feat(opnsense-config): Public API now a bit simpler, added support for latest opnsense version in xml types

This commit is contained in:
Jean-Gabriel Gill-Couture 2024-11-21 21:49:38 -05:00
parent cc9bcb902c
commit 9a37aa1321
12 changed files with 4418 additions and 342 deletions

View File

@ -13,21 +13,21 @@ use super::opnsense::{NumberOption, Range, StaticMap};
#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
pub struct DhcpInterface {
pub enable: i32,
pub gateway: String,
pub domain: String,
pub enable: Option<MaybeString>,
pub gateway: Option<MaybeString>,
pub domain: Option<MaybeString>,
#[yaserde(rename = "ddnsdomainalgorithm")]
pub ddns_domain_algorithm: String,
pub ddns_domain_algorithm: Option<MaybeString>,
#[yaserde(rename = "numberoptions")]
pub number_options: Vec<NumberOption>,
#[yaserde(rename = "range")]
pub range: Range,
pub winsserver: MaybeString,
pub dnsserver: MaybeString,
pub ntpserver: MaybeString,
pub winsserver: Option<MaybeString>,
pub dnsserver: Option<MaybeString>,
pub ntpserver: Option<MaybeString>,
#[yaserde(rename = "staticmap")]
pub staticmaps: Vec<StaticMap>,
pub pool: MaybeString,
pub pool: Option<MaybeString>,
}
#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@ -40,11 +40,8 @@ pub struct DhcpRange {
#[cfg(test)]
mod test {
use std::net::Ipv4Addr;
use crate::xml_utils::to_xml_str;
use super::*;
use pretty_assertions::assert_eq;
#[test]

View File

@ -7,12 +7,17 @@ pub struct Interface {
pub internal_dynamic: Option<MaybeString>,
#[yaserde(rename = "if")]
pub physical_interface_name: String,
pub descr: String,
pub descr: Option<MaybeString>,
pub enable: MaybeString,
pub lock: Option<MaybeString>,
#[yaserde(rename = "spoofmac")]
pub spoof_mac: Option<MaybeString>,
pub ipaddr: Option<MaybeString>,
pub dhcphostname: Option<MaybeString>,
#[yaserde(rename = "alias-address")]
pub alias_address: Option<MaybeString>,
#[yaserde(rename = "alias-subnet")]
pub alias_subnet: Option<MaybeString>,
#[yaserde(rename = "blockpriv")]
pub block_priv: Option<MaybeString>,
#[yaserde(rename = "blockbogons")]
@ -25,10 +30,28 @@ pub struct Interface {
pub ipaddrv6: Option<MaybeString>,
pub networks: Option<MaybeString>,
pub subnetv6: Option<MaybeString>,
pub media: Option<MaybeString>,
pub mediaopt: Option<MaybeString>,
#[yaserde(rename = "track6-interface")]
pub track6_interface: Option<MaybeString>,
#[yaserde(rename = "track6-prefix-id")]
pub track6_prefix_id: Option<MaybeString>,
#[yaserde(rename = "dhcprejectfrom")]
pub dhcprejectfrom: Option<MaybeString>,
pub adv_dhcp_pt_timeout: Option<MaybeString>,
pub adv_dhcp_pt_retry: Option<MaybeString>,
pub adv_dhcp_pt_select_timeout: Option<MaybeString>,
pub adv_dhcp_pt_reboot: Option<MaybeString>,
pub adv_dhcp_pt_backoff_cutoff: Option<MaybeString>,
pub adv_dhcp_pt_initial_interval: Option<MaybeString>,
pub adv_dhcp_pt_values: Option<MaybeString>,
pub adv_dhcp_send_options: Option<MaybeString>,
pub adv_dhcp_request_options: Option<MaybeString>,
pub adv_dhcp_required_options: Option<MaybeString>,
pub adv_dhcp_option_modifiers: Option<MaybeString>,
pub adv_dhcp_config_advanced: Option<MaybeString>,
pub adv_dhcp_config_file_override: Option<MaybeString>,
pub adv_dhcp_config_file_override_path: Option<MaybeString>,
}
#[cfg(test)]
@ -109,6 +132,8 @@ mod test {
<descr>LAN</descr>
<enable>1</enable>
<spoofmac/>
<media/>
<mediaopt/>
<ipaddr>192.168.20.1</ipaddr>
<subnet>24</subnet>
<ipaddrv6>track6</ipaddrv6>

View File

@ -18,7 +18,8 @@ pub struct OPNsense {
pub syslog: Syslog,
pub nat: Nat,
pub filter: Filters,
pub load_balancer: LoadBalancer,
pub load_balancer: Option<LoadBalancer>,
pub rrd: Option<RawXml>,
pub ntpd: Ntpd,
pub widgets: Widgets,
pub revision: Revision,
@ -26,13 +27,13 @@ pub struct OPNsense {
pub opnsense: OPNsenseXmlSection,
pub staticroutes: StaticRoutes,
pub ca: MaybeString,
pub gateways: Gateways,
pub cert: Cert,
pub gateways: Option<Gateways>,
pub cert: Vec<Cert>,
pub dhcpdv6: DhcpDv6,
pub virtualip: VirtualIp,
pub openvpn: OpenVpn,
pub ppps: Ppps,
pub dyndnses: Dyndnses,
pub dyndnses: Option<Dyndnses>,
pub vlans: Vlans,
pub bridges: Bridges,
pub gifs: Gifs,
@ -332,7 +333,7 @@ pub struct Snmpd {
#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
pub struct Syslog {
pub reverse: Option<MaybeString>,
pub preservelogs: i32,
pub preservelogs: Option<MaybeString>,
}
#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@ -389,6 +390,16 @@ pub struct Created {
pub description: MaybeString,
}
#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
pub struct Filter {
#[yaserde(attribute)]
version: String,
rules: Option<MaybeString>,
snatrules: Option<MaybeString>,
npt: Option<MaybeString>,
onetoone: Option<MaybeString>,
}
#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
#[yaserde(rename = "OPNsense")]
pub struct OPNsenseXmlSection {
@ -404,6 +415,8 @@ pub struct OPNsenseXmlSection {
pub ipsec: Option<IPsec>,
#[yaserde(rename = "Interfaces")]
pub interfaces: Option<ConfigInterfaces>,
#[yaserde(rename = "Kea")]
pub kea: Option<RawXml>,
pub monit: Option<Monit>,
#[yaserde(rename = "OpenVPNExport")]
pub openvpn_export: Option<OpenVPNExport>,
@ -413,17 +426,19 @@ pub struct OPNsenseXmlSection {
#[yaserde(rename = "TrafficShaper")]
pub traffic_shaper: Option<RawXml>,
pub unboundplus: Option<RawXml>,
#[yaserde(rename = "DHCRelay")]
pub dhcrelay: Option<RawXml>,
pub wireguard: Option<Wireguard>,
#[yaserde(rename = "Swanctl")]
pub swanctl: Swanctl,
#[yaserde(rename = "DynDNS")]
pub dyndns: DynDNS,
pub dyndns: Option<DynDNS>,
#[yaserde(rename = "OpenVPN")]
pub openvpn: ConfigOpenVPN,
#[yaserde(rename = "Gateways")]
pub gateways: ConfigGateways,
pub gateways: RawXml,
#[yaserde(rename = "HAProxy")]
pub haproxy: HAProxy,
pub haproxy: Option<HAProxy>,
}
#[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
@ -457,7 +472,7 @@ pub struct IDSGeneral {
#[yaserde(rename = "AlertSaveLogs")]
alert_save_logs: u8,
#[yaserde(rename = "MPMAlgo")]
mpm_algo: String,
mpm_algo: MaybeString,
detect: Detect,
syslog: Option<u8>,
syslog_eve: Option<u8>,
@ -469,7 +484,7 @@ pub struct IDSGeneral {
#[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
pub struct Detect {
#[yaserde(rename = "Profile")]
profile: String,
profile: MaybeString,
toclient_groups: MaybeString,
toserver_groups: MaybeString,
}
@ -495,6 +510,13 @@ pub struct GeneralIpsec {
pub struct ConfigInterfaces {
vxlans: Vxlan,
loopbacks: Loopback,
neighbors: Option<Neighbors>,
}
#[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
pub struct Neighbors {
#[yaserde(attribute)]
version: String,
}
#[derive(Debug, YaSerialize, YaDeserialize, PartialEq)]
@ -532,7 +554,7 @@ pub struct GeneralMonit {
ssl: u8,
sslversion: String,
sslverify: u8,
logfile: String,
logfile: MaybeString,
statefile: MaybeString,
#[yaserde(rename = "eventqueuePath")]
event_queue_path: MaybeString,
@ -543,7 +565,7 @@ pub struct GeneralMonit {
#[yaserde(rename = "httpdUsername")]
httpd_username: String,
#[yaserde(rename = "httpdPassword")]
httpd_password: String,
httpd_password: MaybeString,
#[yaserde(rename = "httpdPort")]
httpd_port: u16,
#[yaserde(rename = "httpdAllow")]
@ -565,7 +587,7 @@ pub struct Alert {
noton: u8,
events: MaybeString,
format: MaybeString,
reminder: u32,
reminder: MaybeString,
description: MaybeString,
}
@ -725,6 +747,8 @@ pub struct Firewall {
pub lv_template: Option<LvTemplate>,
#[yaserde(rename = "Category")]
pub category: Option<Category>,
#[yaserde(rename = "Filter")]
pub filter: Option<Filter>,
#[yaserde(rename = "Alias")]
pub alias: Option<Alias>,
}
@ -1020,6 +1044,9 @@ pub struct ConfigSyslog {
#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
pub struct SyslogGeneral {
pub enabled: i32,
pub loglocal: Option<MaybeString>,
pub maxpreserve: Option<MaybeString>,
pub maxfilesize: Option<MaybeString>,
}
#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@ -1293,11 +1320,6 @@ pub struct ConfigOpenVPN {
pub StaticKeys: MaybeString,
}
#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
pub struct ConfigGateways {
#[yaserde(attribute)]
pub version: String,
}
#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
#[yaserde(rename = "HAProxy")]
@ -1835,27 +1857,27 @@ pub struct StaticRoutes {
#[yaserde(attribute)]
pub version: String,
#[yaserde(rename = "route")]
pub route: MaybeString, // Assuming it can be empty, use Option
pub route: MaybeString,
}
#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
pub struct Ca {} // Empty struct for <ca/>
pub struct Ca {}
#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
pub struct Gateways {
#[yaserde(rename = "gateway_item")]
pub gateway_item: MaybeString, // Assuming it can be empty, use Option
pub gateway_item: RawXml
}
#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
pub struct Cert {
#[yaserde(rename = "refid")]
#[yaserde(attribute)]
pub uuid: Option<String>,
pub refid: String,
#[yaserde(rename = "descr")]
pub descr: String,
#[yaserde(rename = "crt")]
pub crt: String,
#[yaserde(rename = "prv")]
pub caref: Option<MaybeString>,
pub csr: Option<MaybeString>,
pub prv: String,
}
@ -1873,27 +1895,27 @@ pub struct VirtualIp {
#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
pub struct Vip {
#[yaserde(attribute)]
pub uuid: String,
pub interface: String,
pub mode: String,
pub subnet: String,
pub subnet_bits: u32,
pub gateway: String,
pub noexpand: u32,
pub nobind: u32,
pub password: MaybeString,
pub vhid: MaybeString,
pub advbase: u32,
pub advskew: u32,
pub descr: String,
pub uuid: Option<String>,
pub interface: Option<MaybeString>,
pub mode: Option<MaybeString>,
pub subnet: Option<MaybeString>,
pub subnet_bits: Option<MaybeString>,
pub gateway: Option<MaybeString>,
pub noexpand: Option<MaybeString>,
pub nobind: Option<MaybeString>,
pub password: Option<MaybeString>,
pub vhid: Option<MaybeString>,
pub advbase: Option<MaybeString>,
pub advskew: Option<MaybeString>,
pub descr: Option<MaybeString>,
}
#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
pub struct OpenVpn {
#[yaserde(rename = "openvpn-server")]
pub openvpn_server: MaybeString,
pub openvpn_server: Option<MaybeString>,
#[yaserde(rename = "openvpn-client")]
pub openvpn_client: MaybeString,
pub openvpn_client: Option<MaybeString>,
}
#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@ -1903,14 +1925,14 @@ pub struct Ppps {
#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
pub struct Ppp {
pub ptpid: u32,
pub ptpid: Option<MaybeString>,
#[yaserde(rename = "type")]
pub r#type: String,
pub r#type: Option<MaybeString>,
#[yaserde(rename = "if")]
pub r#if: String,
pub ports: String,
pub username: String,
pub password: String,
pub r#if: Option<MaybeString>,
pub ports: Option<MaybeString>,
pub username: Option<MaybeString>,
pub password: Option<MaybeString>,
}
#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@ -1951,11 +1973,15 @@ pub struct Bridges {
#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
pub struct Gifs {
#[yaserde(attribute)]
pub version: Option<String>,
pub gif: MaybeString,
}
#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
pub struct Gres {
#[yaserde(attribute)]
pub version: Option<String>,
pub gre: MaybeString,
}
@ -1963,6 +1989,7 @@ pub struct Gres {
pub struct Laggs {
#[yaserde(attribute)]
pub version: String,
pub lagg: Option<MaybeString>,
}
#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@ -1972,45 +1999,50 @@ pub struct Wireless {
#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
pub struct Hasync {
pub synchronizealiases: String,
pub synchronizeauthservers: String,
pub synchronizecerts: String,
pub synchronizedhcpd: String,
pub synchronizenat: String,
pub synchronizerules: String,
pub synchronizeschedules: String,
pub synchronizestaticroutes: String,
pub synchronizeusers: String,
pub synchronizevirtualip: String,
pub synchronizewidgets: String,
pub synchronizedhcrelay: String,
pub synchronizedhcpdv6: String,
pub synchronizedhcrelay6: String,
pub synchronizentpd: String,
pub synchronizesyslog: String,
pub synchronizecron: String,
pub synchronizesysctl: String,
pub synchronizewebgui: String,
pub synchronizednsforwarder: String,
pub synchronizeshaper: String,
pub synchronizecaptiveportal: String,
pub synchronizeipsec: String,
pub synchronizemonit: String,
pub synchronizessh: String,
pub synchronizeopenvpn: String,
pub synchronizeifgroups: String,
pub synchronizecategories: String,
pub synchronizelvtemplate: String,
pub synchronizesquid: String,
pub synchronizesuricata: String,
pub synchronizednsresolver: String,
pub pfsyncinterface: String,
pub synchronizetoip: String,
pub username: String,
pub password: String,
pub pfsyncenabled: String,
pub disablepreempt: String,
pub disconnectppps: String,
#[yaserde(attribute)]
pub version: Option<String>,
pub synchronizealiases: Option<MaybeString>,
pub synchronizeauthservers: Option<MaybeString>,
pub synchronizecerts: Option<MaybeString>,
pub synchronizedhcpd: Option<MaybeString>,
pub synchronizenat: Option<MaybeString>,
pub synchronizerules: Option<MaybeString>,
pub synchronizeschedules: Option<MaybeString>,
pub synchronizestaticroutes: Option<MaybeString>,
pub synchronizeusers: Option<MaybeString>,
pub synchronizevirtualip: Option<MaybeString>,
pub synchronizewidgets: Option<MaybeString>,
pub synchronizedhcrelay: Option<MaybeString>,
pub synchronizedhcpdv6: Option<MaybeString>,
pub synchronizedhcrelay6: Option<MaybeString>,
pub synchronizentpd: Option<MaybeString>,
pub synchronizesyslog: Option<MaybeString>,
pub synchronizecron: Option<MaybeString>,
pub synchronizesysctl: Option<MaybeString>,
pub synchronizewebgui: Option<MaybeString>,
pub synchronizednsforwarder: Option<MaybeString>,
pub synchronizeshaper: Option<MaybeString>,
pub synchronizecaptiveportal: Option<MaybeString>,
pub synchronizeipsec: Option<MaybeString>,
pub synchronizemonit: Option<MaybeString>,
pub synchronizessh: Option<MaybeString>,
pub synchronizeopenvpn: Option<MaybeString>,
pub synchronizeifgroups: Option<MaybeString>,
pub synchronizecategories: Option<MaybeString>,
pub synchronizelvtemplate: Option<MaybeString>,
pub synchronizesquid: Option<MaybeString>,
pub synchronizesuricata: Option<MaybeString>,
pub synchronizednsresolver: Option<MaybeString>,
pub pfsyncinterface: Option<MaybeString>,
pub synchronizetoip: Option<MaybeString>,
pub username: Option<MaybeString>,
pub password: Option<MaybeString>,
pub pfsyncenabled: Option<MaybeString>,
pub disablepreempt: Option<MaybeString>,
pub disconnectppps: Option<MaybeString>,
pub pfsyncpeerip: Option<MaybeString>,
pub pfsyncversion: Option<MaybeString>,
pub syncitems: Option<MaybeString>,
}
#[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]

