1WVIzUWN1ZTVKdzRVMlZwNGd0NDIzNUlMZHo1dVlyVk1xaE5jQgpxN3ltbnhlcVhRcGVjTm15NzBQdXA0QjV0SkVYTkpQc2xzbThsNWVoaERMbkhjOFFybStlRWhUZDBlNEJJcjJoClVJeGVyRVcyemg1MXNPeTkyeVhUaVRGU3hTbENxVkYrRXM5TEVtVGJtYVNTYWw4RkY1TjEyMVhYSnkvWWRwNjkKY0dqc1BMTXIzR2xMSmVnalYzZlJUK0o1NWFxT3lhUlhCTXRBRVo3WGdUampETzJJWHNGMnNHaHV4SU1XVUYrVgp3YnhLbi9xSXVUMU1pVmpKbGZpVE0vWEFVdUN1QlowOEloaDFRcUVDZ2dFQUZwdzJySzRMSGxPM21mb2l0bU9xClkzcVFVdXVtdXNIcEt6aE1qQSsycURxUC9YdDZJY1lNcWF2YkwwL3ByMTh1bm4yTlVsM2k0ejNxS3NKOUIwTUcKd1hoa1o2RDQ3V052VkUwWG9iNS80RTN0N0EvUTFNbDRoYW1HYXZsRXFJM01DcDRvN1k5VWZ6aW10RVA3bTQ0dQpaRjYranR1ZysvSHZlS3hwcWEvNWI1U3N5QVFWUTZDZW9Ndm1nTW9CNmd2OFdid1VZbURWakJSb1Q4clBEQVllCnJnQjV1QkxJaGdyRlROMnV2TUZJZzdlTE1ISk1UR3dGWVZKd1Q1eGgrRUV0M0RoR3gwSEFnOHNqcGkxd05md1gKeENFeTRvYVloSWw1S2FDUndyK1dwZS9JZHYrajdGVTVMN1QvK0hFV0FlOEZ0eE5td3dUYWJRaUllRFkwU29ZRgpVUUtDQVFFQXRiclZqbTFsaDQ1REhIWnVsem4xNllIQzJrMUYwWG9FZFVSQ3o0QTFsMHBEK3ljL2srdmJ0Qmg0Cm1RRDV1a3FicHFFZy9GNUhDZmdOaHlieHNNdVV6NzFaU24zN2dwczNDWUdiUyt4RkhjZTJBakNTbUlYQWIxQjgKR0Z2WnV4UlB5QXU0YVBvT1J3RzM3NVBOM0VNNk83bzdxbjlYeExTZWRIMHExM2U0YkhYYm4rc2xOa1RIM2xmcwpLVnBOUUhVSUNDSW5vQ0llV1dwdnAwQnFoYjlKclRsbXd2c25zOHpZVDNiY3F5QXZHZGRnNUs3Y0MwRVJaem9ECnFJTkI3S05FVjQ1NmF0eDZVT3VYUlpKREMvaHNJUTZNaVBveUJacHRsK1ZIMEtQbEFIWGExb0FXZmNuL0U3MFYKK0RaeVBiMWxkQUdpb1hqditGd2h5VzZlWEVrQlBnPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
+    <prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpSQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1M0d2dna3FBZ0VBQW9JQ0FRREpTUWVnVFhySnl0NVYKYmk0Rk9IeHJrOXhxQ21FRU54V2pINVVwNDBFK3hjUzZQU1NyQ0RyVzdkOVhxUmQ4SkRkQ210a0tEaUxhY1pTMgpMUm1abnd6VnRzZGtBR2pOYm5OM1hSNmlFajdGL0JnbVBlcDFTaklacFNnM2Q5L1h4cU9BM1lCWXNNL25ST29YCnlmTHcycFJOLzhHVjN3MHoxbVFZUitMZWI3UTFuc1c3dTJ5NytUdzlJNkZTQnhuR1pHdHJQWXk2RUFvQ0x2bUYKQnFCYWxkWTQ2ejdlWjlIRkZXaE8ybWpaUzVPdTE3ZVozVHBxcFFNUHVPYnFXcXJoTTF2NWN2Ymh1TmRESE1ndgpVVFVnQ0RNK2FkS3dIc0dNNGw5ZGtOQTgxdGlJcXpzN1BqcjFSbTAyVW5RdGd5bzNjeE9FdWxiT2dTSGx0aFMyCmtUMXE2UmhyemYvRGRJSEhta1RROGtwWVloWGc0VmpMQVdpSVBub2dydmxFSVYwRGFDdkQyNmJGRENtWTFzb0UKbDV1NGtYanJScDRXK29NUVRHeG80NzFMQnNBMlh1Si82ZFJBQkxXOHh1cEU4OERiaWtZbnU1V1BpSnpleHhRUgoyNU1FQVd6TCtKK0lubFExbmpMVWwyN3R0c1VQQ1VjL3c0NXpwcEREdjBmdTQ2enVLcTNjRVZGK2JESytBZ2VPCkQ2SXNzUjVRRTdFNVdkWjYrNWl6ZHB4eWdUeGh0L1k1RlBkSEdCOUJsMWt6NHhsdGFzOW9uZmtIMWRUeTd3MU0Kck43Z1l5WjgvS0pMWW9EY2NBOVFuNGt6bGtPeFVUMENuS1Exa1Y2T3RoVGxUWDMrZ25pSkkrdFdZRDltNGV1cwpzYWN1anpyWDl5TTNZcEloMnZqODJ0NHpPNjIrNFFJREFRQUJBb0lDQUNPNnZpc1BIY3pzb1NjK2dkWkU1dGNNCnZkc240UDFIenVRd0VzRUcrVG1zanVWMVBZbExrbkE4OU1DQmdDejEyOFpMcU51ZlUwSDkxK1Uzbjd2MGJ1bVAKd3BpR2R4UUNOMlpZaGZ2RWE5YW1qMTNZYjBJbks3b0FKbUdrT254NW91UFl6YlBRblBNRE9WK0VKa2JwTWRxZgptOHdmOWg2OXYzSk03bUZJS0UrOVVZR252UjhuMkhETTNwR3FONEhQS1A4MkE0RXlvQ2d2a1BTelRxc052bU5ICnBOY0RURW5rNlNsWUhUVDNOSzJjVnBldUhMUzUrazlqNWI5elhUSlE5TkpVZlN6bnEvUmFpMUZVNDY1K0xpUjEKMGVPWDdnajFWUExOcGgwcWtQQy9ubW0vZStVMmZXUGZZb2FDcWkrQ0VwU2twQXlQZ1FZZTJsSG0rYVU4MzZ2UQpuaHZuL0p5ZHJDL1NyTUFZaXpOZFYyZjlHTkNwcE1SbUZyOS9saVJiNEFpSzRLSDRETGdSRUxHaDJLNzJuOFRLCkxUSVhIV3RacisyMWU4c0Mxbm5MSENnK21wMHBvSWJsbEtoYk9VTmVxR09yWm95NFBXdDZMQndFYzN0MG1wVEMKODhiSUpqMzFCQngzTGE1SUE5b0FNRi9lbHJYdFhhVnl4bm5yTHdjYzFNVWpCV20rZDVqbC9WOEdIcEJRd3pXYwpPNWdNSXlQNUIvdzBacUcyZjV1akZkOHo4dElmcEFRRTJSbDNxRUFYNU1NY1JQaFlTNDJqTWl4czc3TmtOVldQCkpqUVoxVDVXQTVKOUxEL2FKRkplQ2MvbjhpNldOQ3FzdEQ5OVNPTCsrTTBFQTlka2lLNWtOcXFZeXZuRG9SZVcKSW84eXhvVnpObURsWjBkSU9UUzlBb0lCQVFEb2tvMWxPS05FNlBWWmRRU3lmS0JOTEZNcEl1V1VVZmp0ODU4awpJTTB0TnNyS0d2N3NmYkt0dlMvOWgwMGluU2FyWTJ4amVETG91WEI5VzdKY1B1NjRoNHYwek1lbXRhdDRyTUJnClA5bkQ3MW00dERqS2ZrZDAza2tUbk4ySTBxYkwzeFVoTjNEQlJZTU9veDFMa2M4MFFFMHhSUEM1YmRJaXcwemEKTWdtK1dOZVY1VEZoSkpQZ2dVRVo5U1A2aWV1VEY0OW9wRGNWdGUwQ0I0WnFUaTRWb3YvZFVDWGpNK0djRnNWdgpPWTZYTE9KTmRldHdnUVNkd1hlSzB1WlBpWnVKTGlsTEg4OFVKYWNoQThDZW1SclMxRUtxWElwK2dkQWV4MnhVCmY5amRMMGF2SlJEY0xqWlhETXBvWlJpc0JoWVArZzY3VHZza3FscDh4M2p2STlWVkFvSUJBUURkajZrdWNLM0MKYXprMzlqYllvM3RFZ0R5L2VGNnBjWFlpK21Ba1ZNRk9vSWJ5cmNyN3BqSnRMNFMyMEFDRmpBUGFQT042dWVVWQpQQm92dC9QODB1V1c5cGZCK29mRmdadzRqc3hLWFY4eEJmOVdLWVZndFBsOHhIL1RJcERTMjhVTlowNDlhUW4vCjlCRzNac0lyenk3RzFLRTZPLzBMMnVmMnFyaUxxRFQyV3dsdFVsbWs2Ym5NeThkR0sra1JLcFhvSm1RTlNHRHoKOXd4blU2ZmZ1NDdDLzRYMHRIVk1MVFVneFh4djdqN3BpSzI4dzBuZ1N5S3ozV0IzWTJwaFVsZEJIdEprQko1RQpoRm8zMXJCVDU5enhkb2crYXh1bkh4S3EySGFHRkt0ZUZ6RGpkTTFpQzE3bWNtWXBzR2tuenA0cjRjZm5FYTFSCko4Wmo5ZVFQaEVOZEFvSUJBUUN3d2hsbXNkb2MySFVJVFZDSm13QjJSdGJaYitWT2lkS0lmdDBYcHpwcFA3aDIKVEhndEl3ZDIxayt2LzNJWGVaclhMWlJHTVNkNEN1QTgxa0ZEckt6Z1lGeDFiR0hkQ1R2T1ZuVkxjWnUvTjUxWQpMTmp3eFhMbmxyMnhnMG8zMytuWERyQlBjNFJsejcvZ2t3WUQxa2pGckkwK2dlZjI5a2w4RkRUSHJMb05DaGFuCm5PNmZweDRneGZ2Rmo3T05pZDhhQnhEK2RiaEw3dDIzNmlJMWp6K2xRQ0g0Z1I2YWhHYldxOVBZU2NWZWprVmMKbTkrWnZPVFdSU0RteUkwMExDQ2k3UXVEUmlTcmFrYVFaL3F3VHlxOHk0ZnpWS3dKby8yYU52VFZiK2xSaWNuTgorWHpMNnU5dno0L1NNZXZEYWtqQVVjdDZmbmVQa1UxK2dsZ2VZSHlWQW9JQkFRRFJtYW0wVEZhbFdXaHMvNWtOClEwTkhINFhZb1JmMGRta0xXQStCNzBoY2lOS0JYRlp0ME9GZGw1bVdsSm9adk1hY1BBUDd3MGJ1c1ZVWWxZN1YKTy9LRTZVM1I3WjlxQWw1Mnh1aU81Vnc3ZFhBRDVBM1EyZ1EzdTNFdG5VS2lwOVA0QlNYb1JLbDRJVDV0WVdJSgpyZHVUciszQ3VLT0FCcHh4Snpxa3JBRkdtZ01HRCtUTWRXd1hTU1NBeHVPYklNMW1MSU4wYVdlSEJNMFFKdnptClZIb1BFVXA1b0FwamdWVUVacTk4K0VjK0NOWkxmL2d3bndQNllsQnpRWEtQRlNXRWJwTWNtWjNjTmRWZmc5T1YKM1FDUTBkQzhNL21hRlhSRWVibE95TmtCanpEcHpVTExJUFNyVDhoRVlpWm95VGVyVGRJZVVBUEZoYnBTTUhtTApFRlhsQW9JQkFRQ0VUdVJQRHZvMC9tdDhyTzhLNENsamtuU0gxZ1FBSjFha3U3UXg3NUJUTDB6OWRNY2lMK1JLCng1R1lFTW1wcUtNb2FPbWc0WFVRMVRlQ2Vic1R0NjMyWXp6cmNCU0d1RzVnN1o0UUVublUzRXU5QklIMUVSL2gKSEk0NWowU0xNRUpObkNiTkpnRVNRRUFCbzN3cHhrRTdiRGlNdTVPOXVqMlFRVTlTTm94QkFmbVFXRDJJaU1BRQpWYzV3QTNZajBMdElSYkJmdzNBTE9uNlRSc2xucy9JMnd2Z1RCQW9sU3NZbEtEK0NRY3hDZldlNmZwU21aYmlCClBGUE9DY1ZQTXhGeXBhZWFJMkRXNWRPNFNoNGQ0ZlZma2F3ck9LN1N2QnFZb0Y5L2VndThzQS9ZdklaRVltQUQKd0ZIOGs1QjJ4WXdiNkVmNmFFQ29ZTitsNWtlWmhNWTgKLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
+        <qnameminstrict/>
+      <queues/>
+      <quick>1</quick>
+      <quick>1</quick>
+      <quick>1</quick>
+      <quick>1</quick>
+      </range>
+      <range>
+      <reboot/>
+        <recipient>root@localhost.local</recipient>
+    <refid>6734d13fa9e4a</refid>
+    <refid>6734d6c82dc59</refid>
+        <regdhcp/>
+        <regdhcpdomain/>
+        <regdhcpstatic/>
+        <reminder/>
+      <remotes/>
+        <reservations/>
+  </revision>
+  <revision>
+    <rocommunity>public</rocommunity>
+    <route/>
+  </rrd>
+  <rrd>
+    <rrdbackup>-1</rrdbackup>
+        <rrsetcachesize/>
+    </rule>
+    </rule>
+    </rule>
+    </rule>
+    </rule>
+    </rule>
+        <rules/>
+      <rules/>
+      <rules/>
+    <rule uuid="0465308d-8605-466c-bcb4-95eeb989251a">
+    <rule uuid="2df05591-13e7-4d91-a1b8-d25e338ada5f">
+    <rule uuid="4a5e7b65-0d7f-4452-8a29-2ec61a47ec19">
+    <rule uuid="b21f808a-6a4a-4cd6-9a83-1660cc8ea58b">
+    <rule uuid="f2ee612c-c290-4445-8045-df82a86db0e5">
+    <rule uuid="f79eded0-3c11-4f57-9aaa-55d4888589fa">
+        <safesearch/>
+      <scope>system</scope>
+      <scope>system</scope>
+    <secondaryconsole>serial</secondaryconsole>
+    <sequence>system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show</sequence>
+    <serialspeed>115200</serialspeed>
+        <serveexpired/>
+        <serveexpiredclienttimeout/>
+        <serveexpiredreplyttl/>
+        <serveexpiredttl/>
+        <serveexpiredttlreset/>
+      </server>
+        <servers/>
+      <servers/>
+      <server version="1.0.0">
+      </service>
+      </service>
+      </service>
+      </service>
+      <service uuid="7513f341-7d21-4f11-903f-30d07b3aa41e">
+      <service uuid="c1e99556-91f5-4dbf-81d7-7915a3213de9">
+      <service uuid="dca8a81f-d389-4baa-b477-8b348194fd25">
+      <service uuid="f99ada79-ba1a-4ee1-81f1-ef570e8e5ea9">
+        <snatrules/>
+  </snmpd>
+  <snmpd>
+      </source>