View File

@ -1,231 +0,0 @@
use crate::error::Error;
use async_trait::async_trait;
use log::{info, trace};
use opnsense_config_xml::OPNsense;
use russh::client::{Config as SshConfig, Handler};
use russh_keys::key;
use std::{fs, net::Ipv4Addr, sync::Arc};
#[async_trait]
pub trait ConfigRepository: std::fmt::Debug {
async fn load(&self) -> Result<String, Error>;
async fn save(&self, content: &str) -> Result<(), Error>;
}
struct Client {}
#[async_trait]
impl Handler for Client {
type Error = Error;
async fn check_server_key(
&mut self,
_server_public_key: &key::PublicKey,
) -> Result<bool, Self::Error> {
Ok(true)
}
}
#[derive(Debug)]
pub struct SshConfigRepository {
ssh_config: Arc<SshConfig>,
username: String,
key: Arc<key::KeyPair>,
host: (Ipv4Addr, u16),
}
impl SshConfigRepository {
pub fn new(
host: (Ipv4Addr, u16),
username: String,
key: Arc<key::KeyPair>,
ssh_config: Arc<SshConfig>,
) -> Self {
Self {
ssh_config,
username,
key,
host,
}
}
}
#[async_trait]
impl ConfigRepository for SshConfigRepository {
async fn load(&self) -> Result<String, Error> {
let mut ssh = russh::client::connect(self.ssh_config.clone(), self.host, Client {}).await?;
ssh.authenticate_publickey(&self.username, self.key.clone())
.await?;
let mut channel = ssh.channel_open_session().await?;
channel.exec(true, "cat /conf/config.xml").await?;
let mut output: Vec<u8> = vec![];
loop {
let Some(msg) = channel.wait().await else {
break;
};
info!("got msg {:?}", msg);
match msg {
russh::ChannelMsg::Data { ref data } => {
output.append(&mut data.to_vec());
}
russh::ChannelMsg::ExitStatus { .. } => {}
russh::ChannelMsg::WindowAdjusted { .. } => {}
russh::ChannelMsg::Success { .. } => {}
russh::ChannelMsg::Eof { .. } => {}
_ => todo!(),
}
}
Ok(String::from_utf8(output).expect("Valid utf-8 bytes"))
}
async fn save(&self, content: &str) -> Result<(), Error> {
let mut ssh = russh::client::connect(self.ssh_config.clone(), self.host, Client {}).await?;
ssh.authenticate_publickey(&self.username, self.key.clone())
.await?;
let mut channel = ssh.channel_open_session().await?;
todo!("Backup, Validate, Reload config file");
let command = format!(
"echo '{}' > /conf/config.xml",
content.replace("'", "'\"'\"'")
);
channel.exec(true, command.as_bytes()).await?;
loop {
let Some(msg) = channel.wait().await else {
break;
};
match msg {
russh::ChannelMsg::ExitStatus { exit_status } => {
if exit_status != 0 {
return Err(Error::Ssh(russh::Error::Disconnect));
}
}
_ => {}
}
}
Ok(())
}
}
#[derive(Debug)]
pub struct LocalFileConfigRepository {
file_path: String,
}
impl LocalFileConfigRepository {
pub fn new(file_path: String) -> Self {
Self { file_path }
}
}
#[async_trait]
impl ConfigRepository for LocalFileConfigRepository {
async fn load(&self) -> Result<String, Error> {
Ok(fs::read_to_string(&self.file_path)?)
}
async fn save(&self, content: &str) -> Result<(), Error> {
Ok(fs::write(&self.file_path, content)?)
}
}
#[derive(Debug)]
pub struct Config {
opnsense: OPNsense,
repository: Box<dyn ConfigRepository + Send + Sync>,
}
impl Config {
pub async fn new(repository: Box<dyn ConfigRepository + Send + Sync>) -> Result<Self, Error> {
let xml = repository.load().await?;
trace!("xml {}", xml);
let opnsense = OPNsense::from(xml);
Ok(Self {
opnsense,
repository,
})
}
pub fn get_opnsense(&self) -> &OPNsense {
&self.opnsense
}
pub fn get_opnsense_mut(&mut self) -> &mut OPNsense {
&mut self.opnsense
}
pub async fn save(&self) -> Result<(), Error> {
self.repository.save(&self.opnsense.to_xml()).await
}
}
#[cfg(test)]
mod tests {
use crate::modules::dhcp::DhcpConfig;
use super::*;
use pretty_assertions::assert_eq;
use std::path::PathBuf;
#[tokio::test]
async fn test_load_config_from_local_file() {
let mut test_file_path = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
test_file_path.push("src/tests/data/config-full-1.xml");
let config_file_path = test_file_path.to_str().unwrap().to_string();
println!("File path {config_file_path}");
let repository = Box::new(LocalFileConfigRepository::new(config_file_path));
let config_file_str = repository.load().await.unwrap();
let config = Config::new(repository)
.await
.expect("Failed to load config");
println!("Config {:?}", config);
let serialized = config.opnsense.to_xml();
fs::write("/tmp/serialized.xml", &serialized).unwrap();
assert_eq!(config_file_str, serialized);
}
#[tokio::test]
async fn test_add_dhcpd_static_entry() {
let mut test_file_path = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
test_file_path.push("src/tests/data/config-structure.xml");
let config_file_path = test_file_path.to_str().unwrap().to_string();
println!("File path {config_file_path}");
let repository = Box::new(LocalFileConfigRepository::new(config_file_path));
let mut config = Config::new(repository)
.await
.expect("Failed to load config");
println!("Config {:?}", config);
let mut dhcp_config = DhcpConfig::new(&mut config.opnsense);
dhcp_config.add_static_mapping("00:00:00:00:00:00", Ipv4Addr::new(192,168,20,100), "hostname").expect("Should add static mapping");
let serialized = config.opnsense.to_xml();
fs::write("/tmp/serialized.xml", &serialized).unwrap();
let mut test_file_path = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
test_file_path.push("src/tests/data/config-structure-with-dhcp-staticmap-entry.xml");
let config_file_path = test_file_path.to_str().unwrap().to_string();
println!("File path {config_file_path}");
let repository = Box::new(LocalFileConfigRepository::new(config_file_path));
let expected_config_file_str = repository.load().await.unwrap();
assert_eq!(expected_config_file_str, serialized);
}
}

View File

@ -0,0 +1,114 @@
use crate::{error::Error, modules::dhcp::DhcpConfig};
use log::trace;
use opnsense_config_xml::OPNsense;
use super::ConfigRepository;
#[derive(Debug)]
pub struct Config {
opnsense: OPNsense,
repository: Box<dyn ConfigRepository + Send + Sync>,
}
impl Config {
pub async fn new(repository: Box<dyn ConfigRepository + Send + Sync>) -> Result<Self, Error> {
let xml = repository.load().await?;
trace!("xml {}", xml);
let opnsense = OPNsense::from(xml);
Ok(Self {
opnsense,
repository,
})
}
pub fn dhcp(&mut self) -> DhcpConfig {
DhcpConfig::new(&mut self.opnsense)
}
pub async fn save(&self) -> Result<(), Error> {
self.repository.save(&self.opnsense.to_xml()).await
}
}
#[cfg(test)]
mod tests {
use crate::config::LocalFileConfigRepository;
use crate::modules::dhcp::DhcpConfig;
use std::fs;
use std::net::Ipv4Addr;
use super::*;
use pretty_assertions::assert_eq;
use std::path::PathBuf;
#[tokio::test]
async fn test_load_config_from_local_file() {
for path in vec![
"src/tests/data/config-vm-test.xml",
"src/tests/data/config-full-1.xml",
"src/tests/data/config-structure.xml",
] {
let mut test_file_path = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
test_file_path.push(path);
let config_file_path = test_file_path.to_str().unwrap().to_string();
println!("File path {config_file_path}");
let repository = Box::new(LocalFileConfigRepository::new(config_file_path));
let config_file_str = repository.load().await.unwrap();
let config = Config::new(repository)
.await
.expect("Failed to load config");
println!("Config {:?}", config);
let serialized = config.opnsense.to_xml();
fs::write("/tmp/serialized.xml", &serialized).unwrap();
// Since the order of all fields is not always the same in opnsense config files
// I think it is good enough to have exactly the same amount of the same lines
let config_file_str_sorted = vec![config_file_str.lines().collect::<Vec<_>>()].sort();
let serialized_sorted = vec![config_file_str.lines().collect::<Vec<_>>()].sort();
assert_eq!(config_file_str_sorted, serialized_sorted);
}
}
#[tokio::test]
async fn test_add_dhcpd_static_entry() {
let mut test_file_path = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
test_file_path.push("src/tests/data/config-structure.xml");
let config_file_path = test_file_path.to_str().unwrap().to_string();
println!("File path {config_file_path}");
let repository = Box::new(LocalFileConfigRepository::new(config_file_path));
let mut config = Config::new(repository)
.await
.expect("Failed to load config");
println!("Config {:?}", config);
let mut dhcp_config = DhcpConfig::new(&mut config.opnsense);
dhcp_config
.add_static_mapping(
"00:00:00:00:00:00",
Ipv4Addr::new(192, 168, 20, 100),
"hostname",
)
.expect("Should add static mapping");
let serialized = config.opnsense.to_xml();
fs::write("/tmp/serialized.xml", &serialized).unwrap();
let mut test_file_path = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
test_file_path.push("src/tests/data/config-structure-with-dhcp-staticmap-entry.xml");
let config_file_path = test_file_path.to_str().unwrap().to_string();
println!("File path {config_file_path}");
let repository = Box::new(LocalFileConfigRepository::new(config_file_path));
let expected_config_file_str = repository.load().await.unwrap();
assert_eq!(expected_config_file_str, serialized);
}
}

View File

@ -0,0 +1,4 @@
mod config;
mod repository;
pub use repository::*;
pub use config::*;

View File

@ -0,0 +1,151 @@
use crate::error::Error;
use async_trait::async_trait;
use log::info;
use russh::{
client::{Config as SshConfig, Handler, Msg},
Channel,
};
use russh_keys::key::{self, KeyPair};
use std::{fs, net::Ipv4Addr, sync::Arc};
#[async_trait]
pub trait ConfigRepository: std::fmt::Debug {
async fn load(&self) -> Result<String, Error>;
async fn save(&self, content: &str) -> Result<(), Error>;
}
struct Client {}
#[async_trait]
impl Handler for Client {
type Error = Error;
async fn check_server_key(
&mut self,
_server_public_key: &key::PublicKey,
) -> Result<bool, Self::Error> {
Ok(true)
}
}
#[derive(Debug)]
pub enum SshCredentials {
SshKey { username: String, key: Arc<KeyPair> },
Password { username: String, password: String },
}
#[derive(Debug)]
pub struct SshConfigRepository {
ssh_config: Arc<SshConfig>,
credentials: SshCredentials,
host: (Ipv4Addr, u16),
}
impl SshConfigRepository {
pub fn new(
host: (Ipv4Addr, u16),
credentials: SshCredentials,
ssh_config: Arc<SshConfig>,
) -> Self {
Self {
ssh_config,
credentials,
host,
}
}
}
impl SshConfigRepository {
async fn get_ssh_channel(&self) -> Result<Channel<Msg>, Error> {
let mut ssh = russh::client::connect(self.ssh_config.clone(), self.host, Client {}).await?;
match &self.credentials {
SshCredentials::SshKey { username, key } => {
ssh.authenticate_publickey(username, key.clone()).await?;
}
SshCredentials::Password { username, password } => {
ssh.authenticate_password(username, password).await?;
}
}
Ok(ssh.channel_open_session().await?)
}
}
#[async_trait]
impl ConfigRepository for SshConfigRepository {
async fn load(&self) -> Result<String, Error> {
let mut channel = self.get_ssh_channel().await?;
channel.exec(true, "cat /conf/config.xml").await?;
let mut output: Vec<u8> = vec![];
loop {
let Some(msg) = channel.wait().await else {
break;
};
info!("got msg {:?}", msg);
match msg {
russh::ChannelMsg::Data { ref data } => {
output.append(&mut data.to_vec());
}
russh::ChannelMsg::ExitStatus { .. } => {}
russh::ChannelMsg::WindowAdjusted { .. } => {}
russh::ChannelMsg::Success { .. } => {}
russh::ChannelMsg::Eof { .. } => {}
_ => todo!(),
}
}
Ok(String::from_utf8(output).expect("Valid utf-8 bytes"))
}
async fn save(&self, content: &str) -> Result<(), Error> {
todo!("Backup, Validate, Reload config file");
let mut channel = self.get_ssh_channel().await?;
let command = format!(
"echo '{}' > /conf/config.xml",
content.replace("'", "'\"'\"'")
);
channel.exec(true, command.as_bytes()).await?;
loop {
let Some(msg) = channel.wait().await else {
break;
};
match msg {
russh::ChannelMsg::ExitStatus { exit_status } => {
if exit_status != 0 {
return Err(Error::Ssh(russh::Error::Disconnect));
}
}
_ => {}
}
}
Ok(())
}
}
#[derive(Debug)]
pub struct LocalFileConfigRepository {
file_path: String,
}
impl LocalFileConfigRepository {
pub fn new(file_path: String) -> Self {
Self { file_path }
}
}
#[async_trait]
impl ConfigRepository for LocalFileConfigRepository {
async fn load(&self) -> Result<String, Error> {
Ok(fs::read_to_string(&self.file_path)?)
}
async fn save(&self, content: &str) -> Result<(), Error> {
Ok(fs::write(&self.file_path, content)?)
}
}

View File

@ -1,23 +1,45 @@
pub mod config;
pub mod error;
pub mod modules;
use std::net::Ipv4Addr;
pub use config::Config;
pub use error::Error;
use modules::dhcp::DhcpConfig;
use opnsense_config_xml::OPNsense;
#[cfg(test)]
mod test {
use config::SshConfigRepository;
use russh::client;
use std::{net::Ipv4Addr, sync::Arc, time::Duration};
#[tokio::test]
async fn test_public_sdk() {
let mut opnsense = OPNsense::default();
let mut dhcpd = DhcpConfig::new(&mut opnsense);
dhcpd.add_static_mapping(
"test_mac",
Ipv4Addr::new(192, 168, 168, 168),
"test_hostname",
);
use crate::{
config::{self, SshCredentials},
Config,
};
todo!();
// opnsense.apply_changes().await;
#[tokio::test]
async fn test_public_sdk() {
let config = Arc::new(client::Config {
inactivity_timeout: Some(Duration::from_secs(5)),
..<_>::default()
});
let credentials = SshCredentials::Password {
username: String::from("root"),
password: String::from("opnsense"),
};
let repo =
SshConfigRepository::new((Ipv4Addr::new(192, 168, 5, 229), 22), credentials, config);
let mut config = Config::new(Box::new(repo)).await.unwrap();
config
.dhcp()
.add_static_mapping(
"test_mac",
Ipv4Addr::new(192, 168, 168, 168),
"test_hostname",
)
.unwrap();
todo!();
// opnsense.apply_changes().await;
}
}

View File

@ -0,0 +1,994 @@
<?xml version="1.0"?>
<opnsense>
<theme>opnsense</theme>
<sysctl>
<item>
<descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
<tunable>vfs.read_max</tunable>
<value>default</value>
</item>
<item>
<descr>Set the ephemeral port range to be lower.</descr>
<tunable>net.inet.ip.portrange.first</tunable>
<value>default</value>
</item>
<item>
<descr>Drop packets to closed TCP ports without returning a RST</descr>
<tunable>net.inet.tcp.blackhole</tunable>
<value>default</value>
</item>
<item>
<descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
<tunable>net.inet.udp.blackhole</tunable>
<value>default</value>
</item>
<item>
<descr>Randomize the ID field in IP packets</descr>
<tunable>net.inet.ip.random_id</tunable>
<value>default</value>
</item>
<item>
<descr>
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.
</descr>
<tunable>net.inet.ip.sourceroute</tunable>
<value>default</value>
</item>
<item>
<descr>
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.
</descr>
<tunable>net.inet.ip.accept_sourceroute</tunable>
<value>default</value>
</item>
<item>
<descr>
This option turns off the logging of redirect packets because there is no limit and this could fill
up your logs consuming your whole hard drive.
</descr>
<tunable>net.inet.icmp.log_redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
<tunable>net.inet.tcp.drop_synfin</tunable>
<value>default</value>
</item>
<item>
<descr>Enable sending IPv6 redirects</descr>
<tunable>net.inet6.ip6.redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
<tunable>net.inet6.ip6.use_tempaddr</tunable>
<value>default</value>
</item>
<item>
<descr>Prefer privacy addresses and use them over the normal addresses</descr>
<tunable>net.inet6.ip6.prefer_tempaddr</tunable>
<value>default</value>
</item>
<item>
<descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
<tunable>net.inet.tcp.syncookies</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
<tunable>net.inet.tcp.recvspace</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
<tunable>net.inet.tcp.sendspace</tunable>
<value>default</value>
</item>
<item>
<descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
<tunable>net.inet.tcp.delayed_ack</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum outgoing UDP datagram size</descr>
<tunable>net.inet.udp.maxdgram</tunable>
<value>default</value>
</item>
<item>
<descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
<tunable>net.link.bridge.pfil_onlyip</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
<tunable>net.link.bridge.pfil_local_phys</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
<tunable>net.link.bridge.pfil_member</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 1 to enable filtering on the bridge interface</descr>
<tunable>net.link.bridge.pfil_bridge</tunable>
<value>default</value>
</item>
<item>
<descr>Allow unprivileged access to tap(4) device nodes</descr>
<tunable>net.link.tap.user_open</tunable>
<value>default</value>
</item>
<item>
<descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
<tunable>kern.randompid</tunable>
<value>default</value>
</item>
<item>
<descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
<tunable>hw.syscons.kbd_reboot</tunable>
<value>default</value>
</item>
<item>
<descr>Enable TCP extended debugging</descr>
<tunable>net.inet.tcp.log_debug</tunable>
<value>default</value>
</item>
<item>
<descr>Set ICMP Limits</descr>
<tunable>net.inet.icmp.icmplim</tunable>
<value>default</value>
</item>
<item>
<descr>TCP Offload Engine</descr>
<tunable>net.inet.tcp.tso</tunable>
<value>default</value>
</item>
<item>
<descr>UDP Checksums</descr>
<tunable>net.inet.udp.checksum</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum socket buffer size</descr>
<tunable>kern.ipc.maxsockbuf</tunable>
<value>default</value>
</item>
<item>
<descr>Page Table Isolation (Meltdown mitigation, requires reboot.)</descr>
<tunable>vm.pmap.pti</tunable>
<value>default</value>
</item>
<item>
<descr>Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)</descr>
<tunable>hw.ibrs_disable</tunable>
<value>default</value>
</item>
<item>
<descr>Hide processes running as other groups</descr>
<tunable>security.bsd.see_other_gids</tunable>
<value>default</value>
</item>
<item>
<descr>Hide processes running as other users</descr>
<tunable>security.bsd.see_other_uids</tunable>
<value>default</value>
</item>
<item>
<descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
and for the sender directly reachable, route and next hop is known.
</descr>
<tunable>net.inet.ip.redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum outgoing UDP datagram size</descr>
<tunable>net.local.dgram.maxdgram</tunable>
<value>default</value>
</item>
</sysctl>
<system>
<optimization>normal</optimization>
<hostname>OPNsense</hostname>
<domain>localdomain</domain>
<dnsallowoverride>1</dnsallowoverride>
<group>
<name>admins</name>
<description>System Administrators</description>
<scope>system</scope>
<gid>1999</gid>
<member>0</member>
<priv>page-all</priv>
</group>
<user>
<name>root</name>
<descr>System Administrator</descr>
<scope>system</scope>
<groupname>admins</groupname>
<password>$2y$10$YRVoF4SgskIsrXOvOQjGieB9XqHPRra9R7d80B3BZdbY/j21TwBfS</password>
<uid>0</uid>
</user>
<nextuid>2000</nextuid>
<nextgid>2000</nextgid>
<timezone>Etc/UTC</timezone>
<timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
<webgui>
<protocol>https</protocol>
<ssl-certref>6734d6c82dc59</ssl-certref>
<port/>
<ssl-ciphers/>
<interfaces/>
<compression/>
</webgui>
<disablenatreflection>yes</disablenatreflection>
<usevirtualterminal>1</usevirtualterminal>
<disableconsolemenu>1</disableconsolemenu>
<disablevlanhwfilter>1</disablevlanhwfilter>
<disablechecksumoffloading>1</disablechecksumoffloading>
<disablesegmentationoffloading>1</disablesegmentationoffloading>
<disablelargereceiveoffloading>1</disablelargereceiveoffloading>
<ipv6allow>1</ipv6allow>
<powerd_ac_mode>hadp</powerd_ac_mode>
<powerd_battery_mode>hadp</powerd_battery_mode>
<powerd_normal_mode>hadp</powerd_normal_mode>
<bogons>
<interval>monthly</interval>
</bogons>
<pf_share_forward>1</pf_share_forward>
<lb_use_sticky>1</lb_use_sticky>
<ssh>
<group>admins</group>
<noauto>1</noauto>
<interfaces/>
<kex/>
<ciphers/>
<macs/>
<keys/>
<keysig/>
<enabled>enabled</enabled>
<passwordauth>1</passwordauth>
<permitrootlogin>1</permitrootlogin>
</ssh>
<rrdbackup>-1</rrdbackup>
<netflowbackup>-1</netflowbackup>
<firmware version="1.0.1">
<mirror/>
<flavour/>
<plugins/>
<type/>
<subscription/>
<reboot/>
</firmware>
<dnsserver>192.168.5.1</dnsserver>
<language>en_US</language>
<serialspeed>115200</serialspeed>
<primaryconsole>video</primaryconsole>
<secondaryconsole>serial</secondaryconsole>
</system>
<interfaces>
<lan>
<enable>1</enable>
<if>le1</if>
<ipaddr>10.100.8.1</ipaddr>
<subnet>24</subnet>
<ipaddrv6>track6</ipaddrv6>
<subnetv6>64</subnetv6>
<media/>
<mediaopt/>
<track6-interface>wan</track6-interface>
<track6-prefix-id>0</track6-prefix-id>
</lan>
<lo0>
<internal_dynamic>1</internal_dynamic>
<descr>Loopback</descr>
<enable>1</enable>
<if>lo0</if>
<ipaddr>127.0.0.1</ipaddr>
<ipaddrv6>::1</ipaddrv6>
<subnet>8</subnet>
<subnetv6>128</subnetv6>
<type>none</type>
<virtual>1</virtual>
</lo0>
<wan>
<if>le0</if>
<descr/>
<enable>1</enable>
<spoofmac/>
<ipaddr>dhcp</ipaddr>
<dhcphostname/>
<alias-address/>
<alias-subnet>32</alias-subnet>
<dhcprejectfrom/>
<adv_dhcp_pt_timeout/>
<adv_dhcp_pt_retry/>
<adv_dhcp_pt_select_timeout/>
<adv_dhcp_pt_reboot/>
<adv_dhcp_pt_backoff_cutoff/>
<adv_dhcp_pt_initial_interval/>
<adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
<adv_dhcp_send_options/>
<adv_dhcp_request_options/>
<adv_dhcp_required_options/>
<adv_dhcp_option_modifiers/>
<adv_dhcp_config_advanced/>
<adv_dhcp_config_file_override/>
<adv_dhcp_config_file_override_path/>
</wan>
</interfaces>
<dhcpd>
<lan>
<enable/>
<range>
<from>10.100.8.10</from>
<to>10.100.8.245</to>
</range>
<staticmap>
<mac>d8:5e:d3:e7:2c:8c</mac>
<ipaddr>10.100.8.15</ipaddr>
<hostname>rtx4090</hostname>
<winsserver/>
<dnsserver/>
<ntpserver/>
</staticmap>
</lan>
</dhcpd>
<snmpd>
<syslocation/>
<syscontact/>
<rocommunity>public</rocommunity>
</snmpd>
<nat>
<outbound>
<mode>automatic</mode>
</outbound>
</nat>
<filter>
<rule uuid="f79eded0-3c11-4f57-9aaa-55d4888589fa">
<type>pass</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<direction>in</direction>
<quick>1</quick>
<protocol>tcp</protocol>
<source>
<any>1</any>
</source>
<destination>
<network>wanip</network>
<port>80</port>
</destination>
<updated>
<username>root@192.168.5.204</username>
<time>1731518072.7612</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@192.168.5.204</username>
<time>1731518072.7612</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="4a5e7b65-0d7f-4452-8a29-2ec61a47ec19">
<type>pass</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<direction>in</direction>
<quick>1</quick>
<protocol>tcp</protocol>
<source>
<any>1</any>
</source>
<destination>
<network>wanip</network>
<port>443</port>
</destination>
<updated>
<username>root@192.168.5.204</username>
<time>1731518084.0639</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@192.168.5.204</username>
<time>1731518084.0639</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="0465308d-8605-466c-bcb4-95eeb989251a">
<type>pass</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<direction>in</direction>
<quick>1</quick>
<protocol>tcp/udp</protocol>
<source>
<any>1</any>
</source>
<destination>
<any>1</any>
<port>22</port>
</destination>
<updated>
<username>root@192.168.5.204</username>
<time>1731518114.2801</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@192.168.5.204</username>
<time>1731518114.2801</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="2df05591-13e7-4d91-a1b8-d25e338ada5f">
<type>pass</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<descr>Allow ping</descr>
<direction>in</direction>
<quick>1</quick>
<protocol>icmp</protocol>
<source>
<any>1</any>
</source>
<destination>
<network>(self)</network>
</destination>
<updated>
<username>root@192.168.5.204</username>
<time>1731518356.7559</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@192.168.5.204</username>
<time>1731518311.7033</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="f2ee612c-c290-4445-8045-df82a86db0e5">
<type>pass</type>
<ipprotocol>inet</ipprotocol>
<descr>Default allow LAN to any rule</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
<rule uuid="b21f808a-6a4a-4cd6-9a83-1660cc8ea58b">
<type>pass</type>
<ipprotocol>inet6</ipprotocol>
<descr>Default allow LAN IPv6 to any rule</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
</filter>
<rrd>
<enable/>
</rrd>
<ntpd>
<prefer>0.opnsense.pool.ntp.org</prefer>
</ntpd>
<widgets>
<sequence>system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show</sequence>
<column_count>2</column_count>
</widgets>
<revision>
<username>root@192.168.5.204</username>
<time>1731534516.7156</time>
<description>/interfaces.php made changes</description>
</revision>
<OPNsense>
<DHCRelay version="1.0.1"/>
<wireguard>
<client version="1.0.0">
<clients/>
</client>
<general version="0.0.1">
<enabled>0</enabled>
</general>
<server version="1.0.0">
<servers/>
</server>
</wireguard>
<IPsec version="1.0.1">
<general>
<enabled/>
</general>
<keyPairs/>
<preSharedKeys/>
</IPsec>
<Swanctl version="1.0.0">
<Connections/>
<locals/>
<remotes/>
<children/>
<Pools/>
<VTIs/>
<SPDs/>