+      </source>
+      </source>
+      </source>
+      </source>
+      </source>
+      <source>
+      <source>
+      <source>
+      <source>
+      <source>
+      <source>
+      <SPDs/>
+      <spoofmac/>
+    </ssh>
+    <ssh>
+        <ssl>0</ssl>
+      <ssl-certref>6734d6c82dc59</ssl-certref>
+      <ssl-ciphers/>
+        <sslverify>1</sslverify>
+        <sslversion>auto</sslversion>
+        <start/>
+        <start/>
+        <start/>
+        <start/>
+        <startdelay>120</startdelay>
+        <starttimeout>30</starttimeout>
+        <starttimeout>30</starttimeout>
+        <starttimeout>30</starttimeout>
+        <starttimeout>30</starttimeout>
+        <statefile/>
+      <statetype>keep state</statetype>
+      <statetype>keep state</statetype>
+      <statetype>keep state</statetype>
+      <statetype>keep state</statetype>
+      <StaticKeys/>
+      </staticmap>
+      <staticmap>
+  </staticroutes>
+  <staticroutes version="1.0.0">
+        <stats/>
+        <stop/>
+        <stop/>
+        <stop/>
+        <stop/>
+      <subnet>24</subnet>
+      <subnet>8</subnet>
+        <subnets/>
+      <subnetv6>128</subnetv6>
+      <subnetv6>64</subnetv6>
+      <subscription/>
+    </Swanctl>
+    <Swanctl version="1.0.0">
+    <synchronizetoip/>
+    <syncitems/>
+    <syscontact/>
+  </sysctl>
+  <sysctl>
+    <syslocation/>
+  <syslog/>
+    </Syslog>
+        <syslog>0</syslog>
+        <syslog_eve>0</syslog_eve>
+    <Syslog version="1.0.2">
+  </system>
+  <system>
+        <targets/>
+        <templates/>
+      <templates/>
+      </test>
+      </test>
+      </test>
+      </test>
+      </test>
+      </test>
+      </test>
+      </test>
+      </test>
+      </test>
+      </test>
+        <tests>865105a2-cbea-4a01-9979-c67818da9d99</tests>
+        <tests>91b4e409-211b-49d5-9fa3-dc9054106646,cbe9cb72-e8c2-4740-990c-abcc486b0654,c0708923-88de-4178-abdd-819737440ce0,e887125d-c5d2-45e6-b40d-2c400d5449d1</tests>
+        <tests>cc3684f2-701e-4de4-883d-803e08cf47b6</tests>
+        <tests>f2d734cb-2a0e-4375-9460-11bdd5b20503</tests>
+      <test uuid="16186b38-0e13-4cc3-ad18-ccc3fcc91837">
+      <test uuid="69117d4d-8c41-4712-97c0-87b4fa7c9837">
+      <test uuid="865105a2-cbea-4a01-9979-c67818da9d99">
+      <test uuid="91b4e409-211b-49d5-9fa3-dc9054106646">
+      <test uuid="c0708923-88de-4178-abdd-819737440ce0">
+      <test uuid="c34aab30-9194-4667-b516-004b9c90c1c0">
+      <test uuid="cbe9cb72-e8c2-4740-990c-abcc486b0654">
+      <test uuid="cc3684f2-701e-4de4-883d-803e08cf47b6">
+      <test uuid="e887125d-c5d2-45e6-b40d-2c400d5449d1">
+      <test uuid="ea6b821c-4f30-455b-bd5b-23a6f0c20554">
+      <test uuid="f2d734cb-2a0e-4375-9460-11bdd5b20503">
+  <theme>opnsense</theme>
+          <this_server_name/>
+        <time>1731518072.7612</time>
+        <time>1731518072.7612</time>
+        <time>1731518084.0639</time>
+        <time>1731518084.0639</time>
+        <time>1731518114.2801</time>
+        <time>1731518114.2801</time>
+        <time>1731518311.7033</time>
+        <time>1731518356.7559</time>
+    <time>1731534516.7156</time>
+        <timeout>300</timeout>
+        <timeout>300</timeout>
+        <timeout>300</timeout>
+        <timeout>300</timeout>
+        <time_period/>
+    <timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
+    <timezone>Etc/UTC</timezone>
+        <to>10.100.8.245</to>
+          <toclient_groups/>
+          <toserver_groups/>
+      <track6-interface>wan</track6-interface>
+      <track6-prefix-id>0</track6-prefix-id>
+    </TrafficShaper>
+    <TrafficShaper version="1.0.3">
+      <tunable>hw.ibrs_disable</tunable>
+      <tunable>hw.syscons.kbd_reboot</tunable>
+      <tunable>kern.ipc.maxsockbuf</tunable>
+      <tunable>kern.randompid</tunable>
+      <tunable>net.inet6.ip6.prefer_tempaddr</tunable>
+      <tunable>net.inet6.ip6.redirect</tunable>
+      <tunable>net.inet6.ip6.use_tempaddr</tunable>
+      <tunable>net.inet.icmp.icmplim</tunable>
+      <tunable>net.inet.icmp.log_redirect</tunable>
+      <tunable>net.inet.ip.accept_sourceroute</tunable>
+      <tunable>net.inet.ip.portrange.first</tunable>
+      <tunable>net.inet.ip.random_id</tunable>
+      <tunable>net.inet.ip.redirect</tunable>
+      <tunable>net.inet.ip.sourceroute</tunable>
+      <tunable>net.inet.tcp.blackhole</tunable>
+      <tunable>net.inet.tcp.delayed_ack</tunable>
+      <tunable>net.inet.tcp.drop_synfin</tunable>
+      <tunable>net.inet.tcp.log_debug</tunable>
+      <tunable>net.inet.tcp.recvspace</tunable>
+      <tunable>net.inet.tcp.sendspace</tunable>
+      <tunable>net.inet.tcp.syncookies</tunable>
+      <tunable>net.inet.tcp.tso</tunable>
+      <tunable>net.inet.udp.blackhole</tunable>
+      <tunable>net.inet.udp.checksum</tunable>
+      <tunable>net.inet.udp.maxdgram</tunable>
+      <tunable>net.link.bridge.pfil_bridge</tunable>
+      <tunable>net.link.bridge.pfil_local_phys</tunable>
+      <tunable>net.link.bridge.pfil_member</tunable>
+      <tunable>net.link.bridge.pfil_onlyip</tunable>
+      <tunable>net.link.tap.user_open</tunable>
+      <tunable>net.local.dgram.maxdgram</tunable>
+      <tunable>security.bsd.see_other_gids</tunable>
+      <tunable>security.bsd.see_other_uids</tunable>
+      <tunable>vfs.read_max</tunable>
+      <tunable>vm.pmap.pti</tunable>
+        <txtsupport/>
+        <type/>
+      <type/>
+        <type>custom</type>
+        <type>custom</type>
+        <type>filesystem</type>
+        <type>NetworkInterface</type>
+        <type>NetworkInterface</type>
+        <type>NetworkPing</type>
+      <type>none</type>
+      <type>pass</type>
+      <type>pass</type>
+      <type>pass</type>
+      <type>pass</type>
+      <type>pass</type>
+      <type>pass</type>
+        <type>ProgramStatus</type>
+        <type>ProgramStatus</type>
+        <type>SpaceUsage</type>
+        <type>SystemResource</type>
+        <type>SystemResource</type>
+        <type>SystemResource</type>
+        <type>SystemResource</type>
+        <type>SystemResource</type>
+        <type>system</type>
+      <uid>0</uid>
+    </unboundplus>
+    <unboundplus version="1.0.9">
+        <unwantedreplythreshold/>
+        <UpdateCron/>
+      </updated>
+      </updated>
+      </updated>
+      </updated>
+      <updated>
+      <updated>
+      <updated>
+      <updated>
+        up your logs consuming your whole hard drive.</descr>
+          <url/>
+    </user>
+    <user>
+      <userDefinedRules/>
+        <username/>
+    <username/>
+        <username>root@192.168.5.204</username>
+        <username>root@192.168.5.204</username>
+        <username>root@192.168.5.204</username>
+        <username>root@192.168.5.204</username>
+        <username>root@192.168.5.204</username>
+        <username>root@192.168.5.204</username>
+        <username>root@192.168.5.204</username>
+        <username>root@192.168.5.204</username>
+    <username>root@192.168.5.204</username>
+    <usevirtualterminal>1</usevirtualterminal>
+          <valid_lifetime>4000</valid_lifetime>
+        <valloglevel>0</valloglevel>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+      <value>default</value>
+        <verbosity/>
+        <version>v9</version>
+    <vip/>
+      <virtual>1</virtual>
+  </virtualip>
+  <virtualip version="1.0.0">
+    <vlan/>
+  </vlans>
+  <vlans version="1.0.0">
+      <VTIs/>
+      <vxlans version="1.0.2"/>
+    </wan>
+    <wan>
+    </webgui>
+    <webgui>
+        <weight>1</weight>
+        <whitelists/>
+  </widgets>
+  <widgets>
+        <wildcards/>
+        <winsserver/>
+    </wireguard>
+    <wireguard>
+  </wireless>
+  <wireless>
+<?xml version="1.0"?>
+      <zones/>

From b14d0ab6862ad7ddaef5b3c58a033504400f8eb7 Mon Sep 17 00:00:00 2001
From: Jean-Gabriel Gill-Couture <jeangabriel.gc@gmail.com>
Date: Fri, 22 Nov 2024 14:15:23 -0500
Subject: [PATCH 17/19] feat: Can now save configuration, refactored repository
 into manager as it also executes commands to reload services and calling it a
 repository was found misleading by @stremblay"

---
 harmony-rs/Cargo.lock                         |  66 +++++-
 harmony-rs/opnsense-config/Cargo.toml         |   1 +
 .../opnsense-config/src/config/config.rs      |  24 +-
 .../src/config/manager/local_file.rs          |  26 +++
 .../opnsense-config/src/config/manager/mod.rs |  13 ++
 .../opnsense-config/src/config/manager/ssh.rs | 206 ++++++++++++++++++
 harmony-rs/opnsense-config/src/config/mod.rs  |   4 +-
 .../opnsense-config/src/config/repository.rs  | 151 -------------
 harmony-rs/opnsense-config/src/error.rs       |   4 +
 harmony-rs/opnsense-config/src/lib.rs         |  12 +-
 10 files changed, 334 insertions(+), 173 deletions(-)
 create mode 100644 harmony-rs/opnsense-config/src/config/manager/local_file.rs
 create mode 100644 harmony-rs/opnsense-config/src/config/manager/mod.rs
 create mode 100644 harmony-rs/opnsense-config/src/config/manager/ssh.rs
 delete mode 100644 harmony-rs/opnsense-config/src/config/repository.rs

diff --git a/harmony-rs/Cargo.lock b/harmony-rs/Cargo.lock
index 59198b1..2e70148 100644
--- a/harmony-rs/Cargo.lock
+++ b/harmony-rs/Cargo.lock
@@ -67,6 +67,21 @@ dependencies = [
  "memchr",
 ]
 
+[[package]]
+name = "android-tzdata"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e999941b234f3131b00bc13c22d06e8c5ff726d1b6318ac7eb276997bbb4fef0"
+
+[[package]]
+name = "android_system_properties"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311"
+dependencies = [
+ "libc",
+]
+
 [[package]]
 name = "anstream"
 version = "0.6.15"
@@ -243,9 +258,9 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
 
 [[package]]
 name = "bytes"
-version = "1.7.1"
+version = "1.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8318a53db07bb3f8dca91a600466bdb3f2eaadeedfdbcf02e1accbad9271ba50"
+checksum = "9ac0150caa2ae65ca5bd83f25c7de183dea78d4d366469f148435e2acfbad0da"
 
 [[package]]
 name = "cbc"
@@ -282,6 +297,20 @@ dependencies = [
  "cpufeatures",
 ]
 
+[[package]]
+name = "chrono"
+version = "0.4.38"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a21f936df1771bf62b77f047b726c4625ff2e8aa607c01ec06e5a05bd8463401"
+dependencies = [
+ "android-tzdata",
+ "iana-time-zone",
+ "js-sys",
+ "num-traits",
+ "wasm-bindgen",
+ "windows-targets 0.52.6",
+]
+
 [[package]]
 name = "cidr"
 version = "0.2.3"
@@ -950,6 +979,29 @@ dependencies = [
  "tokio-native-tls",
 ]
 
+[[package]]
+name = "iana-time-zone"
+version = "0.1.61"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "235e081f3925a06703c2d0117ea8b91f042756fd6e7a6e5d901e8ca1a996b220"
+dependencies = [
+ "android_system_properties",
+ "core-foundation-sys",
+ "iana-time-zone-haiku",
+ "js-sys",
+ "wasm-bindgen",
+ "windows-core",
+]
+
+[[package]]
+name = "iana-time-zone-haiku"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f"
+dependencies = [
+ "cc",
+]
+
 [[package]]
 name = "idna"
 version = "0.5.0"
@@ -1246,6 +1298,7 @@ name = "opnsense-config"
 version = "0.1.0"
 dependencies = [
  "async-trait",
+ "chrono",
  "env_logger",
  "log",
  "opnsense-config-xml",
@@ -2440,6 +2493,15 @@ version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
 
+[[package]]
+name = "windows-core"
+version = "0.52.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9"
+dependencies = [
+ "windows-targets 0.52.6",
+]
+
 [[package]]
 name = "windows-sys"
 version = "0.48.0"
diff --git a/harmony-rs/opnsense-config/Cargo.toml b/harmony-rs/opnsense-config/Cargo.toml
index 8acb92d..97c74f0 100644
--- a/harmony-rs/opnsense-config/Cargo.toml
+++ b/harmony-rs/opnsense-config/Cargo.toml
@@ -15,6 +15,7 @@ thiserror = "1.0"
 async-trait = { workspace = true }
 tokio = { workspace = true }
 opnsense-config-xml = { path = "../opnsense-config-xml" }
+chrono = "0.4.38"
 
 [dev-dependencies]
 pretty_assertions = "1.4.1"
diff --git a/harmony-rs/opnsense-config/src/config/config.rs b/harmony-rs/opnsense-config/src/config/config.rs
index b842638..f87823e 100644
--- a/harmony-rs/opnsense-config/src/config/config.rs
+++ b/harmony-rs/opnsense-config/src/config/config.rs
@@ -2,17 +2,17 @@ use crate::{error::Error, modules::dhcp::DhcpConfig};
 use log::trace;
 use opnsense_config_xml::OPNsense;
 
-use super::ConfigRepository;
+use super::ConfigManager;
 
 #[derive(Debug)]
 pub struct Config {
     opnsense: OPNsense,
-    repository: Box<dyn ConfigRepository + Send + Sync>,
+    repository: Box<dyn ConfigManager + Send + Sync>,
 }
 
 impl Config {
-    pub async fn new(repository: Box<dyn ConfigRepository + Send + Sync>) -> Result<Self, Error> {
-        let xml = repository.load().await?;
+    pub async fn new(repository: Box<dyn ConfigManager + Send + Sync>) -> Result<Self, Error> {
+        let xml = repository.load_as_str().await?;
         trace!("xml {}", xml);
 
         let opnsense = OPNsense::from(xml);
@@ -27,14 +27,14 @@ impl Config {
         DhcpConfig::new(&mut self.opnsense)
     }
 
-    pub async fn save(&self) -> Result<(), Error> {
-        self.repository.save(&self.opnsense.to_xml()).await
+    pub async fn apply(&self) -> Result<(), Error> {
+        self.repository.apply_new_config(&self.opnsense.to_xml()).await
     }
 }
 
 #[cfg(test)]
 mod tests {
-    use crate::config::LocalFileConfigRepository;
+    use crate::config::LocalFileConfigManager;
     use crate::modules::dhcp::DhcpConfig;
     use std::fs;
     use std::net::Ipv4Addr;
@@ -55,8 +55,8 @@ mod tests {
 
             let config_file_path = test_file_path.to_str().unwrap().to_string();
             println!("File path {config_file_path}");
-            let repository = Box::new(LocalFileConfigRepository::new(config_file_path));
-            let config_file_str = repository.load().await.unwrap();
+            let repository = Box::new(LocalFileConfigManager::new(config_file_path));
+            let config_file_str = repository.load_as_str().await.unwrap();
             let config = Config::new(repository)
                 .await
                 .expect("Failed to load config");
@@ -82,7 +82,7 @@ mod tests {
 
         let config_file_path = test_file_path.to_str().unwrap().to_string();
         println!("File path {config_file_path}");
-        let repository = Box::new(LocalFileConfigRepository::new(config_file_path));
+        let repository = Box::new(LocalFileConfigManager::new(config_file_path));
         let mut config = Config::new(repository)
             .await
             .expect("Failed to load config");
@@ -107,8 +107,8 @@ mod tests {
 