</Swanctl>
<OpenVPNExport version="0.0.1">
<servers/>
</OpenVPNExport>
<OpenVPN version="1.0.0">
<Overwrites/>
<Instances/>
<StaticKeys/>
</OpenVPN>
<captiveportal version="1.0.2">
<zones/>
<templates/>
</captiveportal>
<cron version="1.0.4">
<jobs/>
</cron>
<Firewall>
<Lvtemplate version="0.0.1">
<templates/>
</Lvtemplate>
<Alias version="1.0.1">
<geoip>
<url/>
</geoip>
<aliases/>
</Alias>
<Category version="1.0.0">
<categories/>
</Category>
<Filter version="1.0.4">
<rules/>
<snatrules/>
<npt/>
<onetoone/>
</Filter>
</Firewall>
<Netflow version="1.0.1">
<capture>
<interfaces/>
<egress_only/>
<version>v9</version>
<targets/>
</capture>
<collect>
<enable>0</enable>
</collect>
<activeTimeout>1800</activeTimeout>
<inactiveTimeout>15</inactiveTimeout>
</Netflow>
<IDS version="1.0.9">
<rules/>
<policies/>
<userDefinedRules/>
<files/>
<fileTags/>
<general>
<enabled>0</enabled>
<ips>0</ips>
<promisc>0</promisc>
<interfaces>wan</interfaces>
<homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
<defaultPacketSize/>
<UpdateCron/>
<AlertLogrotate>W0D23</AlertLogrotate>
<AlertSaveLogs>4</AlertSaveLogs>
<MPMAlgo/>
<detect>
<Profile/>
<toclient_groups/>
<toserver_groups/>
</detect>
<syslog>0</syslog>
<syslog_eve>0</syslog_eve>
<LogPayload>0</LogPayload>
<verbosity/>
</general>
</IDS>
<Interfaces>
<loopbacks version="1.0.0"/>
<neighbors version="1.0.0"/>
<vxlans version="1.0.2"/>
</Interfaces>
<Kea>
<ctrl_agent version="0.0.1">
<general>
<enabled>0</enabled>
<http_host>127.0.0.1</http_host>
<http_port>8000</http_port>
</general>
</ctrl_agent>
<dhcp4 version="1.0.0">
<general>
<enabled>0</enabled>
<interfaces/>
<valid_lifetime>4000</valid_lifetime>
<fwrules>1</fwrules>
</general>
<ha>
<enabled>0</enabled>
<this_server_name/>
</ha>
<subnets/>
<reservations/>
<ha_peers/>
</dhcp4>
</Kea>
<monit version="1.0.13">
<general>
<enabled>0</enabled>
<interval>120</interval>
<startdelay>120</startdelay>
<mailserver>127.0.0.1</mailserver>
<port>25</port>
<username/>
<password/>
<ssl>0</ssl>
<sslversion>auto</sslversion>
<sslverify>1</sslverify>
<logfile/>
<statefile/>
<eventqueuePath/>
<eventqueueSlots/>
<httpdEnabled>0</httpdEnabled>
<httpdUsername>root</httpdUsername>
<httpdPassword/>
<httpdPort>2812</httpdPort>
<httpdAllow/>
<mmonitUrl/>
<mmonitTimeout>5</mmonitTimeout>
<mmonitRegisterCredentials>1</mmonitRegisterCredentials>
</general>
<alert uuid="15f1e9ca-5dd5-4b20-b595-b6b4f82245d0">
<enabled>0</enabled>
<recipient>root@localhost.local</recipient>
<noton>0</noton>
<events/>
<format/>
<reminder/>
<description/>
</alert>
<service uuid="c1e99556-91f5-4dbf-81d7-7915a3213de9">
<enabled>1</enabled>
<name>$HOST</name>
<description/>
<type>system</type>
<pidfile/>
<match/>
<path/>
<timeout>300</timeout>
<starttimeout>30</starttimeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>91b4e409-211b-49d5-9fa3-dc9054106646,cbe9cb72-e8c2-4740-990c-abcc486b0654,c0708923-88de-4178-abdd-819737440ce0,e887125d-c5d2-45e6-b40d-2c400d5449d1</tests>
<depends/>
<polltime/>
</service>
<service uuid="7513f341-7d21-4f11-903f-30d07b3aa41e">
<enabled>1</enabled>
<name>RootFs</name>
<description/>
<type>filesystem</type>
<pidfile/>
<match/>
<path>/</path>
<timeout>300</timeout>
<starttimeout>30</starttimeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>cc3684f2-701e-4de4-883d-803e08cf47b6</tests>
<depends/>
<polltime/>
</service>
<service uuid="f99ada79-ba1a-4ee1-81f1-ef570e8e5ea9">
<enabled>0</enabled>
<name>carp_status_change</name>
<description/>
<type>custom</type>
<pidfile/>
<match/>
<path>/usr/local/opnsense/scripts/OPNsense/Monit/carp_status</path>
<timeout>300</timeout>
<starttimeout>30</starttimeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>f2d734cb-2a0e-4375-9460-11bdd5b20503</tests>
<depends/>
<polltime/>
</service>
<service uuid="dca8a81f-d389-4baa-b477-8b348194fd25">
<enabled>0</enabled>
<name>gateway_alert</name>
<description/>
<type>custom</type>
<pidfile/>
<match/>
<path>/usr/local/opnsense/scripts/OPNsense/Monit/gateway_alert</path>
<timeout>300</timeout>
<starttimeout>30</starttimeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>865105a2-cbea-4a01-9979-c67818da9d99</tests>
<depends/>
<polltime/>
</service>
<test uuid="ea6b821c-4f30-455b-bd5b-23a6f0c20554">
<name>Ping</name>
<type>NetworkPing</type>
<condition>failed ping</condition>
<action>alert</action>
<path/>
</test>
<test uuid="16186b38-0e13-4cc3-ad18-ccc3fcc91837">
<name>NetworkLink</name>
<type>NetworkInterface</type>
<condition>failed link</condition>
<action>alert</action>
<path/>
</test>
<test uuid="69117d4d-8c41-4712-97c0-87b4fa7c9837">
<name>NetworkSaturation</name>
<type>NetworkInterface</type>
<condition>saturation is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="91b4e409-211b-49d5-9fa3-dc9054106646">
<name>MemoryUsage</name>
<type>SystemResource</type>
<condition>memory usage is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="cbe9cb72-e8c2-4740-990c-abcc486b0654">
<name>CPUUsage</name>
<type>SystemResource</type>
<condition>cpu usage is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="c0708923-88de-4178-abdd-819737440ce0">
<name>LoadAvg1</name>
<type>SystemResource</type>
<condition>loadavg (1min) is greater than 4</condition>
<action>alert</action>
<path/>
</test>
<test uuid="e887125d-c5d2-45e6-b40d-2c400d5449d1">
<name>LoadAvg5</name>
<type>SystemResource</type>
<condition>loadavg (5min) is greater than 3</condition>
<action>alert</action>
<path/>
</test>
<test uuid="c34aab30-9194-4667-b516-004b9c90c1c0">
<name>LoadAvg15</name>
<type>SystemResource</type>
<condition>loadavg (15min) is greater than 2</condition>
<action>alert</action>
<path/>
</test>
<test uuid="cc3684f2-701e-4de4-883d-803e08cf47b6">
<name>SpaceUsage</name>
<type>SpaceUsage</type>
<condition>space usage is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="f2d734cb-2a0e-4375-9460-11bdd5b20503">
<name>ChangedStatus</name>
<type>ProgramStatus</type>
<condition>changed status</condition>
<action>alert</action>
<path/>
</test>
<test uuid="865105a2-cbea-4a01-9979-c67818da9d99">
<name>NonZeroStatus</name>
<type>ProgramStatus</type>
<condition>status != 0</condition>
<action>alert</action>
<path/>
</test>
</monit>
<Gateways version="1.0.0">
<gateway_item uuid="a6ea102d-68bb-430f-af8b-269d52498fe1">
<disabled>0</disabled>
<name>WAN_GW</name>
<descr>Interface WAN Gateway</descr>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<gateway>172.17.0.1</gateway>
<defaultgw>1</defaultgw>
<fargw>0</fargw>
<monitor_disable>1</monitor_disable>
<monitor_noroute/>
<monitor/>
<force_down/>
<priority>255</priority>
<weight>1</weight>
<latencylow/>
<latencyhigh/>
<losslow/>
<losshigh/>
<interval/>
<time_period/>
<loss_interval/>
<data_length/>
</gateway_item>
</Gateways>
<Syslog version="1.0.2">
<general>
<enabled>1</enabled>
<loglocal>1</loglocal>
<maxpreserve>31</maxpreserve>
<maxfilesize/>
</general>
<destinations/>
</Syslog>
<TrafficShaper version="1.0.3">
<pipes/>
<queues/>
<rules/>
</TrafficShaper>
<unboundplus version="1.0.9">
<general>
<enabled>1</enabled>
<port>53</port>
<stats/>
<active_interface/>
<dns64/>
<dns64prefix/>
<noarecords/>
<regdhcp/>
<regdhcpdomain/>
<regdhcpstatic/>
<noreglladdr6/>
<noregrecords/>
<txtsupport/>
<cacheflush/>
<local_zone_type>transparent</local_zone_type>
<outgoing_interface/>
<enable_wpad/>
</general>
<advanced>
<hideidentity/>
<hideversion/>
<prefetch/>
<prefetchkey/>
<aggressivensec>1</aggressivensec>
<serveexpired/>
<serveexpiredreplyttl/>
<serveexpiredttl/>
<serveexpiredttlreset/>
<serveexpiredclienttimeout/>
<qnameminstrict/>
<extendedstatistics/>
<logqueries/>
<logreplies/>
<logtagqueryreply/>
<logservfail/>
<loglocalactions/>
<logverbosity>1</logverbosity>
<valloglevel>0</valloglevel>
<privatedomain/>
<privateaddress>0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10</privateaddress>
<insecuredomain/>
<msgcachesize/>
<rrsetcachesize/>
<outgoingnumtcp/>
<incomingnumtcp/>
<numqueriesperthread/>
<outgoingrange/>
<jostletimeout/>
<cachemaxttl/>
<cachemaxnegativettl/>
<cacheminttl/>
<infrahostttl/>
<infrakeepprobing/>
<infracachenumhosts/>
<unwantedreplythreshold/>
</advanced>
<acls>
<default_action>allow</default_action>
</acls>
<dnsbl>
<enabled>0</enabled>
<safesearch/>
<type/>
<lists/>
<whitelists/>
<blocklists/>
<wildcards/>
<address/>
<nxdomain/>
</dnsbl>
<forwarding>
<enabled/>
</forwarding>
<dots/>
<hosts/>
<aliases/>
<domains/>
</unboundplus>
</OPNsense>
<hasync version="1.0.0">
<disablepreempt>0</disablepreempt>
<disconnectppps>0</disconnectppps>
<pfsyncenabled>0</pfsyncenabled>
<pfsyncinterface>lan</pfsyncinterface>
<pfsyncpeerip/>
<pfsyncversion>1400</pfsyncversion>
<synchronizetoip/>
<username/>
<password/>
<syncitems/>
</hasync>
<openvpn/>
<ifgroups version="1.0.0"/>
<gifs version="1.0.0">
<gif/>
</gifs>
<gres version="1.0.0">
<gre/>
</gres>
<laggs version="1.0.0">
<lagg/>
</laggs>
<virtualip version="1.0.0">
<vip/>
</virtualip>
<vlans version="1.0.0">
<vlan/>
</vlans>
<staticroutes version="1.0.0">
<route/>
</staticroutes>
<bridges>
<bridged/>
</bridges>
<ppps>
<ppp/>
</ppps>
<wireless>
<clone/>
</wireless>
<ca/>
<dhcpdv6/>
<cert uuid="547102e9-23ba-48b8-8af8-64be61049e96">
<refid>6734d13fa9e4a</refid>
<descr>Web GUI TLS certificate</descr>
<caref/>
<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVSUhVRkpwc253VGtzYWRrZmRDNUp1SDhqWnZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5ERXhNVE14TmpFNE1EbGFGdzB5TlRFeU1UVXhOakU0TURsYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURKU1FlZ1RYckp5dDVWYmk0Rk9IeHJrOXhxQ21FRU54V2pINVVwNDBFK3hjUzZQU1NyCkNEclc3ZDlYcVJkOEpEZENtdGtLRGlMYWNaUzJMUm1abnd6VnRzZGtBR2pOYm5OM1hSNmlFajdGL0JnbVBlcDEKU2pJWnBTZzNkOS9YeHFPQTNZQllzTS9uUk9vWHlmTHcycFJOLzhHVjN3MHoxbVFZUitMZWI3UTFuc1c3dTJ5NworVHc5STZGU0J4bkdaR3RyUFl5NkVBb0NMdm1GQnFCYWxkWTQ2ejdlWjlIRkZXaE8ybWpaUzVPdTE3ZVozVHBxCnBRTVB1T2JxV3FyaE0xdjVjdmJodU5kREhNZ3ZVVFVnQ0RNK2FkS3dIc0dNNGw5ZGtOQTgxdGlJcXpzN1BqcjEKUm0wMlVuUXRneW8zY3hPRXVsYk9nU0hsdGhTMmtUMXE2UmhyemYvRGRJSEhta1RROGtwWVloWGc0VmpMQVdpSQpQbm9ncnZsRUlWMERhQ3ZEMjZiRkRDbVkxc29FbDV1NGtYanJScDRXK29NUVRHeG80NzFMQnNBMlh1Si82ZFJBCkJMVzh4dXBFODhEYmlrWW51NVdQaUp6ZXh4UVIyNU1FQVd6TCtKK0lubFExbmpMVWwyN3R0c1VQQ1VjL3c0NXoKcHBERHYwZnU0Nnp1S3EzY0VWRitiREsrQWdlT0Q2SXNzUjVRRTdFNVdkWjYrNWl6ZHB4eWdUeGh0L1k1RlBkSApHQjlCbDFrejR4bHRhczlvbmZrSDFkVHk3dzFNck43Z1l5WjgvS0pMWW9EY2NBOVFuNGt6bGtPeFVUMENuS1ExCmtWNk90aFRsVFgzK2duaUpJK3RXWUQ5bTRldXNzYWN1anpyWDl5TTNZcEloMnZqODJ0NHpPNjIrNFFJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRkJRZytucWI5QW9HSWtoTUxhNHFzWGRvY0JGcE1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVUlIVUYKSnBzbndUa3NhZGtmZEM1SnVIOGpadk13SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQUZqNlQ1MmRIUklVMHJuZDE0d2dob2tjUkdrK0hIQloyTGlDRHpUeUwKNHdCeTJ1ZXJXQWdvYUZzeUlNQzhwWTBhWlc4TFlSd1BtRVB0OXlUS09ZZzF0NWtOUnk2RkF5akszeis5TGZTQwoxRlFpb0pma3FHRnhoc1IxV1R5RjBGNmJmM2tZRDZ4OWw1dEdqMXF3SndrekZWZWcvZGNtUVhvRTBmUDRqSFFvCmgxWXdiZ3pTa084TzRLUVhuWXVRM3g0bWdoZnBvR0hQM2xINlcybDJlWHpqSzllRjJtUG1ZS0p1M3JpSnkvL3gKRzhQWXBYNlNTN3RoVnNNeHF3cGJHbURXQXRuSnNrSmVsNDI1WUdOYlZ4YTNPOHE3RWxLNGFoNXpmai8wRnVwTgo3SnlqMWQyZjZFck14WlFnUi9EdmlUVnhISytRY1lBRXBqU2ZmZzBrRStpS1BlN0VYTVk1VU1aZUFTK1ZteG1LCjBPOWxaQXNpWUlEMzkwVjNTaDZxYjhoL2xMZ0V2NCtSNUw1VEpFaldYc0dQSUpGaHJNSFJWR1lhV3JIYWx3eHYKNjE5NFlpSXBEaUlHSVVSWGN1U3dNcndIQzN0bms2QVo2OW5CczVXT1JYM0NxOVhRRnVrVlA5eUMxQnRuSmFwbQpubUMzK3NtTTErRjkxUXlkVXJtbUxPNUVwUmtTMitBcmRTSklUR1NRNWt4L3VLNjhzV0QzVVdNNVRibUxrcWdOCkt6djZjemVCbzJiVExDT0JKUWJ4STFCckRPTUFMSDlCdXdUamVXdUVtWE9TWE1lTDFsejdhL2JZKzJxa1BSOVAKTE5IekE2QXZlVmxucDNaeFdqMjZFK3dwYnU5cHBaY0QzRGVHRnRnZzVJbUJ2ZDNWbjJ6UVc4a1ZMT1ZBdllSawptdWc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