         let config_file_path = test_file_path.to_str().unwrap().to_string();
         println!("File path {config_file_path}");
-        let repository = Box::new(LocalFileConfigRepository::new(config_file_path));
-        let expected_config_file_str = repository.load().await.unwrap();
+        let repository = Box::new(LocalFileConfigManager::new(config_file_path));
+        let expected_config_file_str = repository.load_as_str().await.unwrap();
         assert_eq!(expected_config_file_str, serialized);
     }
 }
diff --git a/harmony-rs/opnsense-config/src/config/manager/local_file.rs b/harmony-rs/opnsense-config/src/config/manager/local_file.rs
new file mode 100644
index 0000000..7e773c8
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/config/manager/local_file.rs
@@ -0,0 +1,26 @@
+use crate::config::manager::ConfigManager;
+use crate::error::Error;
+use async_trait::async_trait;
+use std::fs;
+
+#[derive(Debug)]
+pub struct LocalFileConfigManager {
+    file_path: String,
+}
+
+impl LocalFileConfigManager {
+    pub fn new(file_path: String) -> Self {
+        Self { file_path }
+    }
+}
+
+#[async_trait]
+impl ConfigManager for LocalFileConfigManager {
+    async fn load_as_str(&self) -> Result<String, Error> {
+        Ok(fs::read_to_string(&self.file_path)?)
+    }
+
+    async fn apply_new_config(&self, content: &str) -> Result<(), Error> {
+        Ok(fs::write(&self.file_path, content)?)
+    }
+}
diff --git a/harmony-rs/opnsense-config/src/config/manager/mod.rs b/harmony-rs/opnsense-config/src/config/manager/mod.rs
new file mode 100644
index 0000000..4ac2142
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/config/manager/mod.rs
@@ -0,0 +1,13 @@
+mod ssh;
+mod local_file;
+use async_trait::async_trait;
+pub use ssh::*;
+pub use local_file::*;
+
+use crate::Error;
+
+#[async_trait]
+pub trait ConfigManager: std::fmt::Debug {
+    async fn load_as_str(&self) -> Result<String, Error>;
+    async fn apply_new_config(&self, content: &str) -> Result<(), Error>;
+}
diff --git a/harmony-rs/opnsense-config/src/config/manager/ssh.rs b/harmony-rs/opnsense-config/src/config/manager/ssh.rs
new file mode 100644
index 0000000..2fe4e81
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/config/manager/ssh.rs
@@ -0,0 +1,206 @@
+use crate::config::manager::ConfigManager;
+use crate::error::Error;
+use async_trait::async_trait;
+use log::{debug, info};
+use russh::{
+    client::{Config as SshConfig, Handler, Msg},
+    Channel,
+};
+use russh_keys::key::{self, KeyPair};
+use russh_sftp::client::SftpSession;
+use std::{
+    net::Ipv4Addr,
+    sync::Arc,
+    time::{SystemTime, UNIX_EPOCH},
+};
+use tokio::io::AsyncWriteExt;
+
+struct Client {}
+
+#[async_trait]
+impl Handler for Client {
+    type Error = Error;
+
+    async fn check_server_key(
+        &mut self,
+        _server_public_key: &key::PublicKey,
+    ) -> Result<bool, Self::Error> {
+        Ok(true)
+    }
+}
+
+#[derive(Debug)]
+pub enum SshCredentials {
+    SshKey { username: String, key: Arc<KeyPair> },
+    Password { username: String, password: String },
+}
+
+#[derive(Debug)]
+pub struct SshConfigManager {
+    ssh_config: Arc<SshConfig>,
+    credentials: SshCredentials,
+    host: (Ipv4Addr, u16),
+}
+
+impl SshConfigManager {
+    pub fn new(
+        host: (Ipv4Addr, u16),
+        credentials: SshCredentials,
+        ssh_config: Arc<SshConfig>,
+    ) -> Self {
+        Self {
+            ssh_config,
+            credentials,
+            host,
+        }
+    }
+}
+
+impl SshConfigManager {
+    async fn get_ssh_channel(&self) -> Result<Channel<Msg>, Error> {
+        let mut ssh = russh::client::connect(self.ssh_config.clone(), self.host, Client {}).await?;
+
+        match &self.credentials {
+            SshCredentials::SshKey { username, key } => {
+                ssh.authenticate_publickey(username, key.clone()).await?;
+            }
+            SshCredentials::Password { username, password } => {
+                ssh.authenticate_password(username, password).await?;
+            }
+        }
+
+        Ok(ssh.channel_open_session().await?)
+    }
+
+    async fn write_content_to_temp_file(&self, content: &str) -> Result<String, Error> {
+        let temp_filename = format!(
+            "/tmp/opnsense-config-tmp-config_{}",
+            SystemTime::now()
+                .duration_since(UNIX_EPOCH)
+                .unwrap()
+                .as_millis()
+        );
+        let channel = self.get_ssh_channel().await?;
+        channel
+            .request_subsystem(true, "sftp")
+            .await
+            .expect("Should request sftp subsystem");
+        let sftp = SftpSession::new(channel.into_stream())
+            .await
+            .expect("Should acquire sftp subsystem");
+
+        let mut file = sftp.create(&temp_filename).await.unwrap();
+        file.write_all(content.as_bytes()).await?;
+
+        Ok(temp_filename)
+    }
+    async fn backup_config_remote(&self) -> Result<String, Error> {
+        let backup_filename = format!("config_{}.xml", chrono::Local::now().format("%Y%m%d%H%M%S"));
+
+        self.run_command(&format!("cp /conf/config.xml /tmp/{}", backup_filename))
+            .await
+    }
+
+    async fn move_to_live_config(&self, new_config_path: &str) -> Result<String, Error> {
+        info!("Overwriting OPNSense /conf/config.xml with {new_config_path}");
+        self.run_command(&format!("mv {new_config_path} /conf/config.xml"))
+            .await
+    }
+
+    async fn reload_all_services(&self) -> Result<String, Error> {
+        info!("Reloading all opnsense services");
+        self.run_command(&format!("configctl service reload all"))
+            .await
+    }
+
+    async fn run_command(&self, command: &str) -> Result<String, Error> {
+        debug!("Running ssh command {command}");
+        let mut channel = self.get_ssh_channel().await?;
+        channel.exec(true, command).await?;
+        wait_for_completion(&mut channel).await
+    }
+}
+
+#[async_trait]
+impl ConfigManager for SshConfigManager {
+    async fn load_as_str(&self) -> Result<String, Error> {
+        let mut channel = self.get_ssh_channel().await?;
+
+        channel.exec(true, "cat /conf/config.xml").await?;
+        let mut output: Vec<u8> = vec![];
+        loop {
+            let Some(msg) = channel.wait().await else {
+                break;
+            };
+
+            info!("got msg {:?}", msg);
+            match msg {
+                russh::ChannelMsg::Data { ref data } => {
+                    output.append(&mut data.to_vec());
+                }
+                russh::ChannelMsg::ExitStatus { .. } => {}
+                russh::ChannelMsg::WindowAdjusted { .. } => {}
+                russh::ChannelMsg::Success { .. } => {}
+                russh::ChannelMsg::Eof { .. } => {}
+                _ => todo!(),
+            }
+        }
+        Ok(String::from_utf8(output).expect("Valid utf-8 bytes"))
+    }
+
+    async fn apply_new_config(&self, content: &str) -> Result<(), Error> {
+        let temp_filename = self.write_content_to_temp_file(content).await?;
+        self.backup_config_remote().await?;
+        self.move_to_live_config(&temp_filename).await?;
+        self.reload_all_services().await?;
+
+        // TODO
+        // 1. use russh to copy the current opnsense /conf/config.xml to the backup folder with a
+        // proper name
+        //
+        // 2. use russh scp functionality to copy the content directly into a file
+        // if necessary, save it first to a local file with minimal permissions in
+        // /tmp/{randomname}
+        //
+        // 3. Use opnsense cli to validate the config file
+        //
+        // 4. Reload all opnsense services using opnsense cli (still through russh commands)
+        //
+        todo!("apply_new_config not fully implemented yet")
+    }
+}
+
+async fn wait_for_completion(channel: &mut Channel<Msg>) -> Result<String, Error> {
+    let mut output = Vec::new();
+
+    loop {
+        let Some(msg) = channel.wait().await else {
+            break;
+        };
+
+        match msg {
+            russh::ChannelMsg::ExtendedData { ref data, .. }
+            | russh::ChannelMsg::Data { ref data } => {
+                output.append(&mut data.to_vec());
+            }
+            russh::ChannelMsg::ExitStatus { exit_status } => {
+                if exit_status != 0 {
+                    return Err(Error::Command(format!(
+                        "Command failed with exit status {exit_status}, output {}",
+                        String::from_utf8(output).unwrap_or_default()
+                    )));
+                }
+            }
+            russh::ChannelMsg::Success { .. }
+            | russh::ChannelMsg::WindowAdjusted { .. }
+            | russh::ChannelMsg::Eof { .. } => {}
+            _ => {
+                return Err(Error::Unexpected(format!(
+                    "Russh got unexpected msg {msg:?}"
+                )))
+            }
+        }
+    }
+
+    Ok(String::from_utf8(output).unwrap_or_default())
+}
diff --git a/harmony-rs/opnsense-config/src/config/mod.rs b/harmony-rs/opnsense-config/src/config/mod.rs
index 8b814a4..10751ce 100644
--- a/harmony-rs/opnsense-config/src/config/mod.rs
+++ b/harmony-rs/opnsense-config/src/config/mod.rs
@@ -1,4 +1,4 @@
 mod config;
-mod repository;
-pub use repository::*;
+mod manager;
+pub use manager::*;
 pub use config::*;
diff --git a/harmony-rs/opnsense-config/src/config/repository.rs b/harmony-rs/opnsense-config/src/config/repository.rs
deleted file mode 100644
index ecb2c2a..0000000
--- a/harmony-rs/opnsense-config/src/config/repository.rs
+++ /dev/null
@@ -1,151 +0,0 @@
-use crate::error::Error;
-use async_trait::async_trait;
-use log::info;
-use russh::{
-    client::{Config as SshConfig, Handler, Msg},
-    Channel,
-};
-use russh_keys::key::{self, KeyPair};
-use std::{fs, net::Ipv4Addr, sync::Arc};
-
-#[async_trait]
-pub trait ConfigRepository: std::fmt::Debug {
-    async fn load(&self) -> Result<String, Error>;
-    async fn save(&self, content: &str) -> Result<(), Error>;
-}
-
-struct Client {}
-
-#[async_trait]
-impl Handler for Client {
-    type Error = Error;
-
-    async fn check_server_key(
-        &mut self,
-        _server_public_key: &key::PublicKey,
-    ) -> Result<bool, Self::Error> {
-        Ok(true)
-    }
-}
-
-#[derive(Debug)]
-pub enum SshCredentials {
-    SshKey { username: String, key: Arc<KeyPair> },
-    Password { username: String, password: String },
-}
-
-#[derive(Debug)]
-pub struct SshConfigRepository {
-    ssh_config: Arc<SshConfig>,
-    credentials: SshCredentials,
-    host: (Ipv4Addr, u16),
-}
-
-impl SshConfigRepository {
-    pub fn new(
-        host: (Ipv4Addr, u16),
-        credentials: SshCredentials,
-        ssh_config: Arc<SshConfig>,
-    ) -> Self {
-        Self {
-            ssh_config,
-            credentials,
-            host,
-        }
-    }
-}
-
-impl SshConfigRepository {
-    async fn get_ssh_channel(&self) -> Result<Channel<Msg>, Error> {
-        let mut ssh = russh::client::connect(self.ssh_config.clone(), self.host, Client {}).await?;
-
-        match &self.credentials {
-            SshCredentials::SshKey { username, key } => {
-                ssh.authenticate_publickey(username, key.clone()).await?;
-            }
-            SshCredentials::Password { username, password } => {
-                ssh.authenticate_password(username, password).await?;
-            }
-        }
-
-        Ok(ssh.channel_open_session().await?)
-    }
-}
-
-#[async_trait]
-impl ConfigRepository for SshConfigRepository {
-    async fn load(&self) -> Result<String, Error> {
-        let mut channel = self.get_ssh_channel().await?;
-
-        channel.exec(true, "cat /conf/config.xml").await?;
-        let mut output: Vec<u8> = vec![];
-        loop {
-            let Some(msg) = channel.wait().await else {
-                break;
-            };
-
-            info!("got msg {:?}", msg);
-            match msg {
-                russh::ChannelMsg::Data { ref data } => {
-                    output.append(&mut data.to_vec());
-                }
-                russh::ChannelMsg::ExitStatus { .. } => {}
-                russh::ChannelMsg::WindowAdjusted { .. } => {}
-                russh::ChannelMsg::Success { .. } => {}
-                russh::ChannelMsg::Eof { .. } => {}
-                _ => todo!(),
-            }
-        }
-        Ok(String::from_utf8(output).expect("Valid utf-8 bytes"))
-    }
-
-    async fn save(&self, content: &str) -> Result<(), Error> {
-        todo!("Backup, Validate, Reload config file");
-        let mut channel = self.get_ssh_channel().await?;
-
-        let command = format!(
-            "echo '{}' > /conf/config.xml",
-            content.replace("'", "'\"'\"'")
-        );
-        channel.exec(true, command.as_bytes()).await?;
-
-        loop {
-            let Some(msg) = channel.wait().await else {
-                break;
-            };
-
-            match msg {
-                russh::ChannelMsg::ExitStatus { exit_status } => {
-                    if exit_status != 0 {
-                        return Err(Error::Ssh(russh::Error::Disconnect));
-                    }
-                }
-                _ => {}
-            }
-        }
-
-        Ok(())
-    }
-}
-
-#[derive(Debug)]
-pub struct LocalFileConfigRepository {
-    file_path: String,
-}
-
-impl LocalFileConfigRepository {
-    pub fn new(file_path: String) -> Self {
-        Self { file_path }
-    }
-}
-
-#[async_trait]
-impl ConfigRepository for LocalFileConfigRepository {
-    async fn load(&self) -> Result<String, Error> {
-        Ok(fs::read_to_string(&self.file_path)?)
-    }
-
-    async fn save(&self, content: &str) -> Result<(), Error> {
-        Ok(fs::write(&self.file_path, content)?)
-    }
-}
diff --git a/harmony-rs/opnsense-config/src/error.rs b/harmony-rs/opnsense-config/src/error.rs
index 733746b..03d3075 100644
--- a/harmony-rs/opnsense-config/src/error.rs
+++ b/harmony-rs/opnsense-config/src/error.rs
@@ -6,8 +6,12 @@ pub enum Error {
     Xml(String),
     #[error("SSH error: {0}")]
     Ssh(#[from] russh::Error),
+    #[error("Command failed : {0}")]
+    Command(String),
     #[error("I/O error: {0}")]
     Io(#[from] std::io::Error),
     #[error("Config error: {0}")]
     Config(String),
+    #[error("Unexpected error: {0}")]
+    Unexpected(String),
 }
diff --git a/harmony-rs/opnsense-config/src/lib.rs b/harmony-rs/opnsense-config/src/lib.rs
index 1b7af7f..c835f06 100644
--- a/harmony-rs/opnsense-config/src/lib.rs
+++ b/harmony-rs/opnsense-config/src/lib.rs
@@ -6,7 +6,7 @@ pub use config::Config;
 pub use error::Error;
 #[cfg(test)]
 mod test {
-    use config::SshConfigRepository;
+    use config::SshConfigManager;
     use russh::client;
     use std::{net::Ipv4Addr, sync::Arc, time::Duration};
 
@@ -28,18 +28,18 @@ mod test {
         };
 
         let repo =
-            SshConfigRepository::new((Ipv4Addr::new(192, 168, 5, 229), 22), credentials, config);
+            SshConfigManager::new((Ipv4Addr::new(192, 168, 5, 229), 22), credentials, config);
+
         let mut config = Config::new(Box::new(repo)).await.unwrap();
         config
             .dhcp()
             .add_static_mapping(
-                "test_mac",
-                Ipv4Addr::new(192, 168, 168, 168),
+                "11:22:33:44:55:66",
+                Ipv4Addr::new(10, 100, 8, 200),
                 "test_hostname",
             )
             .unwrap();
 
-        todo!();
-        // opnsense.apply_changes().await;
+        config.apply().await.unwrap();
     }
 }

From d30e909b83287bd236629bc3a4aaacee0d5b2b74 Mon Sep 17 00:00:00 2001
From: Jean-Gabriel Gill-Couture <jeangabriel.gc@gmail.com>
Date: Sat, 23 Nov 2024 15:07:04 -0500
Subject: [PATCH 18/19] feat(opnsense-config): Public API now complete for dhcp
 add_static_mapping and remove_static_mapping, not perfect but good enough to
 move forward

---
 harmony-rs/Cargo.lock                         | 151 ++++++++++++++-
 harmony-rs/opnsense-config-xml/src/lib.rs     |   1 +
 harmony-rs/opnsense-config/Cargo.toml         |   2 +
 .../opnsense-config/src/config/config.rs      |  33 ++--
 .../opnsense-config/src/config/manager/ssh.rs | 176 ++----------------
 harmony-rs/opnsense-config/src/config/mod.rs  |   2 +
 .../opnsense-config/src/config/shell/mod.rs   |  27 +++
 .../opnsense-config/src/config/shell/ssh.rs   | 141 ++++++++++++++
 harmony-rs/opnsense-config/src/lib.rs         |  55 ++++--
 .../opnsense-config/src/modules/dhcp.rs       |  71 +++++--
 10 files changed, 461 insertions(+), 198 deletions(-)
 create mode 100644 harmony-rs/opnsense-config/src/config/shell/mod.rs
 create mode 100644 harmony-rs/opnsense-config/src/config/shell/ssh.rs

diff --git a/harmony-rs/Cargo.lock b/harmony-rs/Cargo.lock
index 2e70148..6831b38 100644
--- a/harmony-rs/Cargo.lock
+++ b/harmony-rs/Cargo.lock
@@ -58,6 +58,19 @@ dependencies = [
  "subtle",
 ]
 
+[[package]]
+name = "ahash"
+version = "0.8.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e89da841a80418a9b391ebaea17f5c112ffaaa96f621d2c285b5174da76b9011"
+dependencies = [
+ "cfg-if",
+ "const-random",
+ "once_cell",
+ "version_check",
+ "zerocopy",
+]
+
 [[package]]
 name = "aho-corasick"
 version = "1.1.3"
@@ -203,6 +216,9 @@ name = "bitflags"
 version = "2.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de"
+dependencies = [
+ "serde",
+]
 
 [[package]]
 name = "bitvec"
@@ -339,6 +355,26 @@ version = "0.9.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"
 
+[[package]]
+name = "const-random"
+version = "0.1.18"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "87e00182fe74b066627d63b85fd550ac2998d4b0bd86bfed477a0ae4c7c71359"
+dependencies = [
+ "const-random-macro",
+]
+
+[[package]]
+name = "const-random-macro"
+version = "0.1.16"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f9d839f2a20b0aee515dc581a6172f2321f96cab76c1a38a4c584a194955390e"
+dependencies = [
+ "getrandom",
+ "once_cell",
+ "tiny-keccak",
+]
+
 [[package]]
 name = "core-foundation"
 version = "0.9.4"
@@ -373,6 +409,12 @@ dependencies = [
  "cfg-if",
 ]
 
+[[package]]
+name = "crunchy"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7a81dae078cea95a014a339291cec439d2f232ebe854a9d672b796c6afafa9b7"
+
 [[package]]
 name = "crypto-bigint"
 version = "0.5.5"
@@ -627,6 +669,18 @@ dependencies = [
  "miniz_oxide 0.8.0",
 ]
 
+[[package]]
+name = "flurry"
+version = "0.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cf5efcf77a4da27927d3ab0509dec5b0954bb3bc59da5a1de9e52642ebd4cdf9"
+dependencies = [
+ "ahash",
+ "num_cpus",
+ "parking_lot",
+ "seize",
+]
+
 [[package]]
 name = "fnv"
 version = "1.0.7"
@@ -1099,6 +1153,16 @@ version = "0.4.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89"
 
+[[package]]
+name = "lock_api"
+version = "0.4.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "07af8b9cdd281b7915f413fa73f29ebd5d55d0d3f0155584dade1ff18cea1b17"
+dependencies = [
+ "autocfg",
+ "scopeguard",
+]
+
 [[package]]
 name = "log"
 version = "0.4.22"
@@ -1228,6 +1292,16 @@ dependencies = [
  "libm",
 ]
 
+[[package]]
+name = "num_cpus"
+version = "1.16.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43"
+dependencies = [
+ "hermit-abi",
+ "libc",
+]
+
 [[package]]
 name = "object"
 version = "0.36.4"
@@ -1305,7 +1379,9 @@ dependencies = [
  "pretty_assertions",
  "russh",
  "russh-keys",
+ "russh-sftp",
  "serde",
+ "serde_json",
  "thiserror",
  "tokio",
 ]
@@ -1364,6 +1440,29 @@ dependencies = [
  "sha2",
 ]
 
+[[package]]
+name = "parking_lot"
+version = "0.12.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f1bf18183cf54e8d6059647fc3063646a1801cf30896933ec2311622cc4b9a27"
+dependencies = [
+ "lock_api",
+ "parking_lot_core",
+]
+
+[[package]]
+name = "parking_lot_core"
+version = "0.9.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1e401f977ab385c9e4e3ab30627d6f26d00e2c73eef317493c4ec6d468726cf8"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "redox_syscall",
+ "smallvec",
+ "windows-targets 0.52.6",
+]
+
 [[package]]
 name = "password-hash"
 version = "0.4.2"
@@ -1582,6 +1681,15 @@ dependencies = [
  "getrandom",
 ]
 
+[[package]]
+name = "redox_syscall"
+version = "0.5.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9b6dfecf2c74bce2466cabf93f6664d6998a69eb21e39f4207930065b27b771f"
+dependencies = [
+ "bitflags 2.6.0",
+]
+
 [[package]]
 name = "regex"
 version = "1.10.6"
@@ -1786,6 +1894,24 @@ dependencies = [
  "zeroize",
 ]
 
+[[package]]
+name = "russh-sftp"
+version = "2.0.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c2a72c8afe2041c17435eecd85d0b7291841486fd3d1c4082e0b212e5437ca42"
+dependencies = [
+ "async-trait",
+ "bitflags 2.6.0",
+ "bytes",
+ "chrono",
+ "flurry",
+ "log",
+ "serde",
+ "thiserror",
+ "tokio",
+ "tokio-util",
+]
+
 [[package]]
 name = "rust-ipmi"
 version = "0.1.1"
@@ -1862,6 +1988,12 @@ dependencies = [
  "windows-sys 0.52.0",
 ]
 
+[[package]]
+name = "scopeguard"
+version = "1.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
+
 [[package]]
 name = "scrypt"
 version = "0.11.0"
@@ -1910,6 +2042,12 @@ dependencies = [
  "libc",
 ]
 
+[[package]]
+name = "seize"
+version = "0.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "689224d06523904ebcc9b482c6a3f4f7fb396096645c4cd10c0d2ff7371a34d3"
+
 [[package]]
 name = "semver"
 version = "1.0.23"
@@ -1938,9 +2076,9 @@ dependencies = [
 
 [[package]]
 name = "serde_json"
-version = "1.0.128"
+version = "1.0.133"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6ff5456707a1de34e7e37f2a6fd3d3f808c318259cbd01ab6377795054b483d8"
+checksum = "c7fceb2473b9166b2294ef05efcb65a3db80803f0b03ef86a5fc88a2b85ee377"
 dependencies = [
  "itoa",
  "memchr",
@@ -2193,6 +2331,15 @@ dependencies = [
  "syn 2.0.77",
 ]
 
+[[package]]
+name = "tiny-keccak"
+version = "2.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2c9d3793400a45f954c52e73d068316d76b6f4e36977e3fcebb13a2721e80237"
+dependencies = [
+ "crunchy",
+]
+
 [[package]]
 name = "tinyvec"
 version = "1.8.0"
diff --git a/harmony-rs/opnsense-config-xml/src/lib.rs b/harmony-rs/opnsense-config-xml/src/lib.rs
index aa934ca..f210ae5 100644
--- a/harmony-rs/opnsense-config-xml/src/lib.rs
+++ b/harmony-rs/opnsense-config-xml/src/lib.rs
@@ -1,3 +1,4 @@
 mod xml_utils;
 mod data;
 pub use data::*;
+pub use yaserde::MaybeString;
diff --git a/harmony-rs/opnsense-config/Cargo.toml b/harmony-rs/opnsense-config/Cargo.toml
index 97c74f0..b75f146 100644
--- a/harmony-rs/opnsense-config/Cargo.toml
+++ b/harmony-rs/opnsense-config/Cargo.toml
@@ -16,6 +16,8 @@ async-trait = { workspace = true }
 tokio = { workspace = true }
 opnsense-config-xml = { path = "../opnsense-config-xml" }
 chrono = "0.4.38"
+russh-sftp = "2.0.6"
+serde_json = "1.0.133"
 
 [dev-dependencies]
 pretty_assertions = "1.4.1"
diff --git a/harmony-rs/opnsense-config/src/config/config.rs b/harmony-rs/opnsense-config/src/config/config.rs
index f87823e..29dbd29 100644
--- a/harmony-rs/opnsense-config/src/config/config.rs
+++ b/harmony-rs/opnsense-config/src/config/config.rs
@@ -1,17 +1,23 @@
+use std::sync::Arc;
+
 use crate::{error::Error, modules::dhcp::DhcpConfig};
 use log::trace;
 use opnsense_config_xml::OPNsense;
 
-use super::ConfigManager;
+use super::{ConfigManager, OPNsenseShell};
 
 #[derive(Debug)]
 pub struct Config {
     opnsense: OPNsense,
-    repository: Box<dyn ConfigManager + Send + Sync>,
+    repository: Arc<dyn ConfigManager>,
+    shell: Arc<dyn OPNsenseShell>,
 }
 
 impl Config {
-    pub async fn new(repository: Box<dyn ConfigManager + Send + Sync>) -> Result<Self, Error> {
+    pub async fn new(
+        repository: Arc<dyn ConfigManager>,
+        shell: Arc<dyn OPNsenseShell>,
+    ) -> Result<Self, Error> {
         let xml = repository.load_as_str().await?;
         trace!("xml {}", xml);
 
@@ -20,21 +26,24 @@ impl Config {
         Ok(Self {
             opnsense,
             repository,
+            shell,
         })
     }
 
     pub fn dhcp(&mut self) -> DhcpConfig {
-        DhcpConfig::new(&mut self.opnsense)
+        DhcpConfig::new(&mut self.opnsense, self.shell.clone())
     }
 
     pub async fn apply(&self) -> Result<(), Error> {
-        self.repository.apply_new_config(&self.opnsense.to_xml()).await
+        self.repository
+            .apply_new_config(&self.opnsense.to_xml())
+            .await
     }
 }
 
 #[cfg(test)]
 mod tests {
-    use crate::config::LocalFileConfigManager;
+    use crate::config::{DummyOPNSenseShell, LocalFileConfigManager};
     use crate::modules::dhcp::DhcpConfig;
     use std::fs;
     use std::net::Ipv4Addr;
@@ -55,9 +64,10 @@ mod tests {
 
             let config_file_path = test_file_path.to_str().unwrap().to_string();
             println!("File path {config_file_path}");
-            let repository = Box::new(LocalFileConfigManager::new(config_file_path));
+            let repository = Arc::new(LocalFileConfigManager::new(config_file_path));
+            let shell = Arc::new(DummyOPNSenseShell {});
             let config_file_str = repository.load_as_str().await.unwrap();
-            let config = Config::new(repository)
+            let config = Config::new(repository, shell)
                 .await
                 .expect("Failed to load config");
 
@@ -82,14 +92,15 @@ mod tests {
 
         let config_file_path = test_file_path.to_str().unwrap().to_string();
         println!("File path {config_file_path}");
-        let repository = Box::new(LocalFileConfigManager::new(config_file_path));
-        let mut config = Config::new(repository)
+        let repository = Arc::new(LocalFileConfigManager::new(config_file_path));
+        let shell = Arc::new(DummyOPNSenseShell {});
+        let mut config = Config::new(repository, shell.clone())
             .await
             .expect("Failed to load config");
 
         println!("Config {:?}", config);
 
-        let mut dhcp_config = DhcpConfig::new(&mut config.opnsense);
+        let mut dhcp_config = DhcpConfig::new(&mut config.opnsense, shell);
         dhcp_config
             .add_static_mapping(
                 "00:00:00:00:00:00",
diff --git a/harmony-rs/opnsense-config/src/config/manager/ssh.rs b/harmony-rs/opnsense-config/src/config/manager/ssh.rs
index 2fe4e81..a32298b 100644
--- a/harmony-rs/opnsense-config/src/config/manager/ssh.rs
+++ b/harmony-rs/opnsense-config/src/config/manager/ssh.rs
@@ -1,33 +1,9 @@
-use crate::config::manager::ConfigManager;
+use crate::config::{manager::ConfigManager, OPNsenseShell};
 use crate::error::Error;
 use async_trait::async_trait;
-use log::{debug, info};
-use russh::{
-    client::{Config as SshConfig, Handler, Msg},
-    Channel,
-};
-use russh_keys::key::{self, KeyPair};
-use russh_sftp::client::SftpSession;
-use std::{
-    net::Ipv4Addr,
-    sync::Arc,
-    time::{SystemTime, UNIX_EPOCH},
-};
-use tokio::io::AsyncWriteExt;
-
-struct Client {}
-
-#[async_trait]
-impl Handler for Client {
-    type Error = Error;
-
-    async fn check_server_key(
-        &mut self,
-        _server_public_key: &key::PublicKey,
-    ) -> Result<bool, Self::Error> {
-        Ok(true)
-    }
-}
+use log::info;
+use russh_keys::key::KeyPair;
+use std::sync::Arc;
 
 #[derive(Debug)]
 pub enum SshCredentials {
@@ -37,170 +13,50 @@ pub enum SshCredentials {
 
 #[derive(Debug)]
 pub struct SshConfigManager {
-    ssh_config: Arc<SshConfig>,
-    credentials: SshCredentials,
-    host: (Ipv4Addr, u16),
+    opnsense_shell: Arc<dyn OPNsenseShell>,
 }
 
 impl SshConfigManager {
-    pub fn new(
-        host: (Ipv4Addr, u16),
-        credentials: SshCredentials,
-        ssh_config: Arc<SshConfig>,
-    ) -> Self {
-        Self {
-            ssh_config,
-            credentials,
-            host,
-        }
+    pub fn new(opnsense_shell: Arc<dyn OPNsenseShell>) -> Self {
+        Self { opnsense_shell }
     }
 }
 
 impl SshConfigManager {
-    async fn get_ssh_channel(&self) -> Result<Channel<Msg>, Error> {
-        let mut ssh = russh::client::connect(self.ssh_config.clone(), self.host, Client {}).await?;
-
-        match &self.credentials {
-            SshCredentials::SshKey { username, key } => {
-                ssh.authenticate_publickey(username, key.clone()).await?;
-            }
-            SshCredentials::Password { username, password } => {
-                ssh.authenticate_password(username, password).await?;
-            }
-        }
-
-        Ok(ssh.channel_open_session().await?)
-    }
-
-    async fn write_content_to_temp_file(&self, content: &str) -> Result<String, Error> {
-        let temp_filename = format!(
-            "/tmp/opnsense-config-tmp-config_{}",
-            SystemTime::now()
-                .duration_since(UNIX_EPOCH)
-                .unwrap()
-                .as_millis()
-        );
-        let channel = self.get_ssh_channel().await?;
-        channel
-            .request_subsystem(true, "sftp")
-            .await
-            .expect("Should request sftp subsystem");
-        let sftp = SftpSession::new(channel.into_stream())
-            .await
-            .expect("Should acquire sftp subsystem");
-
-        let mut file = sftp.create(&temp_filename).await.unwrap();
-        file.write_all(content.as_bytes()).await?;
-
-        Ok(temp_filename)
-    }
     async fn backup_config_remote(&self) -> Result<String, Error> {
         let backup_filename = format!("config_{}.xml", chrono::Local::now().format("%Y%m%d%H%M%S"));
 