<csr/>
<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpSQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1M0d2dna3FBZ0VBQW9JQ0FRREpTUWVnVFhySnl0NVYKYmk0Rk9IeHJrOXhxQ21FRU54V2pINVVwNDBFK3hjUzZQU1NyQ0RyVzdkOVhxUmQ4SkRkQ210a0tEaUxhY1pTMgpMUm1abnd6VnRzZGtBR2pOYm5OM1hSNmlFajdGL0JnbVBlcDFTaklacFNnM2Q5L1h4cU9BM1lCWXNNL25ST29YCnlmTHcycFJOLzhHVjN3MHoxbVFZUitMZWI3UTFuc1c3dTJ5NytUdzlJNkZTQnhuR1pHdHJQWXk2RUFvQ0x2bUYKQnFCYWxkWTQ2ejdlWjlIRkZXaE8ybWpaUzVPdTE3ZVozVHBxcFFNUHVPYnFXcXJoTTF2NWN2Ymh1TmRESE1ndgpVVFVnQ0RNK2FkS3dIc0dNNGw5ZGtOQTgxdGlJcXpzN1BqcjFSbTAyVW5RdGd5bzNjeE9FdWxiT2dTSGx0aFMyCmtUMXE2UmhyemYvRGRJSEhta1RROGtwWVloWGc0VmpMQVdpSVBub2dydmxFSVYwRGFDdkQyNmJGRENtWTFzb0UKbDV1NGtYanJScDRXK29NUVRHeG80NzFMQnNBMlh1Si82ZFJBQkxXOHh1cEU4OERiaWtZbnU1V1BpSnpleHhRUgoyNU1FQVd6TCtKK0lubFExbmpMVWwyN3R0c1VQQ1VjL3c0NXpwcEREdjBmdTQ2enVLcTNjRVZGK2JESytBZ2VPCkQ2SXNzUjVRRTdFNVdkWjYrNWl6ZHB4eWdUeGh0L1k1RlBkSEdCOUJsMWt6NHhsdGFzOW9uZmtIMWRUeTd3MU0Kck43Z1l5WjgvS0pMWW9EY2NBOVFuNGt6bGtPeFVUMENuS1Exa1Y2T3RoVGxUWDMrZ25pSkkrdFdZRDltNGV1cwpzYWN1anpyWDl5TTNZcEloMnZqODJ0NHpPNjIrNFFJREFRQUJBb0lDQUNPNnZpc1BIY3pzb1NjK2dkWkU1dGNNCnZkc240UDFIenVRd0VzRUcrVG1zanVWMVBZbExrbkE4OU1DQmdDejEyOFpMcU51ZlUwSDkxK1Uzbjd2MGJ1bVAKd3BpR2R4UUNOMlpZaGZ2RWE5YW1qMTNZYjBJbks3b0FKbUdrT254NW91UFl6YlBRblBNRE9WK0VKa2JwTWRxZgptOHdmOWg2OXYzSk03bUZJS0UrOVVZR252UjhuMkhETTNwR3FONEhQS1A4MkE0RXlvQ2d2a1BTelRxc052bU5ICnBOY0RURW5rNlNsWUhUVDNOSzJjVnBldUhMUzUrazlqNWI5elhUSlE5TkpVZlN6bnEvUmFpMUZVNDY1K0xpUjEKMGVPWDdnajFWUExOcGgwcWtQQy9ubW0vZStVMmZXUGZZb2FDcWkrQ0VwU2twQXlQZ1FZZTJsSG0rYVU4MzZ2UQpuaHZuL0p5ZHJDL1NyTUFZaXpOZFYyZjlHTkNwcE1SbUZyOS9saVJiNEFpSzRLSDRETGdSRUxHaDJLNzJuOFRLCkxUSVhIV3RacisyMWU4c0Mxbm5MSENnK21wMHBvSWJsbEtoYk9VTmVxR09yWm95NFBXdDZMQndFYzN0MG1wVEMKODhiSUpqMzFCQngzTGE1SUE5b0FNRi9lbHJYdFhhVnl4bm5yTHdjYzFNVWpCV20rZDVqbC9WOEdIcEJRd3pXYwpPNWdNSXlQNUIvdzBacUcyZjV1akZkOHo4dElmcEFRRTJSbDNxRUFYNU1NY1JQaFlTNDJqTWl4czc3TmtOVldQCkpqUVoxVDVXQTVKOUxEL2FKRkplQ2MvbjhpNldOQ3FzdEQ5OVNPTCsrTTBFQTlka2lLNWtOcXFZeXZuRG9SZVcKSW84eXhvVnpObURsWjBkSU9UUzlBb0lCQVFEb2tvMWxPS05FNlBWWmRRU3lmS0JOTEZNcEl1V1VVZmp0ODU4awpJTTB0TnNyS0d2N3NmYkt0dlMvOWgwMGluU2FyWTJ4amVETG91WEI5VzdKY1B1NjRoNHYwek1lbXRhdDRyTUJnClA5bkQ3MW00dERqS2ZrZDAza2tUbk4ySTBxYkwzeFVoTjNEQlJZTU9veDFMa2M4MFFFMHhSUEM1YmRJaXcwemEKTWdtK1dOZVY1VEZoSkpQZ2dVRVo5U1A2aWV1VEY0OW9wRGNWdGUwQ0I0WnFUaTRWb3YvZFVDWGpNK0djRnNWdgpPWTZYTE9KTmRldHdnUVNkd1hlSzB1WlBpWnVKTGlsTEg4OFVKYWNoQThDZW1SclMxRUtxWElwK2dkQWV4MnhVCmY5amRMMGF2SlJEY0xqWlhETXBvWlJpc0JoWVArZzY3VHZza3FscDh4M2p2STlWVkFvSUJBUURkajZrdWNLM0MKYXprMzlqYllvM3RFZ0R5L2VGNnBjWFlpK21Ba1ZNRk9vSWJ5cmNyN3BqSnRMNFMyMEFDRmpBUGFQT042dWVVWQpQQm92dC9QODB1V1c5cGZCK29mRmdadzRqc3hLWFY4eEJmOVdLWVZndFBsOHhIL1RJcERTMjhVTlowNDlhUW4vCjlCRzNac0lyenk3RzFLRTZPLzBMMnVmMnFyaUxxRFQyV3dsdFVsbWs2Ym5NeThkR0sra1JLcFhvSm1RTlNHRHoKOXd4blU2ZmZ1NDdDLzRYMHRIVk1MVFVneFh4djdqN3BpSzI4dzBuZ1N5S3ozV0IzWTJwaFVsZEJIdEprQko1RQpoRm8zMXJCVDU5enhkb2crYXh1bkh4S3EySGFHRkt0ZUZ6RGpkTTFpQzE3bWNtWXBzR2tuenA0cjRjZm5FYTFSCko4Wmo5ZVFQaEVOZEFvSUJBUUN3d2hsbXNkb2MySFVJVFZDSm13QjJSdGJaYitWT2lkS0lmdDBYcHpwcFA3aDIKVEhndEl3ZDIxayt2LzNJWGVaclhMWlJHTVNkNEN1QTgxa0ZEckt6Z1lGeDFiR0hkQ1R2T1ZuVkxjWnUvTjUxWQpMTmp3eFhMbmxyMnhnMG8zMytuWERyQlBjNFJsejcvZ2t3WUQxa2pGckkwK2dlZjI5a2w4RkRUSHJMb05DaGFuCm5PNmZweDRneGZ2Rmo3T05pZDhhQnhEK2RiaEw3dDIzNmlJMWp6K2xRQ0g0Z1I2YWhHYldxOVBZU2NWZWprVmMKbTkrWnZPVFdSU0RteUkwMExDQ2k3UXVEUmlTcmFrYVFaL3F3VHlxOHk0ZnpWS3dKby8yYU52VFZiK2xSaWNuTgorWHpMNnU5dno0L1NNZXZEYWtqQVVjdDZmbmVQa1UxK2dsZ2VZSHlWQW9JQkFRRFJtYW0wVEZhbFdXaHMvNWtOClEwTkhINFhZb1JmMGRta0xXQStCNzBoY2lOS0JYRlp0ME9GZGw1bVdsSm9adk1hY1BBUDd3MGJ1c1ZVWWxZN1YKTy9LRTZVM1I3WjlxQWw1Mnh1aU81Vnc3ZFhBRDVBM1EyZ1EzdTNFdG5VS2lwOVA0QlNYb1JLbDRJVDV0WVdJSgpyZHVUciszQ3VLT0FCcHh4Snpxa3JBRkdtZ01HRCtUTWRXd1hTU1NBeHVPYklNMW1MSU4wYVdlSEJNMFFKdnptClZIb1BFVXA1b0FwamdWVUVacTk4K0VjK0NOWkxmL2d3bndQNllsQnpRWEtQRlNXRWJwTWNtWjNjTmRWZmc5T1YKM1FDUTBkQzhNL21hRlhSRWVibE95TmtCanpEcHpVTExJUFNyVDhoRVlpWm95VGVyVGRJZVVBUEZoYnBTTUhtTApFRlhsQW9JQkFRQ0VUdVJQRHZvMC9tdDhyTzhLNENsamtuU0gxZ1FBSjFha3U3UXg3NUJUTDB6OWRNY2lMK1JLCng1R1lFTW1wcUtNb2FPbWc0WFVRMVRlQ2Vic1R0NjMyWXp6cmNCU0d1RzVnN1o0UUVublUzRXU5QklIMUVSL2gKSEk0NWowU0xNRUpObkNiTkpnRVNRRUFCbzN3cHhrRTdiRGlNdTVPOXVqMlFRVTlTTm94QkFmbVFXRDJJaU1BRQpWYzV3QTNZajBMdElSYkJmdzNBTE9uNlRSc2xucy9JMnd2Z1RCQW9sU3NZbEtEK0NRY3hDZldlNmZwU21aYmlCClBGUE9DY1ZQTXhGeXBhZWFJMkRXNWRPNFNoNGQ0ZlZma2F3ck9LN1N2QnFZb0Y5L2VndThzQS9ZdklaRVltQUQKd0ZIOGs1QjJ4WXdiNkVmNmFFQ29ZTitsNWtlWmhNWTgKLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
</cert>
<cert uuid="cad18e13-92c5-48b6-9b44-ad2e5dcc799e">
<refid>6734d6c82dc59</refid>
<descr>Web GUI TLS certificate</descr>
<caref/>
<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVZkNETXpFclQ4dlVoenJaTVJta3JiT3dnSUdNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5ERXhNVE14TmpReE5EVmFGdzB5TlRFeU1UVXhOalF4TkRWYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURMc0xEbjRta1R4RXJYdHdqTXoxencyeHJhNTZ5bTYrYzlRNEM3UjMyMzVuWjVPM1ovCnczL2tNV2Y5L25GbGpnMkFXWERJSmNXZjk0NFJFblFMdmlha2NNTHR1Qm1KTVRYZnVQWnhsSWE4Wlc0S0ZuT20KVFM0WXFCVzhHQkpJd0xtQ2kxb2RoWXhmUEQ2TFdEZnZYMm1tWEIrUFNxL0l4WEhOSjdxZVB4YzVuSzUyMW1uNQpuQ0FtZFBDY2JmdmdXdUM2TnhWbXpkeXpta1QvNnVqRUJFYTZ6RkQyUUtDN1N6a2ptZUNpd2VDQjc5NjZqeEV5ClFrVlFqYlQ5MFlyeENvdE8rbTJIQU5QZHNjT3FvNldXMEhmSlNpa2k4K2NDWHlzbGRFSzFZbmxueTNFWlVqTEwKVmplRS9XQVU0Q1BZUmhYVFVGVTIxZFV2azNvYUVpeldVdmhKc1FHYnh2aFRUQlN3aVliOUQ3Ymx1MWl4UzJxNwo3Mzk5VWdRN3FTNUFhOElHbXA4NUNoUUlBWUVjSTd6RGVWTGtrOGpkWkFCaTdGbDl0M05OQTU3WlVZVzErWE45CitUZ3ljMTlTbGoxVW1RdkRvekxCQzk5TVJpLzREQTIxRFpIODY3ekFYenFqZWUrckorQkZvNzVEQjlqd2tMTmUKUGVpemxRenRIWmpSU0tnaWdSNU9KSmtSVHIvNjduaTBtbzVITGNkU3hBSDFmdXdXS0hWS2RHQlQrNjhhYkUrZwprUSsrVDhMenVhK1FtakxOUVFqMVJCSFYzSzVQL3dvbXJKZG02d1ZLbm85RXlNait4azFwS05wb0F4UnR1WllmCkNEVVVQWjR1cEJtbzBLN3dGNHdtV3VXYSttVndlb1ZTcDRXMEhOWVJGU1pyWWxrc1AzdWViSHcva1FJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRktidDd0QkRKN1daV1lMblQ5cEhTMklPdTg1TU1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVWZDRE0KekVyVDh2VWh6clpNUm1rcmJPd2dJR013SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQWNQbmllQ29FSmRjV25CVHdqRmE3bjZqTFMrZ1pUYUk2ZjAzWktQMFYKQ0pSaDUxWTNwb2dpcnJYcVNHQ1VGTVNHbGpsQ21mU2VhdW9GWFYwanZLejhnMGZ1NU9kYlhjd2FrZFBZSXgydQpVT0dMbllTaEdCNlpoMmhpWWdSVGFpemJoTVliQitzQkV4QU1CdHZRZElSZ3dBWkRNWE9jY0MwZnJaMFhRRlRFCnQ3by82VGYvZEprdnB0cmRYWW1INnFUWlA2MGxyTnlabVloTjc1NEluOFZLRVVSRWNZamg1ejlJanA1NTE1cU0Kb0VrSGNKbTBDNkh2VStETG1ybFpFYkV4bnVOMFQzWTBNZ0hiVFVhU2Y1L2FKVmlIM0dOMnMzbG1ZM0VXTS9Vcwo3azFyc2JTa2orZzJvQXlTcjU0Nlc4RkdaMjliZFlOYk1EaTQ4aXVRQWlzRlQrTGZXN3Y3RVl3WGJ3NUhSVkpNCjV2MlhnenJwN2Yxa08zckEzeXUyS1VSSktHdjJ1ZXhNSythb1VOZXhRT3ludmZGUTBCemRHQ1dlcmVvZTZ3bDMKbHc4Z2dCWDI1VGIxbzR3d1UzNXdtUUIrMC9rbjB0SXoveVBhY2JzbDAwZ0dJNFhTbWpRQmF0MUZYRHFEME1JMgp4S0RqMXZ2dkNTVnRKc09ESG95eDhLc3ptbno5UVFoV0ZNeC9LTXp1clh0OWtsWFRJc0t3d2NXMytZQWtQMzNaClgvOGJnZS8zK2RibTdNN3BndmFBNVFlU3VTbkwzNjdLT1g1NlNZNGFZWHhkc1haVDc0ZGxVRU1jbG9NU0NIOG4KR25QWlpyWTNHdnZaU2ovQWdqT2lDNHNBL2JSSmh4cCtUQndlRFByR0pFUEJFVW9sZEZHVXdraFJXMVVuRlc2YwpyTGM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
<csr/>
<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRRExzTERuNG1rVHhFclgKdHdqTXoxencyeHJhNTZ5bTYrYzlRNEM3UjMyMzVuWjVPM1ovdzMva01XZjkvbkZsamcyQVdYRElKY1dmOTQ0UgpFblFMdmlha2NNTHR1Qm1KTVRYZnVQWnhsSWE4Wlc0S0ZuT21UUzRZcUJXOEdCSkl3TG1DaTFvZGhZeGZQRDZMCldEZnZYMm1tWEIrUFNxL0l4WEhOSjdxZVB4YzVuSzUyMW1uNW5DQW1kUENjYmZ2Z1d1QzZOeFZtemR5em1rVC8KNnVqRUJFYTZ6RkQyUUtDN1N6a2ptZUNpd2VDQjc5NjZqeEV5UWtWUWpiVDkwWXJ4Q290TyttMkhBTlBkc2NPcQpvNldXMEhmSlNpa2k4K2NDWHlzbGRFSzFZbmxueTNFWlVqTExWamVFL1dBVTRDUFlSaFhUVUZVMjFkVXZrM29hCkVpeldVdmhKc1FHYnh2aFRUQlN3aVliOUQ3Ymx1MWl4UzJxNzczOTlVZ1E3cVM1QWE4SUdtcDg1Q2hRSUFZRWMKSTd6RGVWTGtrOGpkWkFCaTdGbDl0M05OQTU3WlVZVzErWE45K1RneWMxOVNsajFVbVF2RG96TEJDOTlNUmkvNApEQTIxRFpIODY3ekFYenFqZWUrckorQkZvNzVEQjlqd2tMTmVQZWl6bFF6dEhaalJTS2dpZ1I1T0pKa1JUci82CjduaTBtbzVITGNkU3hBSDFmdXdXS0hWS2RHQlQrNjhhYkUrZ2tRKytUOEx6dWErUW1qTE5RUWoxUkJIVjNLNVAKL3dvbXJKZG02d1ZLbm85RXlNait4azFwS05wb0F4UnR1WllmQ0RVVVBaNHVwQm1vMEs3d0Y0d21XdVdhK21Wdwplb1ZTcDRXMEhOWVJGU1pyWWxrc1AzdWViSHcva1FJREFRQUJBb0lDQUFzc3hPL2IzSTd3a0hpWU9wdmQ3b2ZxClJXVm9HM0ZHOVBkSCtrcU1DQW9zVXlpZ2lnWkZhQUZSY3BhZFBJUnBVRFZQOHQrUUx2RHhTSEtJVkNTR3lLRHgKN01mVTkxV3ZCUGtpc1NhWEV2TklEMHJ2WTJYbXl4WWdOcDBNcHdnbHhxZXlWSDNWSTFmZ09zQXpWVkpGSmtzeAp0NnVKV2U2R1lwRnlVZ3MzZytNdHhPYVJLZHcvWkFZb0dVRkR5WE5NR1JNdVRYYkg2WWxTOStFZ2RxZTJZbGtDCk41amkvODUydUlwSytXZUVnbmd1ZkVZNDdpVVhQSzFJTVB0UjRURUxOb3hkTWVBYnZBUG9La2QwMWZOWnVaQ3EKQ0dxNS9kMEQ4cDZKNjlUK3M1RnR1R1UrdkxtcUg3NmtsZjVmTTZnOFpCc2xSNStNQ0xlay9DaHRBZGU2VXBQRApXQ2EwazU3dmdneUdQdGVlVXY2RVJBMEp6SjlJd2VHZGdVWHhNdW5LK3ZSNWYydWJKWFJoMVJpNTNFSTNvVUxYClFvWm9hOTY3VzNUajQ3UzR2RlQyK2dLb0g2OXlNckdVNVkwcjJrSTFXMVVhWEJ1aVVrMi94amdyWVdTblUzUUQKZkM3ZXllTlNlN3c4UW9MMVBEYXJwVXdaK2xGZ0w3NFVScldLQU12WVhxa3NTMHVtb0tTSWo4cjZMM0hVSUVaUgpZRzhBTU91dFhrQk5lMkNpTXRKM2NYUXNIOWloQU9QL3AvaE9BTTBGNkM3Ymt1Vm85d1pRdDVESWxRWUl4TlArClFRZ2doRnhBNTlTWmpwRk00QkN5L0hEOENJY3VuSURZOVNlbXNSYXdyUVY1eGk1akFScVdOYTdBSVMvVlArdUUKQkpmS0dDNFlZVmxqS1VLeEgxVUJBb0lCQVFEcnZOWXNrd3ZhQ2Z6MlcvbkIrRjNjVE1RbjM2RENSYnZwQ0s1dApldm96TjJGbjBJdWFnN2RrYzN2NTFxTVNEd0h1cVNkVTRHUHZMcm83alpJaFNEZ1AwLzBLWmc0VmxtZE5HbEovCk1lcXhmOGRkOFdTQjZiUksrK2FRcEhaeDd2SUFTWkE4eHkvZ3F2NGJpSmlqVDhUQ2lSeXdYSTQ0ZlRYM0xLZTIKVG1Uc29XNk9yQmErSWJRYjBpTEh4WE4rZ3JDM0cxWWxIUlNvTEpKUkU0eFVLMGsvM1JLNU16RjRIYUNZb1BWOQpDOFpQellMR253SE9ERU8zbHRtSGJvQUNFa0VrT2dFV3U4RFo2YlYrMXJBcVh6WnN0L3hNZnJ5KzlMRVdYQUwvCkRnOEdkall0YzdyUTFZd1BIY1h6cFo2clVIdXh2K0p6VEE1ZzNCS1p6aWhwNFdHaEFvSUJBUURkTXE3N0dRWGMKYW5hYlMxanlFT3VzNFp5ZlJ4cW10NEVFaHZjY0dRVVVrV0IrWk11bnpyaENxb3ZwQ1dhVU9zWVhuNG45Y3BQSAo3bm1mOUJHbFI4NVhCVHNLM2d4bE5NMUhjSGFTNXZSem9WQVBNd3o2VVV0ZFNLWXRLR0Q3Wkxmbm9ISXN1SlEzCnJ6WWIyTFhpVmx6MWlNNUVmT0VrL1J5UjBwMGtleXVwa0F0OXBRV0hzaURYb0pibDE2d1ZLc2NDNGUzNjdRRWsKcFdoeXcyS3A4bXdtOGxqQllxZWtHdUREeGVZSDMzMVlGa2FMUEJCT2xPQnlveFlOUDdBVVREUlV3KzB1T01jNwozb0N1VE9jWnAxVWMwQURBOXRTRVRINklWdlFEUXZlYzR6MWRTVGRmUEkxRzVUTCt4Mzlvam5OcGVoYng0bEwvCmRxTTBmcFlPL2ZmeEFvSUJBRmwzOU8wNzdjNlY1ZHoyY1djTnhVbThGT0p4UEVrZlFEOGtYVmNOeW5HdnZoY3gKamhwWmpUdmhuSmJvd0VFMVV1MXFZNVFTQ2J1WVIzUWN1ZTVKdzRVMlZwNGd0NDIzNUlMZHo1dVlyVk1xaE5jQgpxN3ltbnhlcVhRcGVjTm15NzBQdXA0QjV0SkVYTkpQc2xzbThsNWVoaERMbkhjOFFybStlRWhUZDBlNEJJcjJoClVJeGVyRVcyemg1MXNPeTkyeVhUaVRGU3hTbENxVkYrRXM5TEVtVGJtYVNTYWw4RkY1TjEyMVhYSnkvWWRwNjkKY0dqc1BMTXIzR2xMSmVnalYzZlJUK0o1NWFxT3lhUlhCTXRBRVo3WGdUampETzJJWHNGMnNHaHV4SU1XVUYrVgp3YnhLbi9xSXVUMU1pVmpKbGZpVE0vWEFVdUN1QlowOEloaDFRcUVDZ2dFQUZwdzJySzRMSGxPM21mb2l0bU9xClkzcVFVdXVtdXNIcEt6aE1qQSsycURxUC9YdDZJY1lNcWF2YkwwL3ByMTh1bm4yTlVsM2k0ejNxS3NKOUIwTUcKd1hoa1o2RDQ3V052VkUwWG9iNS80RTN0N0EvUTFNbDRoYW1HYXZsRXFJM01DcDRvN1k5VWZ6aW10RVA3bTQ0dQpaRjYranR1ZysvSHZlS3hwcWEvNWI1U3N5QVFWUTZDZW9Ndm1nTW9CNmd2OFdid1VZbURWakJSb1Q4clBEQVllCnJnQjV1QkxJaGdyRlROMnV2TUZJZzdlTE1ISk1UR3dGWVZKd1Q1eGgrRUV0M0RoR3gwSEFnOHNqcGkxd05md1gKeENFeTRvYVloSWw1S2FDUndyK1dwZS9JZHYrajdGVTVMN1QvK0hFV0FlOEZ0eE5td3dUYWJRaUllRFkwU29ZRgpVUUtDQVFFQXRiclZqbTFsaDQ1REhIWnVsem4xNllIQzJrMUYwWG9FZFVSQ3o0QTFsMHBEK3ljL2srdmJ0Qmg0Cm1RRDV1a3FicHFFZy9GNUhDZmdOaHlieHNNdVV6NzFaU24zN2dwczNDWUdiUyt4RkhjZTJBakNTbUlYQWIxQjgKR0Z2WnV4UlB5QXU0YVBvT1J3RzM3NVBOM0VNNk83bzdxbjlYeExTZWRIMHExM2U0YkhYYm4rc2xOa1RIM2xmcwpLVnBOUUhVSUNDSW5vQ0llV1dwdnAwQnFoYjlKclRsbXd2c25zOHpZVDNiY3F5QXZHZGRnNUs3Y0MwRVJaem9ECnFJTkI3S05FVjQ1NmF0eDZVT3VYUlpKREMvaHNJUTZNaVBveUJacHRsK1ZIMEtQbEFIWGExb0FXZmNuL0U3MFYKK0RaeVBiMWxkQUdpb1hqditGd2h5VzZlWEVrQlBnPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
</cert>
<syslog/>
</opnsense>