-        self.run_command(&format!("cp /conf/config.xml /tmp/{}", backup_filename))
+        self.opnsense_shell.exec(&format!("cp /conf/config.xml /tmp/{}", backup_filename))
             .await
     }
 
     async fn move_to_live_config(&self, new_config_path: &str) -> Result<String, Error> {
         info!("Overwriting OPNSense /conf/config.xml with {new_config_path}");
-        self.run_command(&format!("mv {new_config_path} /conf/config.xml"))
+        self.opnsense_shell.exec(&format!("mv {new_config_path} /conf/config.xml"))
             .await
     }
 
     async fn reload_all_services(&self) -> Result<String, Error> {
         info!("Reloading all opnsense services");
-        self.run_command(&format!("configctl service reload all"))
+        self.opnsense_shell.exec(&format!("configctl service reload all"))
             .await
     }
-
-    async fn run_command(&self, command: &str) -> Result<String, Error> {
-        debug!("Running ssh command {command}");
-        let mut channel = self.get_ssh_channel().await?;
-        channel.exec(true, command).await?;
-        wait_for_completion(&mut channel).await
-    }
 }
 
 #[async_trait]
 impl ConfigManager for SshConfigManager {
     async fn load_as_str(&self) -> Result<String, Error> {
-        let mut channel = self.get_ssh_channel().await?;
-
-        channel.exec(true, "cat /conf/config.xml").await?;
-        let mut output: Vec<u8> = vec![];
-        loop {
-            let Some(msg) = channel.wait().await else {
-                break;
-            };
-
-            info!("got msg {:?}", msg);
-            match msg {
-                russh::ChannelMsg::Data { ref data } => {
-                    output.append(&mut data.to_vec());
-                }
-                russh::ChannelMsg::ExitStatus { .. } => {}
-                russh::ChannelMsg::WindowAdjusted { .. } => {}
-                russh::ChannelMsg::Success { .. } => {}
-                russh::ChannelMsg::Eof { .. } => {}
-                _ => todo!(),
-            }
-        }
-        Ok(String::from_utf8(output).expect("Valid utf-8 bytes"))
+        self.opnsense_shell.exec("cat /conf/config.xml").await
     }
 
     async fn apply_new_config(&self, content: &str) -> Result<(), Error> {
-        let temp_filename = self.write_content_to_temp_file(content).await?;
+        let temp_filename = self
+            .opnsense_shell
+            .write_content_to_temp_file(content)
+            .await?;
         self.backup_config_remote().await?;
         self.move_to_live_config(&temp_filename).await?;
         self.reload_all_services().await?;
-
-        // TODO
-        // 1. use russh to copy the current opnsense /conf/config.xml to the backup folder with a
-        // proper name
-        //
-        // 2. use russh scp functionality to copy the content directly into a file
-        // if necessary, save it first to a local file with minimal permissions in
-        // /tmp/{randomname}
-        //
-        // 3. Use opnsense cli to validate the config file
-        //
-        // 4. Reload all opnsense services using opnsense cli (still through russh commands)
-        //
-        todo!("apply_new_config not fully implemented yet")
+        Ok(())
     }
 }
-
-async fn wait_for_completion(channel: &mut Channel<Msg>) -> Result<String, Error> {
-    let mut output = Vec::new();
-
-    loop {
-        let Some(msg) = channel.wait().await else {
-            break;
-        };
-
-        match msg {
-            russh::ChannelMsg::ExtendedData { ref data, .. }
-            | russh::ChannelMsg::Data { ref data } => {
-                output.append(&mut data.to_vec());
-            }
-            russh::ChannelMsg::ExitStatus { exit_status } => {
-                if exit_status != 0 {
-                    return Err(Error::Command(format!(
-                        "Command failed with exit status {exit_status}, output {}",
-                        String::from_utf8(output).unwrap_or_default()
-                    )));
-                }
-            }
-            russh::ChannelMsg::Success { .. }
-            | russh::ChannelMsg::WindowAdjusted { .. }
-            | russh::ChannelMsg::Eof { .. } => {}
-            _ => {
-                return Err(Error::Unexpected(format!(
-                    "Russh got unexpected msg {msg:?}"
-                )))
-            }
-        }
-    }
-
-    Ok(String::from_utf8(output).unwrap_or_default())
-}
diff --git a/harmony-rs/opnsense-config/src/config/mod.rs b/harmony-rs/opnsense-config/src/config/mod.rs
index 10751ce..e84bee9 100644
--- a/harmony-rs/opnsense-config/src/config/mod.rs
+++ b/harmony-rs/opnsense-config/src/config/mod.rs
@@ -1,4 +1,6 @@
 mod config;
 mod manager;
+mod shell;
 pub use manager::*;
 pub use config::*;
+pub use shell::*;
diff --git a/harmony-rs/opnsense-config/src/config/shell/mod.rs b/harmony-rs/opnsense-config/src/config/shell/mod.rs
new file mode 100644
index 0000000..3a644a6
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/config/shell/mod.rs
@@ -0,0 +1,27 @@
+mod ssh;
+pub use ssh::*;
+
+use async_trait::async_trait;
+
+use crate::Error;
+
+#[async_trait]
+pub trait OPNsenseShell: std::fmt::Debug + Send + Sync {
+    async fn exec(&self, command: &str) -> Result<String, Error>;
+    async fn write_content_to_temp_file(&self, content: &str) -> Result<String, Error>;
+}
+
+#[cfg(test)]
+#[derive(Debug)]
+pub struct DummyOPNSenseShell;
+
+#[cfg(test)]
+#[async_trait]
+impl OPNsenseShell for DummyOPNSenseShell {
+    async fn exec(&self, _command: &str) -> Result<String, Error> {
+        unimplemented!("This is a dummy implementation");
+    }
+    async fn write_content_to_temp_file(&self, _content: &str) -> Result<String, Error> {
+        unimplemented!("This is a dummy implementation");
+    }
+}
diff --git a/harmony-rs/opnsense-config/src/config/shell/ssh.rs b/harmony-rs/opnsense-config/src/config/shell/ssh.rs
new file mode 100644
index 0000000..62ff391
--- /dev/null
+++ b/harmony-rs/opnsense-config/src/config/shell/ssh.rs
@@ -0,0 +1,141 @@
+use std::{
+    net::Ipv4Addr,
+    sync::Arc,
+    time::{SystemTime, UNIX_EPOCH},
+};
+
+use async_trait::async_trait;
+use log::debug;
+use russh::{
+    client::{Config, Handler, Msg},
+    Channel,
+};
+use russh_keys::key;
+use russh_sftp::client::SftpSession;
+use tokio::io::AsyncWriteExt;
+
+use crate::{config::SshCredentials, Error};
+
+use super::OPNsenseShell;
+
+#[derive(Debug)]
+pub struct SshOPNSenseShell {
+    host: (Ipv4Addr, u16),
+    credentials: SshCredentials,
+    ssh_config: Arc<Config>,
+}
+
+#[async_trait]
+impl OPNsenseShell for SshOPNSenseShell {
+    async fn exec(&self, command: &str) -> Result<String, Error> {
+        self.run_command(command).await
+    }
+
+    async fn write_content_to_temp_file(&self, content: &str) -> Result<String, Error> {
+        let temp_filename = format!(
+            "/tmp/opnsense-config-tmp-config_{}",
+            SystemTime::now()
+                .duration_since(UNIX_EPOCH)
+                .unwrap()
+                .as_millis()
+        );
+        let channel = self.get_ssh_channel().await?;
+        channel
+            .request_subsystem(true, "sftp")
+            .await
+            .expect("Should request sftp subsystem");
+        let sftp = SftpSession::new(channel.into_stream())
+            .await
+            .expect("Should acquire sftp subsystem");
+
+        let mut file = sftp.create(&temp_filename).await.unwrap();
+        file.write_all(content.as_bytes()).await?;
+
+        Ok(temp_filename)
+    }
+}
+
+impl SshOPNSenseShell {
+    pub async fn get_ssh_channel(&self) -> Result<Channel<Msg>, Error> {
+        let mut ssh = russh::client::connect(self.ssh_config.clone(), self.host, Client {}).await?;
+
+        match &self.credentials {
+            SshCredentials::SshKey { username, key } => {
+                ssh.authenticate_publickey(username, key.clone()).await?;
+            }
+            SshCredentials::Password { username, password } => {
+                ssh.authenticate_password(username, password).await?;
+            }
+        }
+
+        Ok(ssh.channel_open_session().await?)
+    }
+
+    async fn run_command(&self, command: &str) -> Result<String, Error> {
+        debug!("Running ssh command {command}");
+        let mut channel = self.get_ssh_channel().await?;
+        channel.exec(true, command).await?;
+        wait_for_completion(&mut channel).await
+    }
+
+    pub fn new(
+        host: (Ipv4Addr, u16),
+        credentials: SshCredentials,
+        ssh_config: Arc<Config>,
+    ) -> Self {
+        Self {
+            host,
+            credentials,
+            ssh_config,
+        }
+    }
+}
+
+struct Client {}
+
+#[async_trait]
+impl Handler for Client {
+    type Error = Error;
+
+    async fn check_server_key(
+        &mut self,
+        _server_public_key: &key::PublicKey,
+    ) -> Result<bool, Self::Error> {
+        Ok(true)
+    }
+}
+
+async fn wait_for_completion(channel: &mut Channel<Msg>) -> Result<String, Error> {
+    let mut output = Vec::new();
+
+    loop {
+        let Some(msg) = channel.wait().await else {
+            break;
+        };
+
+        match msg {
+            russh::ChannelMsg::ExtendedData { ref data, .. }
+            | russh::ChannelMsg::Data { ref data } => {
+                output.append(&mut data.to_vec());
+            }
+            russh::ChannelMsg::ExitStatus { exit_status } => {
+                if exit_status != 0 {
+                    return Err(Error::Command(format!(
+                        "Command failed with exit status {exit_status}, output {}",
+                        String::from_utf8(output).unwrap_or_default()
+                    )));
+                }
+            }
+            russh::ChannelMsg::Success { .. }
+            | russh::ChannelMsg::WindowAdjusted { .. }
+            | russh::ChannelMsg::Eof { .. } => {}
+            _ => {
+                return Err(Error::Unexpected(format!(
+                    "Russh got unexpected msg {msg:?}"
+                )))
+            }
+        }
+    }
+
+    Ok(String::from_utf8(output).unwrap_or_default())
+}
diff --git a/harmony-rs/opnsense-config/src/lib.rs b/harmony-rs/opnsense-config/src/lib.rs
index c835f06..00a411b 100644
--- a/harmony-rs/opnsense-config/src/lib.rs
+++ b/harmony-rs/opnsense-config/src/lib.rs
@@ -7,16 +7,37 @@ pub use error::Error;
 #[cfg(test)]
 mod test {
     use config::SshConfigManager;
+    use opnsense_config_xml::StaticMap;
     use russh::client;
     use std::{net::Ipv4Addr, sync::Arc, time::Duration};
 
     use crate::{
-        config::{self, SshCredentials},
+        config::{self, SshCredentials, SshOPNSenseShell},
         Config,
     };
+    use pretty_assertions::assert_eq;
 
     #[tokio::test]
     async fn test_public_sdk() {
+        let mac = "11:22:33:44:55:66";
+        let ip = Ipv4Addr::new(10, 100, 8, 200);
+        let hostname = "test_hostname";
+
+        remove_static_mapping(mac).await;
+
+        // Make sure static mapping does not exist anymore
+        let static_mapping_removed = get_static_mappings().await;
+        assert!(!static_mapping_removed.iter().any(|e| e.mac == mac));
+
+        add_static_mapping(mac, ip, hostname).await;
+
+        // Make sure static mapping has been added successfully
+        let static_mapping_added = get_static_mappings().await;
+        assert_eq!(static_mapping_added.len(), static_mapping_removed.len() + 1);
+        assert!(static_mapping_added.iter().any(|e| e.mac == mac));
+    }
+
+    async fn initialize_config() -> Config {
         let config = Arc::new(client::Config {
             inactivity_timeout: Some(Duration::from_secs(5)),
             ..<_>::default()
@@ -27,19 +48,29 @@ mod test {
             password: String::from("opnsense"),
         };
 
-        let repo =
-            SshConfigManager::new((Ipv4Addr::new(192, 168, 5, 229), 22), credentials, config);
+        let shell = Arc::new(SshOPNSenseShell::new(
+            (Ipv4Addr::new(192, 168, 5, 229), 22),
+            credentials,
+            config,
+        ));
+        let manager = Arc::new(SshConfigManager::new(shell.clone()));
+        Config::new(manager, shell).await.unwrap()
+    }
 
-        let mut config = Config::new(Box::new(repo)).await.unwrap();
-        config
-            .dhcp()
-            .add_static_mapping(
-                "11:22:33:44:55:66",
-                Ipv4Addr::new(10, 100, 8, 200),
-                "test_hostname",
-            )
-            .unwrap();
+    async fn get_static_mappings() -> Vec<StaticMap> {
+        let mut config = initialize_config().await;
+        config.dhcp().get_static_mappings().await.unwrap()
+    }
 
+    async fn add_static_mapping(mac: &str, ip: Ipv4Addr, hostname: &str) {
+        let mut config = initialize_config().await;
+        config.dhcp().add_static_mapping(mac, ip, hostname).unwrap();
+        config.apply().await.unwrap();
+    }
+
+    async fn remove_static_mapping(mac: &str) {
+        let mut config = initialize_config().await;
+        config.dhcp().remove_static_mapping(mac);
         config.apply().await.unwrap();
     }
 }
diff --git a/harmony-rs/opnsense-config/src/modules/dhcp.rs b/harmony-rs/opnsense-config/src/modules/dhcp.rs
index 983c1d5..a337cac 100644
--- a/harmony-rs/opnsense-config/src/modules/dhcp.rs
+++ b/harmony-rs/opnsense-config/src/modules/dhcp.rs
@@ -1,12 +1,18 @@
+use opnsense_config_xml::MaybeString;
 use opnsense_config_xml::Range;
 use opnsense_config_xml::StaticMap;
 use std::cmp::Ordering;
 use std::net::Ipv4Addr;
+use std::sync::Arc;
 
 use opnsense_config_xml::OPNsense;
 
+use crate::config::OPNsenseShell;
+use crate::Error;
+
 pub struct DhcpConfig<'a> {
     opnsense: &'a mut OPNsense,
+    opnsense_shell: Arc<dyn OPNsenseShell>,
 }
 
 #[derive(Debug)]
@@ -39,8 +45,27 @@ impl std::fmt::Display for DhcpError {
 impl std::error::Error for DhcpError {}
 
 impl<'a> DhcpConfig<'a> {
-    pub fn new(opnsense: &'a mut OPNsense) -> Self {
-        Self { opnsense }
+    pub fn new(opnsense: &'a mut OPNsense, opnsense_shell: Arc<dyn OPNsenseShell>) -> Self {
+        Self {
+            opnsense,
+            opnsense_shell,
+        }
+    }
+
+    pub fn remove_static_mapping(&mut self, mac: &str) {
+        let lan_dhcpd = self.get_lan_dhcpd();
+        lan_dhcpd.staticmaps.retain(|static_entry| static_entry.mac != mac);
+    }
+
+    fn get_lan_dhcpd(&mut self) -> &mut opnsense_config_xml::DhcpInterface {
+        &mut self
+            .opnsense
+            .dhcpd
+            .elements
+            .iter_mut()
+            .find(|(name, _config)| return name == "lan")
+            .expect("Interface lan should have dhcpd activated")
+            .1
     }
 
     pub fn add_static_mapping(
@@ -51,16 +76,9 @@ impl<'a> DhcpConfig<'a> {
     ) -> Result<(), DhcpError> {
         let mac = mac.to_string();
         let hostname = hostname.to_string();
-        let lan_dhcpd = &mut self
-            .opnsense
-            .dhcpd
-            .elements
-            .iter_mut()
-            .find(|(name, _config)| return name == "lan")
-            .expect("Interface lan should have dhcpd activated")
-            .1;
-
+        let lan_dhcpd = self.get_lan_dhcpd();
         let range = &lan_dhcpd.range;
+        let existing_mappings: &mut Vec<StaticMap> = &mut lan_dhcpd.staticmaps;
 
         if !Self::is_valid_mac(&mac) {
             return Err(DhcpError::InvalidMacAddress(mac));
@@ -70,8 +88,6 @@ impl<'a> DhcpConfig<'a> {
             return Err(DhcpError::IpAddressOutOfRange(ipaddr.to_string()));
         }
 
-        let existing_mappings: &mut Vec<StaticMap> = &mut lan_dhcpd.staticmaps;
-
         if existing_mappings.iter().any(|m| {
             m.ipaddr
                 .parse::<Ipv4Addr>()
@@ -128,6 +144,35 @@ impl<'a> DhcpConfig<'a> {
             return false;
         }
     }
+
+    pub async fn get_static_mappings(&self) -> Result<Vec<StaticMap>, Error> {
+        let list_static_output = self
+            .opnsense_shell
+            .exec("configctl dhcpd list static")
+            .await?;
+
+        let value: serde_json::Value = serde_json::from_str(&list_static_output).expect(&format!(
+            "Got invalid json from configctl {list_static_output}"
+        ));
+        let static_maps = value["dhcpd"]
+            .as_array()
+            .ok_or(Error::Command(format!(
+                "Invalid DHCP data from configctl command, got {list_static_output}"
+            )))?
+            .iter()
+            .map(|entry| StaticMap {
+                mac: entry["mac"].as_str().unwrap_or_default().to_string(),
+                ipaddr: entry["ipaddr"].as_str().unwrap_or_default().to_string(),
+                hostname: entry["hostname"].as_str().unwrap_or_default().to_string(),
+                descr: entry["descr"].as_str().map(MaybeString::from),
+                winsserver: MaybeString::default(),
+                dnsserver: MaybeString::default(),
+                ntpserver: MaybeString::default(),
+            })
+            .collect();
+
+        Ok(static_maps)
+    }
 }
 
 #[cfg(test)]

From 9c18c8be6d81bd06ac6ed01a9025d2b4a49bdfd5 Mon Sep 17 00:00:00 2001
From: jeangab <jeangabriel.gc@gmail.com>
Date: Tue, 26 Nov 2024 15:58:42 -0500
Subject: [PATCH 19/19] Integrated opnsense-config API in harmony, pretty easy,
 pretty happy. very much encouraging

---
 harmony-rs/Cargo.lock                         | 35 +----------
 harmony-rs/Cargo.toml                         |  4 +-
 harmony-rs/harmony/Cargo.toml                 |  2 +-
 harmony-rs/harmony/src/domain/topology/mod.rs |  1 +
 .../harmony/src/domain/topology/network.rs    | 25 +++++++-
 .../harmony/src/infra/opnsense/config.rs      | 43 --------------
 harmony-rs/harmony/src/infra/opnsense/mod.rs  | 58 +++++++++++--------
 harmony-rs/harmony/src/modules/dhcp.rs        | 18 ++++--
 harmony-rs/opnsense-config-xml/Cargo.toml     |  3 +
 .../opnsense-config/src/config/config.rs      | 26 ++++++++-
 .../opnsense-config/src/config/manager/mod.rs |  2 +-
 .../opnsense-config/src/config/shell/ssh.rs   | 10 +---
 harmony-rs/opnsense-config/src/lib.rs         | 27 +--------
 13 files changed, 108 insertions(+), 146 deletions(-)
 delete mode 100644 harmony-rs/harmony/src/infra/opnsense/config.rs

diff --git a/harmony-rs/Cargo.lock b/harmony-rs/Cargo.lock
index 6831b38..22e902d 100644
--- a/harmony-rs/Cargo.lock
+++ b/harmony-rs/Cargo.lock
@@ -895,6 +895,7 @@ dependencies = [
  "env_logger",
  "libredfish",
  "log",
+ "opnsense-config",
  "reqwest",
  "russh",
  "rust-ipmi",
@@ -902,7 +903,6 @@ dependencies = [
  "serde",
  "serde_json",
  "tokio",
- "xml_dom",
 ]
 
 [[package]]
@@ -1627,15 +1627,6 @@ dependencies = [
  "unicode-ident",
 ]
 
-[[package]]
-name = "quick-xml"
-version = "0.36.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f7649a7b4df05aed9ea7ec6f628c67c9953a43869b8bc50929569b2999d443fe"
-dependencies = [
- "memchr",
-]
-
 [[package]]
 name = "quote"
 version = "1.0.37"
@@ -2430,21 +2421,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef"
 dependencies = [
  "pin-project-lite",
- "tracing-attributes",
  "tracing-core",
 ]
 
-[[package]]
-name = "tracing-attributes"
-version = "0.1.27"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.77",
-]
-
 [[package]]
 name = "tracing-core"
 version = "0.1.32"
@@ -2822,18 +2801,6 @@ version = "0.8.22"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "af4e2e2f7cba5a093896c1e150fbfe177d1883e7448200efb81d40b9d339ef26"
 
-[[package]]
-name = "xml_dom"
-version = "0.2.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "836bd445caf6b9e969199f2a9667d58b433b286ddb515764303ab75a6d17e51f"
-dependencies = [
- "log",
- "quick-xml",
- "regex",
- "tracing",
-]
-
 [[package]]
 name = "yansi"
 version = "1.0.1"
diff --git a/harmony-rs/Cargo.toml b/harmony-rs/Cargo.toml
index bd5e6b8..20aba71 100644
--- a/harmony-rs/Cargo.toml
+++ b/harmony-rs/Cargo.toml
@@ -18,6 +18,8 @@ derive-new = "0.7.0"
 async-trait = "0.1.82"
 tokio = { version = "1.40.0", features = ["io-std"] }
 cidr = "0.2.3"
-xml_dom = "0.2.8"
 russh = "0.45.0"
 russh-keys = "0.45.0"
+
+#[workspace.target.x86_64-unknown-linux-gnu]
+#rustflags = ["-C", "link-arg=-fuse-ld=mold"]
diff --git a/harmony-rs/harmony/Cargo.toml b/harmony-rs/harmony/Cargo.toml
index 5917bdf..8029cf1 100644
--- a/harmony-rs/harmony/Cargo.toml
+++ b/harmony-rs/harmony/Cargo.toml
@@ -17,4 +17,4 @@ log = { workspace = true }
 env_logger = { workspace = true }
 async-trait = { workspace = true }
 cidr = { workspace = true }
-xml_dom = { workspace = true }
+opnsense-config = { path = "../opnsense-config" }
diff --git a/harmony-rs/harmony/src/domain/topology/mod.rs b/harmony-rs/harmony/src/domain/topology/mod.rs
index bd4a172..bfb9c96 100644
--- a/harmony-rs/harmony/src/domain/topology/mod.rs
+++ b/harmony-rs/harmony/src/domain/topology/mod.rs
@@ -22,6 +22,7 @@ pub struct HAClusterTopology {
 }
 
 pub type IpAddress = IpAddr;
+
 /// Represents a logical member of a cluster that provides one or more services.
 ///
 /// A LogicalHost can represent various roles within the infrastructure, such as:
diff --git a/harmony-rs/harmony/src/domain/topology/network.rs b/harmony-rs/harmony/src/domain/topology/network.rs
index 8096af9..be55f37 100644
--- a/harmony-rs/harmony/src/domain/topology/network.rs
+++ b/harmony-rs/harmony/src/domain/topology/network.rs
@@ -1,3 +1,5 @@
+use std::net::Ipv4Addr;
+
 use async_trait::async_trait;
 
 use crate::executors::ExecutorError;
@@ -8,12 +10,15 @@ use super::{IpAddress, LogicalHost};
 pub struct DHCPStaticEntry {
     pub name: String,
     pub mac: MacAddress,
-    pub ip: IpAddress,
+    pub ip: Ipv4Addr,
 }
 
 impl std::fmt::Display for DHCPStaticEntry {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        f.write_fmt(format_args!("DHCPStaticEntry : name {}, mac {}, ip {}", self.name, self.mac, self.ip))
+        f.write_fmt(format_args!(
+            "DHCPStaticEntry : name {}, mac {}, ip {}",
+            self.name, self.mac, self.ip
+        ))
     }
 }
 
@@ -57,7 +62,11 @@ pub trait DnsServer: Send + Sync {
         record_type: DnsRecordType,
         value: &str,
     ) -> Result<(), ExecutorError>;
-    fn remove_record(&mut self, name: &str, record_type: DnsRecordType) -> Result<(), ExecutorError>;
+    fn remove_record(
+        &mut self,
+        name: &str,
+        record_type: DnsRecordType,
+    ) -> Result<(), ExecutorError>;
     fn list_records(&self) -> Vec<DnsRecord>;
     fn get_ip(&self) -> IpAddress;
     fn get_host(&self) -> LogicalHost;
@@ -98,11 +107,21 @@ pub struct MacAddress(pub [u8; 6]);
 // MacAddress::from!("00:90:7f:df:2c:23"),
 
 impl MacAddress {
+    #[cfg(test)]
     pub fn dummy() -> Self {
         Self([0, 0, 0, 0, 0, 0])
     }
 }
 