View File

@ -0,0 +1,987 @@
<?xml version="1.0"?>
<opnsense>
<theme>opnsense</theme>
<sysctl>
<item>
<descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
<tunable>vfs.read_max</tunable>
<value>default</value>
</item>
<item>
<descr>Set the ephemeral port range to be lower.</descr>
<tunable>net.inet.ip.portrange.first</tunable>
<value>default</value>
</item>
<item>
<descr>Drop packets to closed TCP ports without returning a RST</descr>
<tunable>net.inet.tcp.blackhole</tunable>
<value>default</value>
</item>
<item>
<descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
<tunable>net.inet.udp.blackhole</tunable>
<value>default</value>
</item>
<item>
<descr>Randomize the ID field in IP packets</descr>
<tunable>net.inet.ip.random_id</tunable>
<value>default</value>
</item>
<item>
<descr>Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.</descr>
<tunable>net.inet.ip.sourceroute</tunable>
<value>default</value>
</item>
<item>
<descr>Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.</descr>
<tunable>net.inet.ip.accept_sourceroute</tunable>
<value>default</value>
</item>
<item>
<descr>This option turns off the logging of redirect packets because there is no limit and this could fill
up your logs consuming your whole hard drive.</descr>
<tunable>net.inet.icmp.log_redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
<tunable>net.inet.tcp.drop_synfin</tunable>
<value>default</value>
</item>
<item>
<descr>Enable sending IPv6 redirects</descr>
<tunable>net.inet6.ip6.redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
<tunable>net.inet6.ip6.use_tempaddr</tunable>
<value>default</value>
</item>
<item>
<descr>Prefer privacy addresses and use them over the normal addresses</descr>
<tunable>net.inet6.ip6.prefer_tempaddr</tunable>
<value>default</value>
</item>
<item>
<descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
<tunable>net.inet.tcp.syncookies</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
<tunable>net.inet.tcp.recvspace</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
<tunable>net.inet.tcp.sendspace</tunable>
<value>default</value>
</item>
<item>
<descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
<tunable>net.inet.tcp.delayed_ack</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum outgoing UDP datagram size</descr>
<tunable>net.inet.udp.maxdgram</tunable>
<value>default</value>
</item>
<item>
<descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
<tunable>net.link.bridge.pfil_onlyip</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
<tunable>net.link.bridge.pfil_local_phys</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
<tunable>net.link.bridge.pfil_member</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 1 to enable filtering on the bridge interface</descr>
<tunable>net.link.bridge.pfil_bridge</tunable>
<value>default</value>
</item>
<item>
<descr>Allow unprivileged access to tap(4) device nodes</descr>
<tunable>net.link.tap.user_open</tunable>
<value>default</value>
</item>
<item>
<descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
<tunable>kern.randompid</tunable>
<value>default</value>
</item>
<item>
<descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
<tunable>hw.syscons.kbd_reboot</tunable>
<value>default</value>
</item>
<item>
<descr>Enable TCP extended debugging</descr>
<tunable>net.inet.tcp.log_debug</tunable>
<value>default</value>
</item>
<item>
<descr>Set ICMP Limits</descr>
<tunable>net.inet.icmp.icmplim</tunable>
<value>default</value>
</item>
<item>
<descr>TCP Offload Engine</descr>
<tunable>net.inet.tcp.tso</tunable>
<value>default</value>
</item>
<item>
<descr>UDP Checksums</descr>
<tunable>net.inet.udp.checksum</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum socket buffer size</descr>
<tunable>kern.ipc.maxsockbuf</tunable>
<value>default</value>
</item>
<item>
<descr>Page Table Isolation (Meltdown mitigation, requires reboot.)</descr>
<tunable>vm.pmap.pti</tunable>
<value>default</value>
</item>
<item>
<descr>Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)</descr>
<tunable>hw.ibrs_disable</tunable>
<value>default</value>
</item>
<item>
<descr>Hide processes running as other groups</descr>
<tunable>security.bsd.see_other_gids</tunable>
<value>default</value>
</item>
<item>
<descr>Hide processes running as other users</descr>
<tunable>security.bsd.see_other_uids</tunable>
<value>default</value>
</item>
<item>
<descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
and for the sender directly reachable, route and next hop is known.</descr>
<tunable>net.inet.ip.redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum outgoing UDP datagram size</descr>
<tunable>net.local.dgram.maxdgram</tunable>
<value>default</value>
</item>
</sysctl>
<system>
<optimization>normal</optimization>
<hostname>OPNsense</hostname>
<domain>localdomain</domain>
<dnsallowoverride>1</dnsallowoverride>
<group>
<name>admins</name>
<description>System Administrators</description>
<scope>system</scope>
<gid>1999</gid>
<member>0</member>
<priv>page-all</priv>
</group>
<user>
<name>root</name>
<descr>System Administrator</descr>
<scope>system</scope>
<groupname>admins</groupname>
<password>$2y$10$YRVoF4SgskIsrXOvOQjGieB9XqHPRra9R7d80B3BZdbY/j21TwBfS</password>
<uid>0</uid>
</user>
<nextuid>2000</nextuid>
<nextgid>2000</nextgid>
<timezone>Etc/UTC</timezone>
<timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
<webgui>
<protocol>https</protocol>
<ssl-certref>6734d6c82dc59</ssl-certref>
<port/>
<ssl-ciphers/>
<interfaces/>
<compression/>
</webgui>
<disablenatreflection>yes</disablenatreflection>
<usevirtualterminal>1</usevirtualterminal>
<disableconsolemenu>1</disableconsolemenu>
<disablevlanhwfilter>1</disablevlanhwfilter>
<disablechecksumoffloading>1</disablechecksumoffloading>
<disablesegmentationoffloading>1</disablesegmentationoffloading>
<disablelargereceiveoffloading>1</disablelargereceiveoffloading>
<ipv6allow>1</ipv6allow>
<powerd_ac_mode>hadp</powerd_ac_mode>
<powerd_battery_mode>hadp</powerd_battery_mode>
<powerd_normal_mode>hadp</powerd_normal_mode>
<bogons>
<interval>monthly</interval>
</bogons>
<pf_share_forward>1</pf_share_forward>
<lb_use_sticky>1</lb_use_sticky>
<ssh>
<group>admins</group>
<noauto>1</noauto>
<interfaces/>
<kex/>
<ciphers/>
<macs/>
<keys/>
<keysig/>
<enabled>enabled</enabled>
<passwordauth>1</passwordauth>
<permitrootlogin>1</permitrootlogin>
</ssh>
<rrdbackup>-1</rrdbackup>
<netflowbackup>-1</netflowbackup>
<firmware version="1.0.1">
<mirror/>
<flavour/>
<plugins/>
<type/>
<subscription/>
<reboot/>
</firmware>
<dnsserver>192.168.5.1</dnsserver>
<language>en_US</language>
<serialspeed>115200</serialspeed>
<primaryconsole>video</primaryconsole>
<secondaryconsole>serial</secondaryconsole>
</system>
<interfaces>
<lan>
<enable>1</enable>
<if>le1</if>
<ipaddr>10.100.8.1</ipaddr>
<subnet>24</subnet>
<ipaddrv6>track6</ipaddrv6>
<subnetv6>64</subnetv6>
<media/>
<mediaopt/>
<track6-interface>wan</track6-interface>
<track6-prefix-id>0</track6-prefix-id>
</lan>
<lo0>
<internal_dynamic>1</internal_dynamic>
<descr>Loopback</descr>
<enable>1</enable>
<if>lo0</if>
<ipaddr>127.0.0.1</ipaddr>
<ipaddrv6>::1</ipaddrv6>
<subnet>8</subnet>
<subnetv6>128</subnetv6>
<type>none</type>
<virtual>1</virtual>
</lo0>
<wan>
<if>le0</if>
<descr/>
<enable>1</enable>
<spoofmac/>
<ipaddr>dhcp</ipaddr>
<dhcphostname/>
<alias-address/>
<alias-subnet>32</alias-subnet>
<dhcprejectfrom/>
<adv_dhcp_pt_timeout/>
<adv_dhcp_pt_retry/>
<adv_dhcp_pt_select_timeout/>
<adv_dhcp_pt_reboot/>
<adv_dhcp_pt_backoff_cutoff/>
<adv_dhcp_pt_initial_interval/>
<adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
<adv_dhcp_send_options/>
<adv_dhcp_request_options/>
<adv_dhcp_required_options/>
<adv_dhcp_option_modifiers/>
<adv_dhcp_config_advanced/>
<adv_dhcp_config_file_override/>
<adv_dhcp_config_file_override_path/>
</wan>
</interfaces>
<dhcpd>
<lan>
<enable/>
<range>
<from>10.100.8.10</from>
<to>10.100.8.245</to>
</range>
<staticmap>
<mac>d8:5e:d3:e7:2c:8c</mac>
<ipaddr>10.100.8.15</ipaddr>
<hostname>rtx4090</hostname>
<winsserver/>
<dnsserver/>
<ntpserver/>
</staticmap>
</lan>
</dhcpd>
<snmpd>
<syslocation/>
<syscontact/>
<rocommunity>public</rocommunity>
</snmpd>
<nat>
<outbound>
<mode>automatic</mode>
</outbound>
</nat>
<filter>
<rule uuid="f79eded0-3c11-4f57-9aaa-55d4888589fa">
<type>pass</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<direction>in</direction>
<quick>1</quick>
<protocol>tcp</protocol>
<source>
<any>1</any>
</source>
<destination>
<network>wanip</network>
<port>80</port>
</destination>
<updated>
<username>root@192.168.5.204</username>
<time>1731518072.7612</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@192.168.5.204</username>
<time>1731518072.7612</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="4a5e7b65-0d7f-4452-8a29-2ec61a47ec19">
<type>pass</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<direction>in</direction>
<quick>1</quick>
<protocol>tcp</protocol>
<source>
<any>1</any>
</source>
<destination>
<network>wanip</network>
<port>443</port>
</destination>
<updated>
<username>root@192.168.5.204</username>
<time>1731518084.0639</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@192.168.5.204</username>
<time>1731518084.0639</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="0465308d-8605-466c-bcb4-95eeb989251a">
<type>pass</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<direction>in</direction>
<quick>1</quick>
<protocol>tcp/udp</protocol>
<source>
<any>1</any>
</source>
<destination>
<any>1</any>
<port>22</port>
</destination>
<updated>
<username>root@192.168.5.204</username>
<time>1731518114.2801</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@192.168.5.204</username>
<time>1731518114.2801</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="2df05591-13e7-4d91-a1b8-d25e338ada5f">
<type>pass</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<descr>Allow ping</descr>
<direction>in</direction>
<quick>1</quick>
<protocol>icmp</protocol>
<source>
<any>1</any>
</source>
<destination>
<network>(self)</network>
</destination>
<updated>
<username>root@192.168.5.204</username>
<time>1731518356.7559</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@192.168.5.204</username>
<time>1731518311.7033</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="f2ee612c-c290-4445-8045-df82a86db0e5">
<type>pass</type>
<ipprotocol>inet</ipprotocol>
<descr>Default allow LAN to any rule</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
<rule uuid="b21f808a-6a4a-4cd6-9a83-1660cc8ea58b">
<type>pass</type>
<ipprotocol>inet6</ipprotocol>
<descr>Default allow LAN IPv6 to any rule</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
</filter>
<rrd>
<enable/>
</rrd>
<ntpd>
<prefer>0.opnsense.pool.ntp.org</prefer>
</ntpd>
<widgets>
<sequence>system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show</sequence>
<column_count>2</column_count>
</widgets>
<revision>
<username>root@192.168.5.204</username>
<time>1731534516.7156</time>
<description>/interfaces.php made changes</description>
</revision>
<OPNsense>
<DHCRelay version="1.0.1"/>
<wireguard>
<client version="1.0.0">
<clients/>
</client>
<general version="0.0.1">
<enabled>0</enabled>
</general>
<server version="1.0.0">
<servers/>
</server>
</wireguard>
<IPsec version="1.0.1">
<general>
<enabled/>
</general>
<keyPairs/>
<preSharedKeys/>
</IPsec>
<Swanctl version="1.0.0">
<Connections/>
<locals/>
<remotes/>
<children/>
<Pools/>
<VTIs/>
<SPDs/>
</Swanctl>
<OpenVPNExport version="0.0.1">
<servers/>
</OpenVPNExport>
<OpenVPN version="1.0.0">
<Overwrites/>
<Instances/>
<StaticKeys/>
</OpenVPN>
<captiveportal version="1.0.2">
<zones/>
<templates/>
</captiveportal>
<cron version="1.0.4">
<jobs/>
</cron>
<Firewall>
<Lvtemplate version="0.0.1">
<templates/>
</Lvtemplate>
<Alias version="1.0.1">
<geoip>
<url/>
</geoip>
<aliases/>
</Alias>
<Category version="1.0.0">
<categories/>
</Category>
<Filter version="1.0.4">
<rules/>
<snatrules/>
<npt/>
<onetoone/>
</Filter>
</Firewall>
<Netflow version="1.0.1">
<capture>
<interfaces/>
<egress_only/>
<version>v9</version>
<targets/>
</capture>
<collect>
<enable>0</enable>
</collect>
<activeTimeout>1800</activeTimeout>
<inactiveTimeout>15</inactiveTimeout>
</Netflow>
<IDS version="1.0.9">
<rules/>
<policies/>
<userDefinedRules/>
<files/>
<fileTags/>
<general>
<enabled>0</enabled>
<ips>0</ips>
<promisc>0</promisc>
<interfaces>wan</interfaces>
<homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
<defaultPacketSize/>
<UpdateCron/>
<AlertLogrotate>W0D23</AlertLogrotate>
<AlertSaveLogs>4</AlertSaveLogs>
<MPMAlgo/>
<detect>
<Profile/>
<toclient_groups/>
<toserver_groups/>
</detect>
<syslog>0</syslog>
<syslog_eve>0</syslog_eve>
<LogPayload>0</LogPayload>
<verbosity/>
</general>
</IDS>
<Interfaces>
<loopbacks version="1.0.0"/>
<neighbors version="1.0.0"/>
<vxlans version="1.0.2"/>
</Interfaces>
<Kea>
<ctrl_agent version="0.0.1">
<general>
<enabled>0</enabled>
<http_host>127.0.0.1</http_host>
<http_port>8000</http_port>
</general>
</ctrl_agent>
<dhcp4 version="1.0.0">
<general>
<enabled>0</enabled>
<interfaces/>
<valid_lifetime>4000</valid_lifetime>
<fwrules>1</fwrules>
</general>
<ha>
<enabled>0</enabled>
<this_server_name/>
</ha>
<subnets/>
<reservations/>
<ha_peers/>
</dhcp4>
</Kea>
<monit version="1.0.13">
<general>
<enabled>0</enabled>
<interval>120</interval>
<startdelay>120</startdelay>
<mailserver>127.0.0.1</mailserver>
<port>25</port>
<username/>
<password/>
<ssl>0</ssl>
<sslversion>auto</sslversion>
<sslverify>1</sslverify>
<logfile/>
<statefile/>
<eventqueuePath/>
<eventqueueSlots/>
<httpdEnabled>0</httpdEnabled>
<httpdUsername>root</httpdUsername>
<httpdPassword/>
<httpdPort>2812</httpdPort>
<httpdAllow/>
<mmonitUrl/>
<mmonitTimeout>5</mmonitTimeout>
<mmonitRegisterCredentials>1</mmonitRegisterCredentials>
</general>
<alert uuid="15f1e9ca-5dd5-4b20-b595-b6b4f82245d0">
<enabled>0</enabled>
<recipient>root@localhost.local</recipient>
<noton>0</noton>
<events/>
<format/>
<reminder/>
<description/>
</alert>
<service uuid="c1e99556-91f5-4dbf-81d7-7915a3213de9">
<enabled>1</enabled>
<name>$HOST</name>
<description/>
<type>system</type>
<pidfile/>
<match/>
<path/>
<timeout>300</timeout>
<starttimeout>30</starttimeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>91b4e409-211b-49d5-9fa3-dc9054106646,cbe9cb72-e8c2-4740-990c-abcc486b0654,c0708923-88de-4178-abdd-819737440ce0,e887125d-c5d2-45e6-b40d-2c400d5449d1</tests>
<depends/>
<polltime/>
</service>
<service uuid="7513f341-7d21-4f11-903f-30d07b3aa41e">
<enabled>1</enabled>
<name>RootFs</name>
<description/>
<type>filesystem</type>
<pidfile/>
<match/>
<path>/</path>
<timeout>300</timeout>
<starttimeout>30</starttimeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>cc3684f2-701e-4de4-883d-803e08cf47b6</tests>
<depends/>
<polltime/>
</service>
<service uuid="f99ada79-ba1a-4ee1-81f1-ef570e8e5ea9">
<enabled>0</enabled>
<name>carp_status_change</name>
<description/>
<type>custom</type>
<pidfile/>
<match/>
<path>/usr/local/opnsense/scripts/OPNsense/Monit/carp_status</path>
<timeout>300</timeout>
<starttimeout>30</starttimeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>f2d734cb-2a0e-4375-9460-11bdd5b20503</tests>
<depends/>
<polltime/>
</service>
<service uuid="dca8a81f-d389-4baa-b477-8b348194fd25">
<enabled>0</enabled>
<name>gateway_alert</name>
<description/>
<type>custom</type>
<pidfile/>
<match/>
<path>/usr/local/opnsense/scripts/OPNsense/Monit/gateway_alert</path>
<timeout>300</timeout>
<starttimeout>30</starttimeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>865105a2-cbea-4a01-9979-c67818da9d99</tests>
<depends/>
<polltime/>
</service>
<test uuid="ea6b821c-4f30-455b-bd5b-23a6f0c20554">
<name>Ping</name>
<type>NetworkPing</type>
<condition>failed ping</condition>
<action>alert</action>
<path/>
</test>
<test uuid="16186b38-0e13-4cc3-ad18-ccc3fcc91837">
<name>NetworkLink</name>
<type>NetworkInterface</type>
<condition>failed link</condition>
<action>alert</action>
<path/>
</test>
<test uuid="69117d4d-8c41-4712-97c0-87b4fa7c9837">
<name>NetworkSaturation</name>
<type>NetworkInterface</type>
<condition>saturation is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="91b4e409-211b-49d5-9fa3-dc9054106646">
<name>MemoryUsage</name>
<type>SystemResource</type>
<condition>memory usage is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="cbe9cb72-e8c2-4740-990c-abcc486b0654">
<name>CPUUsage</name>
<type>SystemResource</type>
<condition>cpu usage is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="c0708923-88de-4178-abdd-819737440ce0">
<name>LoadAvg1</name>
<type>SystemResource</type>
<condition>loadavg (1min) is greater than 4</condition>
<action>alert</action>
<path/>
</test>
<test uuid="e887125d-c5d2-45e6-b40d-2c400d5449d1">
<name>LoadAvg5</name>
<type>SystemResource</type>
<condition>loadavg (5min) is greater than 3</condition>
<action>alert</action>
<path/>
</test>
<test uuid="c34aab30-9194-4667-b516-004b9c90c1c0">
<name>LoadAvg15</name>
<type>SystemResource</type>
<condition>loadavg (15min) is greater than 2</condition>
<action>alert</action>
<path/>
</test>
<test uuid="cc3684f2-701e-4de4-883d-803e08cf47b6">
<name>SpaceUsage</name>
<type>SpaceUsage</type>