+impl From<&MacAddress> for String {
+    fn from(value: &MacAddress) -> Self {
+        format!(
+            "{}:{}:{}:{}:{}:{}",
+            value.0[0], value.0[1], value.0[2], value.0[3], value.0[4], value.0[5]
+        )
+    }
+}
+
 impl std::fmt::Display for MacAddress {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         f.write_fmt(format_args!(
diff --git a/harmony-rs/harmony/src/infra/opnsense/config.rs b/harmony-rs/harmony/src/infra/opnsense/config.rs
deleted file mode 100644
index 309e59d..0000000
--- a/harmony-rs/harmony/src/infra/opnsense/config.rs
+++ /dev/null
@@ -1,43 +0,0 @@
-use crate::executors::ExecutorError;
-
-pub struct OPNSenseXmlConfigEditor;
-
-impl OPNSenseXmlConfigEditor {
-    pub(crate) async fn add(vec: Vec<&str>, xml_entry: &str) -> Result<(), ExecutorError>{
-        todo!()
-    }
-}
-
-#[cfg(test)]
-mod test {
-    use std::fs;
-    use std::io::{BufReader, Read};
-    use std::process::Command;
-
-    use xml_dom::parser::read_xml;
-
-    // #[test]
-    // fn should_not_alter_config() {
-    //     let path = "./private_repos/affilium_mcd/private/config.xml";
-    //     //  TODO
-    //     //  Load file to string
-    //     //  Parse with minidom (ex: `let root: Element = file_str.parse().unwrap()`)
-    //     //  save file with suffix name
-    //     //  Verify that file is still identical with md5sum after removing indentation
-    // }
-
-    #[test]
-    fn should_not_alter_config() {
-        let path = "/home/jeangab/work/nationtech/harmony/harmony-rs/affilium_mcd/private/config.xml";
-        let output_path = format!("{}.test_output", path);
-
-        // Load file to string
-        let file_str = fs::read_to_string(path).expect("Failed to read file");
-
-        // Parse with minidom
-        let root = read_xml(&file_str).unwrap();
-
-        assert_eq!(&root.to_string(), &file_str);
-    }
-
-}
diff --git a/harmony-rs/harmony/src/infra/opnsense/mod.rs b/harmony-rs/harmony/src/infra/opnsense/mod.rs
index fd7bd6c..66b00e6 100644
--- a/harmony-rs/harmony/src/infra/opnsense/mod.rs
+++ b/harmony-rs/harmony/src/infra/opnsense/mod.rs
@@ -1,18 +1,21 @@
 mod management;
-mod config;
+use std::sync::{Arc, Mutex, RwLock, RwLockWriteGuard};
+
 use async_trait::async_trait;
+use log::debug;
 pub use management::*;
 
 use crate::{
-    executors::ExecutorError, infra::opnsense::config::OPNSenseXmlConfigEditor, topology::{
+    executors::ExecutorError,
+    topology::{
         Backend, DHCPStaticEntry, DhcpServer, DnsServer, Firewall, FirewallRule, Frontend,
         IpAddress, LoadBalancer, LogicalHost,
-    }
+    },
 };
-use derive_new::new;
 
-#[derive(new, Clone)]
+#[derive(Clone)]
 pub struct OPNSenseFirewall {
+    opnsense_config: Arc<RwLock<opnsense_config::Config>>,
     host: LogicalHost,
     cluster_nic_name: String,
 }
@@ -22,6 +25,20 @@ impl OPNSenseFirewall {
         self.host.ip
     }
 
+    pub async fn new(
+        host: LogicalHost,
+        cluster_nic_name: &str,
+        username: &str,
+        password: &str,
+    ) -> Self {
+        Self {
+            opnsense_config: Arc::new(RwLock::new(
+                opnsense_config::Config::from_credentials(host.ip, username, password).await,
+            )),
+            host,
+            cluster_nic_name: cluster_nic_name.into(),
+        }
+    }
 }
 
 impl Firewall for OPNSenseFirewall {
@@ -81,27 +98,17 @@ impl LoadBalancer for OPNSenseFirewall {
 #[async_trait]
 impl DhcpServer for OPNSenseFirewall {
     async fn add_static_mapping(&self, entry: &DHCPStaticEntry) -> Result<(), ExecutorError> {
-        let mac = &entry.mac;
-        let name = &entry.name;
-        let ip = &entry.ip;
+        let mac: String = String::from(&entry.mac);
 
-        let xml_entry = format!(
-            "<staticmap>
-          <mac>{mac}</mac>
-          <ipaddr>{ip}</ipaddr>
-          <hostname>{name}</hostname>
-          <descr>{name}</descr>
-          <winsserver/>
-          <dnsserver/>
-          <ntpserver/>
-        </staticmap>"
-        );
-        // XML Path : <opnsense><dhcpd><DHCPD_INTERFACE_NAME><staticmap>
-        OPNSenseXmlConfigEditor::add(
-            vec!["opnsense", "dhcpd", &self.cluster_nic_name, "staticmap"],
-            &xml_entry,
-        ).await?;
-        todo!("Register {:?}", entry)
+        {
+            let mut writable_opnsense = self.opnsense_config.write().unwrap();
+            writable_opnsense
+                .dhcp()
+                .add_static_mapping(&mac, entry.ip, &entry.name).unwrap();
+        }
+
+        debug!("Registered {:?}", entry);
+        Ok(())
     }
 
     async fn remove_static_mapping(
@@ -122,6 +129,7 @@ impl DhcpServer for OPNSenseFirewall {
         self.host.clone()
     }
 }
+
 impl DnsServer for OPNSenseFirewall {
     fn add_record(
         &mut self,
diff --git a/harmony-rs/harmony/src/modules/dhcp.rs b/harmony-rs/harmony/src/modules/dhcp.rs
index 246576b..37e49cb 100644
--- a/harmony-rs/harmony/src/modules/dhcp.rs
+++ b/harmony-rs/harmony/src/modules/dhcp.rs
@@ -1,4 +1,4 @@
-use std::sync::Arc;
+use std::{net::Ipv4Addr, sync::Arc};
 
 use async_trait::async_trait;
 use derive_new::new;
@@ -120,10 +120,17 @@ impl Interpret for DhcpInterpret {
             .score
             .host_binding
             .iter()
-            .map(|binding| DHCPStaticEntry {
-                name: binding.logical_host.name.clone(),
-                mac: binding.physical_host.cluster_mac(),
-                ip: binding.logical_host.ip,
+            .map(|binding| {
+                let ip = match binding.logical_host.ip {
+                    std::net::IpAddr::V4(ipv4) => ipv4,
+                    std::net::IpAddr::V6(_) => unimplemented!("DHCPStaticEntry only supports ipv4 at the moment"),
+                };
+
+                DHCPStaticEntry {
+                    name: binding.logical_host.name.clone(),
+                    mac: binding.physical_host.cluster_mac(),
+                    ip,
+                }
             })
             .collect();
         info!("DHCPStaticEntry : {:?}", dhcp_entries);
@@ -136,6 +143,7 @@ impl Interpret for DhcpInterpret {
                 Err(_) => todo!(),
             }
         }
+
         todo!("Configure DHCPServer");
 
         Ok(Outcome::new(
diff --git a/harmony-rs/opnsense-config-xml/Cargo.toml b/harmony-rs/opnsense-config-xml/Cargo.toml
index a193f0c..3b28dcb 100644
--- a/harmony-rs/opnsense-config-xml/Cargo.toml
+++ b/harmony-rs/opnsense-config-xml/Cargo.toml
@@ -20,3 +20,6 @@ tokio = { workspace = true }
 
 [dev-dependencies]
 pretty_assertions = "1.4.1"
+
+[target.x86_64-unknown-linux-gnu]
+rustflags = ["-C", "link-arg=-fuse-ld=mold"]
diff --git a/harmony-rs/opnsense-config/src/config/config.rs b/harmony-rs/opnsense-config/src/config/config.rs
index 29dbd29..b38fa29 100644
--- a/harmony-rs/opnsense-config/src/config/config.rs
+++ b/harmony-rs/opnsense-config/src/config/config.rs
@@ -1,8 +1,9 @@
-use std::sync::Arc;
+use std::{net::Ipv4Addr, sync::Arc, time::Duration};
 
-use crate::{error::Error, modules::dhcp::DhcpConfig};
+use crate::{config::{SshConfigManager, SshCredentials, SshOPNSenseShell}, error::Error, modules::dhcp::DhcpConfig};
 use log::trace;
 use opnsense_config_xml::OPNsense;
+use russh::client;
 
 use super::{ConfigManager, OPNsenseShell};
 
@@ -39,6 +40,27 @@ impl Config {
             .apply_new_config(&self.opnsense.to_xml())
             .await
     }
+
+    pub async fn from_credentials(ipaddr: std::net::IpAddr, username: &str, password: &str) -> Self {
+        let config = Arc::new(client::Config {
+            inactivity_timeout: Some(Duration::from_secs(5)),
+            ..<_>::default()
+        });
+
+        let credentials = SshCredentials::Password {
+            username: String::from(username),
+            password: String::from(password),
+        };
+
+        let shell = Arc::new(SshOPNSenseShell::new(
+            (ipaddr, 22),
+            credentials,
+            config,
+        ));
+        let manager = Arc::new(SshConfigManager::new(shell.clone()));
+
+        Config::new(manager, shell).await.unwrap()
+    }
 }
 
 #[cfg(test)]
diff --git a/harmony-rs/opnsense-config/src/config/manager/mod.rs b/harmony-rs/opnsense-config/src/config/manager/mod.rs
index 4ac2142..42f95ca 100644
--- a/harmony-rs/opnsense-config/src/config/manager/mod.rs
+++ b/harmony-rs/opnsense-config/src/config/manager/mod.rs
@@ -7,7 +7,7 @@ pub use local_file::*;
 use crate::Error;
 
 #[async_trait]
-pub trait ConfigManager: std::fmt::Debug {
+pub trait ConfigManager: std::fmt::Debug + Send + Sync {
     async fn load_as_str(&self) -> Result<String, Error>;
     async fn apply_new_config(&self, content: &str) -> Result<(), Error>;
 }
diff --git a/harmony-rs/opnsense-config/src/config/shell/ssh.rs b/harmony-rs/opnsense-config/src/config/shell/ssh.rs
index 62ff391..453231c 100644
--- a/harmony-rs/opnsense-config/src/config/shell/ssh.rs
+++ b/harmony-rs/opnsense-config/src/config/shell/ssh.rs
@@ -1,5 +1,5 @@
 use std::{
-    net::Ipv4Addr,
+    net::IpAddr,
     sync::Arc,
     time::{SystemTime, UNIX_EPOCH},
 };
@@ -20,7 +20,7 @@ use super::OPNsenseShell;
 
 #[derive(Debug)]
 pub struct SshOPNSenseShell {
-    host: (Ipv4Addr, u16),
+    host: (IpAddr, u16),
     credentials: SshCredentials,
     ssh_config: Arc<Config>,
 }
@@ -78,11 +78,7 @@ impl SshOPNSenseShell {
         wait_for_completion(&mut channel).await
     }
 
-    pub fn new(
-        host: (Ipv4Addr, u16),
-        credentials: SshCredentials,
-        ssh_config: Arc<Config>,
-    ) -> Self {
+    pub fn new(host: (IpAddr, u16), credentials: SshCredentials, ssh_config: Arc<Config>) -> Self {
         Self {
             host,
             credentials,
diff --git a/harmony-rs/opnsense-config/src/lib.rs b/harmony-rs/opnsense-config/src/lib.rs
index 00a411b..59a378e 100644
--- a/harmony-rs/opnsense-config/src/lib.rs
+++ b/harmony-rs/opnsense-config/src/lib.rs
@@ -6,15 +6,10 @@ pub use config::Config;
 pub use error::Error;
 #[cfg(test)]
 mod test {
-    use config::SshConfigManager;
     use opnsense_config_xml::StaticMap;
-    use russh::client;
-    use std::{net::Ipv4Addr, sync::Arc, time::Duration};
+    use std::net::Ipv4Addr;
 
-    use crate::{
-        config::{self, SshCredentials, SshOPNSenseShell},
-        Config,
-    };
+    use crate::Config;
     use pretty_assertions::assert_eq;
 
     #[tokio::test]
@@ -38,23 +33,7 @@ mod test {
     }
 
     async fn initialize_config() -> Config {
-        let config = Arc::new(client::Config {
-            inactivity_timeout: Some(Duration::from_secs(5)),
-            ..<_>::default()
-        });
-
-        let credentials = SshCredentials::Password {
-            username: String::from("root"),
-            password: String::from("opnsense"),
-        };
-
-        let shell = Arc::new(SshOPNSenseShell::new(
-            (Ipv4Addr::new(192, 168, 5, 229), 22),
-            credentials,
-            config,
-        ));
-        let manager = Arc::new(SshConfigManager::new(shell.clone()));
-        Config::new(manager, shell).await.unwrap()
+        Config::from_credentials(Ipv4Addr::new(192, 168, 5, 229), "root", "opnsense").await
     }
 
     async fn get_static_mappings() -> Vec<StaticMap> {