<condition>space usage is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="f2d734cb-2a0e-4375-9460-11bdd5b20503">
<name>ChangedStatus</name>
<type>ProgramStatus</type>
<condition>changed status</condition>
<action>alert</action>
<path/>
</test>
<test uuid="865105a2-cbea-4a01-9979-c67818da9d99">
<name>NonZeroStatus</name>
<type>ProgramStatus</type>
<condition>status != 0</condition>
<action>alert</action>
<path/>
</test>
</monit>
<Gateways version="1.0.0">
<gateway_item uuid="a6ea102d-68bb-430f-af8b-269d52498fe1">
<disabled>0</disabled>
<name>WAN_GW</name>
<descr>Interface WAN Gateway</descr>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<gateway>172.17.0.1</gateway>
<defaultgw>1</defaultgw>
<fargw>0</fargw>
<monitor_disable>1</monitor_disable>
<monitor_noroute/>
<monitor/>
<force_down/>
<priority>255</priority>
<weight>1</weight>
<latencylow/>
<latencyhigh/>
<losslow/>
<losshigh/>
<interval/>
<time_period/>
<loss_interval/>
<data_length/>
</gateway_item>
</Gateways>
<Syslog version="1.0.2">
<general>
<enabled>1</enabled>
<loglocal>1</loglocal>
<maxpreserve>31</maxpreserve>
<maxfilesize/>
</general>
<destinations/>
</Syslog>
<TrafficShaper version="1.0.3">
<pipes/>
<queues/>
<rules/>
</TrafficShaper>
<unboundplus version="1.0.9">
<general>
<enabled>1</enabled>
<port>53</port>
<stats/>
<active_interface/>
<dns64/>
<dns64prefix/>
<noarecords/>
<regdhcp/>
<regdhcpdomain/>
<regdhcpstatic/>
<noreglladdr6/>
<noregrecords/>
<txtsupport/>
<cacheflush/>
<local_zone_type>transparent</local_zone_type>
<outgoing_interface/>
<enable_wpad/>
</general>
<advanced>
<hideidentity/>
<hideversion/>
<prefetch/>
<prefetchkey/>
<aggressivensec>1</aggressivensec>
<serveexpired/>
<serveexpiredreplyttl/>
<serveexpiredttl/>
<serveexpiredttlreset/>
<serveexpiredclienttimeout/>
<qnameminstrict/>
<extendedstatistics/>
<logqueries/>
<logreplies/>
<logtagqueryreply/>
<logservfail/>
<loglocalactions/>
<logverbosity>1</logverbosity>
<valloglevel>0</valloglevel>
<privatedomain/>
<privateaddress>0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10</privateaddress>
<insecuredomain/>
<msgcachesize/>
<rrsetcachesize/>
<outgoingnumtcp/>
<incomingnumtcp/>
<numqueriesperthread/>
<outgoingrange/>
<jostletimeout/>
<cachemaxttl/>
<cachemaxnegativettl/>
<cacheminttl/>
<infrahostttl/>
<infrakeepprobing/>
<infracachenumhosts/>
<unwantedreplythreshold/>
</advanced>
<acls>
<default_action>allow</default_action>
</acls>
<dnsbl>
<enabled>0</enabled>
<safesearch/>
<type/>
<lists/>
<whitelists/>
<blocklists/>
<wildcards/>
<address/>
<nxdomain/>
</dnsbl>
<forwarding>
<enabled/>
</forwarding>
<dots/>
<hosts/>
<aliases/>
<domains/>
</unboundplus>
</OPNsense>
<hasync version="1.0.0">
<disablepreempt>0</disablepreempt>
<disconnectppps>0</disconnectppps>
<pfsyncenabled>0</pfsyncenabled>
<pfsyncinterface>lan</pfsyncinterface>
<pfsyncpeerip/>
<pfsyncversion>1400</pfsyncversion>
<synchronizetoip/>
<username/>
<password/>
<syncitems/>
</hasync>
<openvpn/>
<ifgroups version="1.0.0"/>
<gifs version="1.0.0">
<gif/>
</gifs>
<gres version="1.0.0">
<gre/>
</gres>
<laggs version="1.0.0">
<lagg/>
</laggs>
<virtualip version="1.0.0">
<vip/>
</virtualip>
<vlans version="1.0.0">
<vlan/>
</vlans>
<staticroutes version="1.0.0">
<route/>
</staticroutes>
<bridges>
<bridged/>
</bridges>
<ppps>
<ppp/>
</ppps>
<wireless>
<clone/>
</wireless>
<ca/>
<dhcpdv6/>
<cert uuid="547102e9-23ba-48b8-8af8-64be61049e96">
<refid>6734d13fa9e4a</refid>
<descr>Web GUI TLS certificate</descr>
<caref/>
<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVSUhVRkpwc253VGtzYWRrZmRDNUp1SDhqWnZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5ERXhNVE14TmpFNE1EbGFGdzB5TlRFeU1UVXhOakU0TURsYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURKU1FlZ1RYckp5dDVWYmk0Rk9IeHJrOXhxQ21FRU54V2pINVVwNDBFK3hjUzZQU1NyCkNEclc3ZDlYcVJkOEpEZENtdGtLRGlMYWNaUzJMUm1abnd6VnRzZGtBR2pOYm5OM1hSNmlFajdGL0JnbVBlcDEKU2pJWnBTZzNkOS9YeHFPQTNZQllzTS9uUk9vWHlmTHcycFJOLzhHVjN3MHoxbVFZUitMZWI3UTFuc1c3dTJ5NworVHc5STZGU0J4bkdaR3RyUFl5NkVBb0NMdm1GQnFCYWxkWTQ2ejdlWjlIRkZXaE8ybWpaUzVPdTE3ZVozVHBxCnBRTVB1T2JxV3FyaE0xdjVjdmJodU5kREhNZ3ZVVFVnQ0RNK2FkS3dIc0dNNGw5ZGtOQTgxdGlJcXpzN1BqcjEKUm0wMlVuUXRneW8zY3hPRXVsYk9nU0hsdGhTMmtUMXE2UmhyemYvRGRJSEhta1RROGtwWVloWGc0VmpMQVdpSQpQbm9ncnZsRUlWMERhQ3ZEMjZiRkRDbVkxc29FbDV1NGtYanJScDRXK29NUVRHeG80NzFMQnNBMlh1Si82ZFJBCkJMVzh4dXBFODhEYmlrWW51NVdQaUp6ZXh4UVIyNU1FQVd6TCtKK0lubFExbmpMVWwyN3R0c1VQQ1VjL3c0NXoKcHBERHYwZnU0Nnp1S3EzY0VWRitiREsrQWdlT0Q2SXNzUjVRRTdFNVdkWjYrNWl6ZHB4eWdUeGh0L1k1RlBkSApHQjlCbDFrejR4bHRhczlvbmZrSDFkVHk3dzFNck43Z1l5WjgvS0pMWW9EY2NBOVFuNGt6bGtPeFVUMENuS1ExCmtWNk90aFRsVFgzK2duaUpJK3RXWUQ5bTRldXNzYWN1anpyWDl5TTNZcEloMnZqODJ0NHpPNjIrNFFJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRkJRZytucWI5QW9HSWtoTUxhNHFzWGRvY0JGcE1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVUlIVUYKSnBzbndUa3NhZGtmZEM1SnVIOGpadk13SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQUZqNlQ1MmRIUklVMHJuZDE0d2dob2tjUkdrK0hIQloyTGlDRHpUeUwKNHdCeTJ1ZXJXQWdvYUZzeUlNQzhwWTBhWlc4TFlSd1BtRVB0OXlUS09ZZzF0NWtOUnk2RkF5akszeis5TGZTQwoxRlFpb0pma3FHRnhoc1IxV1R5RjBGNmJmM2tZRDZ4OWw1dEdqMXF3SndrekZWZWcvZGNtUVhvRTBmUDRqSFFvCmgxWXdiZ3pTa084TzRLUVhuWXVRM3g0bWdoZnBvR0hQM2xINlcybDJlWHpqSzllRjJtUG1ZS0p1M3JpSnkvL3gKRzhQWXBYNlNTN3RoVnNNeHF3cGJHbURXQXRuSnNrSmVsNDI1WUdOYlZ4YTNPOHE3RWxLNGFoNXpmai8wRnVwTgo3SnlqMWQyZjZFck14WlFnUi9EdmlUVnhISytRY1lBRXBqU2ZmZzBrRStpS1BlN0VYTVk1VU1aZUFTK1ZteG1LCjBPOWxaQXNpWUlEMzkwVjNTaDZxYjhoL2xMZ0V2NCtSNUw1VEpFaldYc0dQSUpGaHJNSFJWR1lhV3JIYWx3eHYKNjE5NFlpSXBEaUlHSVVSWGN1U3dNcndIQzN0bms2QVo2OW5CczVXT1JYM0NxOVhRRnVrVlA5eUMxQnRuSmFwbQpubUMzK3NtTTErRjkxUXlkVXJtbUxPNUVwUmtTMitBcmRTSklUR1NRNWt4L3VLNjhzV0QzVVdNNVRibUxrcWdOCkt6djZjemVCbzJiVExDT0JKUWJ4STFCckRPTUFMSDlCdXdUamVXdUVtWE9TWE1lTDFsejdhL2JZKzJxa1BSOVAKTE5IekE2QXZlVmxucDNaeFdqMjZFK3dwYnU5cHBaY0QzRGVHRnRnZzVJbUJ2ZDNWbjJ6UVc4a1ZMT1ZBdllSawptdWc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
<csr/>
<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpSQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1M0d2dna3FBZ0VBQW9JQ0FRREpTUWVnVFhySnl0NVYKYmk0Rk9IeHJrOXhxQ21FRU54V2pINVVwNDBFK3hjUzZQU1NyQ0RyVzdkOVhxUmQ4SkRkQ210a0tEaUxhY1pTMgpMUm1abnd6VnRzZGtBR2pOYm5OM1hSNmlFajdGL0JnbVBlcDFTaklacFNnM2Q5L1h4cU9BM1lCWXNNL25ST29YCnlmTHcycFJOLzhHVjN3MHoxbVFZUitMZWI3UTFuc1c3dTJ5NytUdzlJNkZTQnhuR1pHdHJQWXk2RUFvQ0x2bUYKQnFCYWxkWTQ2ejdlWjlIRkZXaE8ybWpaUzVPdTE3ZVozVHBxcFFNUHVPYnFXcXJoTTF2NWN2Ymh1TmRESE1ndgpVVFVnQ0RNK2FkS3dIc0dNNGw5ZGtOQTgxdGlJcXpzN1BqcjFSbTAyVW5RdGd5bzNjeE9FdWxiT2dTSGx0aFMyCmtUMXE2UmhyemYvRGRJSEhta1RROGtwWVloWGc0VmpMQVdpSVBub2dydmxFSVYwRGFDdkQyNmJGRENtWTFzb0UKbDV1NGtYanJScDRXK29NUVRHeG80NzFMQnNBMlh1Si82ZFJBQkxXOHh1cEU4OERiaWtZbnU1V1BpSnpleHhRUgoyNU1FQVd6TCtKK0lubFExbmpMVWwyN3R0c1VQQ1VjL3c0NXpwcEREdjBmdTQ2enVLcTNjRVZGK2JESytBZ2VPCkQ2SXNzUjVRRTdFNVdkWjYrNWl6ZHB4eWdUeGh0L1k1RlBkSEdCOUJsMWt6NHhsdGFzOW9uZmtIMWRUeTd3MU0Kck43Z1l5WjgvS0pMWW9EY2NBOVFuNGt6bGtPeFVUMENuS1Exa1Y2T3RoVGxUWDMrZ25pSkkrdFdZRDltNGV1cwpzYWN1anpyWDl5TTNZcEloMnZqODJ0NHpPNjIrNFFJREFRQUJBb0lDQUNPNnZpc1BIY3pzb1NjK2dkWkU1dGNNCnZkc240UDFIenVRd0VzRUcrVG1zanVWMVBZbExrbkE4OU1DQmdDejEyOFpMcU51ZlUwSDkxK1Uzbjd2MGJ1bVAKd3BpR2R4UUNOMlpZaGZ2RWE5YW1qMTNZYjBJbks3b0FKbUdrT254NW91UFl6YlBRblBNRE9WK0VKa2JwTWRxZgptOHdmOWg2OXYzSk03bUZJS0UrOVVZR252UjhuMkhETTNwR3FONEhQS1A4MkE0RXlvQ2d2a1BTelRxc052bU5ICnBOY0RURW5rNlNsWUhUVDNOSzJjVnBldUhMUzUrazlqNWI5elhUSlE5TkpVZlN6bnEvUmFpMUZVNDY1K0xpUjEKMGVPWDdnajFWUExOcGgwcWtQQy9ubW0vZStVMmZXUGZZb2FDcWkrQ0VwU2twQXlQZ1FZZTJsSG0rYVU4MzZ2UQpuaHZuL0p5ZHJDL1NyTUFZaXpOZFYyZjlHTkNwcE1SbUZyOS9saVJiNEFpSzRLSDRETGdSRUxHaDJLNzJuOFRLCkxUSVhIV3RacisyMWU4c0Mxbm5MSENnK21wMHBvSWJsbEtoYk9VTmVxR09yWm95NFBXdDZMQndFYzN0MG1wVEMKODhiSUpqMzFCQngzTGE1SUE5b0FNRi9lbHJYdFhhVnl4bm5yTHdjYzFNVWpCV20rZDVqbC9WOEdIcEJRd3pXYwpPNWdNSXlQNUIvdzBacUcyZjV1akZkOHo4dElmcEFRRTJSbDNxRUFYNU1NY1JQaFlTNDJqTWl4czc3TmtOVldQCkpqUVoxVDVXQTVKOUxEL2FKRkplQ2MvbjhpNldOQ3FzdEQ5OVNPTCsrTTBFQTlka2lLNWtOcXFZeXZuRG9SZVcKSW84eXhvVnpObURsWjBkSU9UUzlBb0lCQVFEb2tvMWxPS05FNlBWWmRRU3lmS0JOTEZNcEl1V1VVZmp0ODU4awpJTTB0TnNyS0d2N3NmYkt0dlMvOWgwMGluU2FyWTJ4amVETG91WEI5VzdKY1B1NjRoNHYwek1lbXRhdDRyTUJnClA5bkQ3MW00dERqS2ZrZDAza2tUbk4ySTBxYkwzeFVoTjNEQlJZTU9veDFMa2M4MFFFMHhSUEM1YmRJaXcwemEKTWdtK1dOZVY1VEZoSkpQZ2dVRVo5U1A2aWV1VEY0OW9wRGNWdGUwQ0I0WnFUaTRWb3YvZFVDWGpNK0djRnNWdgpPWTZYTE9KTmRldHdnUVNkd1hlSzB1WlBpWnVKTGlsTEg4OFVKYWNoQThDZW1SclMxRUtxWElwK2dkQWV4MnhVCmY5amRMMGF2SlJEY0xqWlhETXBvWlJpc0JoWVArZzY3VHZza3FscDh4M2p2STlWVkFvSUJBUURkajZrdWNLM0MKYXprMzlqYllvM3RFZ0R5L2VGNnBjWFlpK21Ba1ZNRk9vSWJ5cmNyN3BqSnRMNFMyMEFDRmpBUGFQT042dWVVWQpQQm92dC9QODB1V1c5cGZCK29mRmdadzRqc3hLWFY4eEJmOVdLWVZndFBsOHhIL1RJcERTMjhVTlowNDlhUW4vCjlCRzNac0lyenk3RzFLRTZPLzBMMnVmMnFyaUxxRFQyV3dsdFVsbWs2Ym5NeThkR0sra1JLcFhvSm1RTlNHRHoKOXd4blU2ZmZ1NDdDLzRYMHRIVk1MVFVneFh4djdqN3BpSzI4dzBuZ1N5S3ozV0IzWTJwaFVsZEJIdEprQko1RQpoRm8zMXJCVDU5enhkb2crYXh1bkh4S3EySGFHRkt0ZUZ6RGpkTTFpQzE3bWNtWXBzR2tuenA0cjRjZm5FYTFSCko4Wmo5ZVFQaEVOZEFvSUJBUUN3d2hsbXNkb2MySFVJVFZDSm13QjJSdGJaYitWT2lkS0lmdDBYcHpwcFA3aDIKVEhndEl3ZDIxayt2LzNJWGVaclhMWlJHTVNkNEN1QTgxa0ZEckt6Z1lGeDFiR0hkQ1R2T1ZuVkxjWnUvTjUxWQpMTmp3eFhMbmxyMnhnMG8zMytuWERyQlBjNFJsejcvZ2t3WUQxa2pGckkwK2dlZjI5a2w4RkRUSHJMb05DaGFuCm5PNmZweDRneGZ2Rmo3T05pZDhhQnhEK2RiaEw3dDIzNmlJMWp6K2xRQ0g0Z1I2YWhHYldxOVBZU2NWZWprVmMKbTkrWnZPVFdSU0RteUkwMExDQ2k3UXVEUmlTcmFrYVFaL3F3VHlxOHk0ZnpWS3dKby8yYU52VFZiK2xSaWNuTgorWHpMNnU5dno0L1NNZXZEYWtqQVVjdDZmbmVQa1UxK2dsZ2VZSHlWQW9JQkFRRFJtYW0wVEZhbFdXaHMvNWtOClEwTkhINFhZb1JmMGRta0xXQStCNzBoY2lOS0JYRlp0ME9GZGw1bVdsSm9adk1hY1BBUDd3MGJ1c1ZVWWxZN1YKTy9LRTZVM1I3WjlxQWw1Mnh1aU81Vnc3ZFhBRDVBM1EyZ1EzdTNFdG5VS2lwOVA0QlNYb1JLbDRJVDV0WVdJSgpyZHVUciszQ3VLT0FCcHh4Snpxa3JBRkdtZ01HRCtUTWRXd1hTU1NBeHVPYklNMW1MSU4wYVdlSEJNMFFKdnptClZIb1BFVXA1b0FwamdWVUVacTk4K0VjK0NOWkxmL2d3bndQNllsQnpRWEtQRlNXRWJwTWNtWjNjTmRWZmc5T1YKM1FDUTBkQzhNL21hRlhSRWVibE95TmtCanpEcHpVTExJUFNyVDhoRVlpWm95VGVyVGRJZVVBUEZoYnBTTUhtTApFRlhsQW9JQkFRQ0VUdVJQRHZvMC9tdDhyTzhLNENsamtuU0gxZ1FBSjFha3U3UXg3NUJUTDB6OWRNY2lMK1JLCng1R1lFTW1wcUtNb2FPbWc0WFVRMVRlQ2Vic1R0NjMyWXp6cmNCU0d1RzVnN1o0UUVublUzRXU5QklIMUVSL2gKSEk0NWowU0xNRUpObkNiTkpnRVNRRUFCbzN3cHhrRTdiRGlNdTVPOXVqMlFRVTlTTm94QkFmbVFXRDJJaU1BRQpWYzV3QTNZajBMdElSYkJmdzNBTE9uNlRSc2xucy9JMnd2Z1RCQW9sU3NZbEtEK0NRY3hDZldlNmZwU21aYmlCClBGUE9DY1ZQTXhGeXBhZWFJMkRXNWRPNFNoNGQ0ZlZma2F3ck9LN1N2QnFZb0Y5L2VndThzQS9ZdklaRVltQUQKd0ZIOGs1QjJ4WXdiNkVmNmFFQ29ZTitsNWtlWmhNWTgKLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
</cert>
<cert uuid="cad18e13-92c5-48b6-9b44-ad2e5dcc799e">
<refid>6734d6c82dc59</refid>
<descr>Web GUI TLS certificate</descr>
<caref/>
<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVZkNETXpFclQ4dlVoenJaTVJta3JiT3dnSUdNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5ERXhNVE14TmpReE5EVmFGdzB5TlRFeU1UVXhOalF4TkRWYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURMc0xEbjRta1R4RXJYdHdqTXoxencyeHJhNTZ5bTYrYzlRNEM3UjMyMzVuWjVPM1ovCnczL2tNV2Y5L25GbGpnMkFXWERJSmNXZjk0NFJFblFMdmlha2NNTHR1Qm1KTVRYZnVQWnhsSWE4Wlc0S0ZuT20KVFM0WXFCVzhHQkpJd0xtQ2kxb2RoWXhmUEQ2TFdEZnZYMm1tWEIrUFNxL0l4WEhOSjdxZVB4YzVuSzUyMW1uNQpuQ0FtZFBDY2JmdmdXdUM2TnhWbXpkeXpta1QvNnVqRUJFYTZ6RkQyUUtDN1N6a2ptZUNpd2VDQjc5NjZqeEV5ClFrVlFqYlQ5MFlyeENvdE8rbTJIQU5QZHNjT3FvNldXMEhmSlNpa2k4K2NDWHlzbGRFSzFZbmxueTNFWlVqTEwKVmplRS9XQVU0Q1BZUmhYVFVGVTIxZFV2azNvYUVpeldVdmhKc1FHYnh2aFRUQlN3aVliOUQ3Ymx1MWl4UzJxNwo3Mzk5VWdRN3FTNUFhOElHbXA4NUNoUUlBWUVjSTd6RGVWTGtrOGpkWkFCaTdGbDl0M05OQTU3WlVZVzErWE45CitUZ3ljMTlTbGoxVW1RdkRvekxCQzk5TVJpLzREQTIxRFpIODY3ekFYenFqZWUrckorQkZvNzVEQjlqd2tMTmUKUGVpemxRenRIWmpSU0tnaWdSNU9KSmtSVHIvNjduaTBtbzVITGNkU3hBSDFmdXdXS0hWS2RHQlQrNjhhYkUrZwprUSsrVDhMenVhK1FtakxOUVFqMVJCSFYzSzVQL3dvbXJKZG02d1ZLbm85RXlNait4azFwS05wb0F4UnR1WllmCkNEVVVQWjR1cEJtbzBLN3dGNHdtV3VXYSttVndlb1ZTcDRXMEhOWVJGU1pyWWxrc1AzdWViSHcva1FJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRktidDd0QkRKN1daV1lMblQ5cEhTMklPdTg1TU1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVWZDRE0KekVyVDh2VWh6clpNUm1rcmJPd2dJR013SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQWNQbmllQ29FSmRjV25CVHdqRmE3bjZqTFMrZ1pUYUk2ZjAzWktQMFYKQ0pSaDUxWTNwb2dpcnJYcVNHQ1VGTVNHbGpsQ21mU2VhdW9GWFYwanZLejhnMGZ1NU9kYlhjd2FrZFBZSXgydQpVT0dMbllTaEdCNlpoMmhpWWdSVGFpemJoTVliQitzQkV4QU1CdHZRZElSZ3dBWkRNWE9jY0MwZnJaMFhRRlRFCnQ3by82VGYvZEprdnB0cmRYWW1INnFUWlA2MGxyTnlabVloTjc1NEluOFZLRVVSRWNZamg1ejlJanA1NTE1cU0Kb0VrSGNKbTBDNkh2VStETG1ybFpFYkV4bnVOMFQzWTBNZ0hiVFVhU2Y1L2FKVmlIM0dOMnMzbG1ZM0VXTS9Vcwo3azFyc2JTa2orZzJvQXlTcjU0Nlc4RkdaMjliZFlOYk1EaTQ4aXVRQWlzRlQrTGZXN3Y3RVl3WGJ3NUhSVkpNCjV2MlhnenJwN2Yxa08zckEzeXUyS1VSSktHdjJ1ZXhNSythb1VOZXhRT3ludmZGUTBCemRHQ1dlcmVvZTZ3bDMKbHc4Z2dCWDI1VGIxbzR3d1UzNXdtUUIrMC9rbjB0SXoveVBhY2JzbDAwZ0dJNFhTbWpRQmF0MUZYRHFEME1JMgp4S0RqMXZ2dkNTVnRKc09ESG95eDhLc3ptbno5UVFoV0ZNeC9LTXp1clh0OWtsWFRJc0t3d2NXMytZQWtQMzNaClgvOGJnZS8zK2RibTdNN3BndmFBNVFlU3VTbkwzNjdLT1g1NlNZNGFZWHhkc1haVDc0ZGxVRU1jbG9NU0NIOG4KR25QWlpyWTNHdnZaU2ovQWdqT2lDNHNBL2JSSmh4cCtUQndlRFByR0pFUEJFVW9sZEZHVXdraFJXMVVuRlc2YwpyTGM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
<csr/>
<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRRExzTERuNG1rVHhFclgKdHdqTXoxencyeHJhNTZ5bTYrYzlRNEM3UjMyMzVuWjVPM1ovdzMva01XZjkvbkZsamcyQVdYRElKY1dmOTQ0UgpFblFMdmlha2NNTHR1Qm1KTVRYZnVQWnhsSWE4Wlc0S0ZuT21UUzRZcUJXOEdCSkl3TG1DaTFvZGhZeGZQRDZMCldEZnZYMm1tWEIrUFNxL0l4WEhOSjdxZVB4YzVuSzUyMW1uNW5DQW1kUENjYmZ2Z1d1QzZOeFZtemR5em1rVC8KNnVqRUJFYTZ6RkQyUUtDN1N6a2ptZUNpd2VDQjc5NjZqeEV5UWtWUWpiVDkwWXJ4Q290TyttMkhBTlBkc2NPcQpvNldXMEhmSlNpa2k4K2NDWHlzbGRFSzFZbmxueTNFWlVqTExWamVFL1dBVTRDUFlSaFhUVUZVMjFkVXZrM29hCkVpeldVdmhKc1FHYnh2aFRUQlN3aVliOUQ3Ymx1MWl4UzJxNzczOTlVZ1E3cVM1QWE4SUdtcDg1Q2hRSUFZRWMKSTd6RGVWTGtrOGpkWkFCaTdGbDl0M05OQTU3WlVZVzErWE45K1RneWMxOVNsajFVbVF2RG96TEJDOTlNUmkvNApEQTIxRFpIODY3ekFYenFqZWUrckorQkZvNzVEQjlqd2tMTmVQZWl6bFF6dEhaalJTS2dpZ1I1T0pKa1JUci82CjduaTBtbzVITGNkU3hBSDFmdXdXS0hWS2RHQlQrNjhhYkUrZ2tRKytUOEx6dWErUW1qTE5RUWoxUkJIVjNLNVAKL3dvbXJKZG02d1ZLbm85RXlNait4azFwS05wb0F4UnR1WllmQ0RVVVBaNHVwQm1vMEs3d0Y0d21XdVdhK21Wdwplb1ZTcDRXMEhOWVJGU1pyWWxrc1AzdWViSHcva1FJREFRQUJBb0lDQUFzc3hPL2IzSTd3a0hpWU9wdmQ3b2ZxClJXVm9HM0ZHOVBkSCtrcU1DQW9zVXlpZ2lnWkZhQUZSY3BhZFBJUnBVRFZQOHQrUUx2RHhTSEtJVkNTR3lLRHgKN01mVTkxV3ZCUGtpc1NhWEV2TklEMHJ2WTJYbXl4WWdOcDBNcHdnbHhxZXlWSDNWSTFmZ09zQXpWVkpGSmtzeAp0NnVKV2U2R1lwRnlVZ3MzZytNdHhPYVJLZHcvWkFZb0dVRkR5WE5NR1JNdVRYYkg2WWxTOStFZ2RxZTJZbGtDCk41amkvODUydUlwSytXZUVnbmd1ZkVZNDdpVVhQSzFJTVB0UjRURUxOb3hkTWVBYnZBUG9La2QwMWZOWnVaQ3EKQ0dxNS9kMEQ4cDZKNjlUK3M1RnR1R1UrdkxtcUg3NmtsZjVmTTZnOFpCc2xSNStNQ0xlay9DaHRBZGU2VXBQRApXQ2EwazU3dmdneUdQdGVlVXY2RVJBMEp6SjlJd2VHZGdVWHhNdW5LK3ZSNWYydWJKWFJoMVJpNTNFSTNvVUxYClFvWm9hOTY3VzNUajQ3UzR2RlQyK2dLb0g2OXlNckdVNVkwcjJrSTFXMVVhWEJ1aVVrMi94amdyWVdTblUzUUQKZkM3ZXllTlNlN3c4UW9MMVBEYXJwVXdaK2xGZ0w3NFVScldLQU12WVhxa3NTMHVtb0tTSWo4cjZMM0hVSUVaUgpZRzhBTU91dFhrQk5lMkNpTXRKM2NYUXNIOWloQU9QL3AvaE9BTTBGNkM3Ymt1Vm85d1pRdDVESWxRWUl4TlArClFRZ2doRnhBNTlTWmpwRk00QkN5L0hEOENJY3VuSURZOVNlbXNSYXdyUVY1eGk1akFScVdOYTdBSVMvVlArdUUKQkpmS0dDNFlZVmxqS1VLeEgxVUJBb0lCQVFEcnZOWXNrd3ZhQ2Z6MlcvbkIrRjNjVE1RbjM2RENSYnZwQ0s1dApldm96TjJGbjBJdWFnN2RrYzN2NTFxTVNEd0h1cVNkVTRHUHZMcm83alpJaFNEZ1AwLzBLWmc0VmxtZE5HbEovCk1lcXhmOGRkOFdTQjZiUksrK2FRcEhaeDd2SUFTWkE4eHkvZ3F2NGJpSmlqVDhUQ2lSeXdYSTQ0ZlRYM0xLZTIKVG1Uc29XNk9yQmErSWJRYjBpTEh4WE4rZ3JDM0cxWWxIUlNvTEpKUkU0eFVLMGsvM1JLNU16RjRIYUNZb1BWOQpDOFpQellMR253SE9ERU8zbHRtSGJvQUNFa0VrT2dFV3U4RFo2YlYrMXJBcVh6WnN0L3hNZnJ5KzlMRVdYQUwvCkRnOEdkall0YzdyUTFZd1BIY1h6cFo2clVIdXh2K0p6VEE1ZzNCS1p6aWhwNFdHaEFvSUJBUURkTXE3N0dRWGMKYW5hYlMxanlFT3VzNFp5ZlJ4cW10NEVFaHZjY0dRVVVrV0IrWk11bnpyaENxb3ZwQ1dhVU9zWVhuNG45Y3BQSAo3bm1mOUJHbFI4NVhCVHNLM2d4bE5NMUhjSGFTNXZSem9WQVBNd3o2VVV0ZFNLWXRLR0Q3Wkxmbm9ISXN1SlEzCnJ6WWIyTFhpVmx6MWlNNUVmT0VrL1J5UjBwMGtleXVwa0F0OXBRV0hzaURYb0pibDE2d1ZLc2NDNGUzNjdRRWsKcFdoeXcyS3A4bXdtOGxqQllxZWtHdUREeGVZSDMzMVlGa2FMUEJCT2xPQnlveFlOUDdBVVREUlV3KzB1T01jNwozb0N1VE9jWnAxVWMwQURBOXRTRVRINklWdlFEUXZlYzR6MWRTVGRmUEkxRzVUTCt4Mzlvam5OcGVoYng0bEwvCmRxTTBmcFlPL2ZmeEFvSUJBRmwzOU8wNzdjNlY1ZHoyY1djTnhVbThGT0p4UEVrZlFEOGtYVmNOeW5HdnZoY3gKamhwWmpUdmhuSmJvd0VFMVV1MXFZNVFTQ2J1WVIzUWN1ZTVKdzRVMlZwNGd0NDIzNUlMZHo1dVlyVk1xaE5jQgpxN3ltbnhlcVhRcGVjTm15NzBQdXA0QjV0SkVYTkpQc2xzbThsNWVoaERMbkhjOFFybStlRWhUZDBlNEJJcjJoClVJeGVyRVcyemg1MXNPeTkyeVhUaVRGU3hTbENxVkYrRXM5TEVtVGJtYVNTYWw4RkY1TjEyMVhYSnkvWWRwNjkKY0dqc1BMTXIzR2xMSmVnalYzZlJUK0o1NWFxT3lhUlhCTXRBRVo3WGdUampETzJJWHNGMnNHaHV4SU1XVUYrVgp3YnhLbi9xSXVUMU1pVmpKbGZpVE0vWEFVdUN1QlowOEloaDFRcUVDZ2dFQUZwdzJySzRMSGxPM21mb2l0bU9xClkzcVFVdXVtdXNIcEt6aE1qQSsycURxUC9YdDZJY1lNcWF2YkwwL3ByMTh1bm4yTlVsM2k0ejNxS3NKOUIwTUcKd1hoa1o2RDQ3V052VkUwWG9iNS80RTN0N0EvUTFNbDRoYW1HYXZsRXFJM01DcDRvN1k5VWZ6aW10RVA3bTQ0dQpaRjYranR1ZysvSHZlS3hwcWEvNWI1U3N5QVFWUTZDZW9Ndm1nTW9CNmd2OFdid1VZbURWakJSb1Q4clBEQVllCnJnQjV1QkxJaGdyRlROMnV2TUZJZzdlTE1ISk1UR3dGWVZKd1Q1eGgrRUV0M0RoR3gwSEFnOHNqcGkxd05md1gKeENFeTRvYVloSWw1S2FDUndyK1dwZS9JZHYrajdGVTVMN1QvK0hFV0FlOEZ0eE5td3dUYWJRaUllRFkwU29ZRgpVUUtDQVFFQXRiclZqbTFsaDQ1REhIWnVsem4xNllIQzJrMUYwWG9FZFVSQ3o0QTFsMHBEK3ljL2srdmJ0Qmg0Cm1RRDV1a3FicHFFZy9GNUhDZmdOaHlieHNNdVV6NzFaU24zN2dwczNDWUdiUyt4RkhjZTJBakNTbUlYQWIxQjgKR0Z2WnV4UlB5QXU0YVBvT1J3RzM3NVBOM0VNNk83bzdxbjlYeExTZWRIMHExM2U0YkhYYm4rc2xOa1RIM2xmcwpLVnBOUUhVSUNDSW5vQ0llV1dwdnAwQnFoYjlKclRsbXd2c25zOHpZVDNiY3F5QXZHZGRnNUs3Y0MwRVJaem9ECnFJTkI3S05FVjQ1NmF0eDZVT3VYUlpKREMvaHNJUTZNaVBveUJacHRsK1ZIMEtQbEFIWGExb0FXZmNuL0U3MFYKK0RaeVBiMWxkQUdpb1hqditGd2h5VzZlWEVrQlBnPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
</cert>
<syslog/>
</opnsense>

View File

@ -0,0 +1,994 @@
<?xml version="1.0"?>
<opnsense>
<theme>opnsense</theme>
<sysctl>
<item>
<descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
<tunable>vfs.read_max</tunable>
<value>default</value>
</item>
<item>
<descr>Set the ephemeral port range to be lower.</descr>
<tunable>net.inet.ip.portrange.first</tunable>
<value>default</value>
</item>
<item>
<descr>Drop packets to closed TCP ports without returning a RST</descr>
<tunable>net.inet.tcp.blackhole</tunable>
<value>default</value>
</item>
<item>
<descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
<tunable>net.inet.udp.blackhole</tunable>
<value>default</value>
</item>
<item>
<descr>Randomize the ID field in IP packets</descr>
<tunable>net.inet.ip.random_id</tunable>
<value>default</value>
</item>
<item>
<descr>
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.
</descr>
<tunable>net.inet.ip.sourceroute</tunable>
<value>default</value>
</item>
<item>
<descr>
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.
</descr>
<tunable>net.inet.ip.accept_sourceroute</tunable>
<value>default</value>
</item>
<item>
<descr>
This option turns off the logging of redirect packets because there is no limit and this could fill
up your logs consuming your whole hard drive.
</descr>
<tunable>net.inet.icmp.log_redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
<tunable>net.inet.tcp.drop_synfin</tunable>
<value>default</value>
</item>
<item>
<descr>Enable sending IPv6 redirects</descr>
<tunable>net.inet6.ip6.redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
<tunable>net.inet6.ip6.use_tempaddr</tunable>
<value>default</value>
</item>
<item>
<descr>Prefer privacy addresses and use them over the normal addresses</descr>
<tunable>net.inet6.ip6.prefer_tempaddr</tunable>
<value>default</value>
</item>
<item>
<descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
<tunable>net.inet.tcp.syncookies</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
<tunable>net.inet.tcp.recvspace</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
<tunable>net.inet.tcp.sendspace</tunable>
<value>default</value>
</item>
<item>
<descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
<tunable>net.inet.tcp.delayed_ack</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum outgoing UDP datagram size</descr>
<tunable>net.inet.udp.maxdgram</tunable>
<value>default</value>
</item>
<item>
<descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
<tunable>net.link.bridge.pfil_onlyip</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
<tunable>net.link.bridge.pfil_local_phys</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
<tunable>net.link.bridge.pfil_member</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 1 to enable filtering on the bridge interface</descr>
<tunable>net.link.bridge.pfil_bridge</tunable>
<value>default</value>
</item>
<item>
<descr>Allow unprivileged access to tap(4) device nodes</descr>
<tunable>net.link.tap.user_open</tunable>
<value>default</value>
</item>
<item>
<descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
<tunable>kern.randompid</tunable>
<value>default</value>
</item>
<item>
<descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
<tunable>hw.syscons.kbd_reboot</tunable>
<value>default</value>
</item>
<item>
<descr>Enable TCP extended debugging</descr>
<tunable>net.inet.tcp.log_debug</tunable>
<value>default</value>
</item>
<item>
<descr>Set ICMP Limits</descr>
<tunable>net.inet.icmp.icmplim</tunable>
<value>default</value>
</item>
<item>
<descr>TCP Offload Engine</descr>
<tunable>net.inet.tcp.tso</tunable>
<value>default</value>
</item>
<item>
<descr>UDP Checksums</descr>
<tunable>net.inet.udp.checksum</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum socket buffer size</descr>
<tunable>kern.ipc.maxsockbuf</tunable>
<value>default</value>
</item>
<item>
<descr>Page Table Isolation (Meltdown mitigation, requires reboot.)</descr>
<tunable>vm.pmap.pti</tunable>
<value>default</value>
</item>
<item>
<descr>Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)</descr>
<tunable>hw.ibrs_disable</tunable>
<value>default</value>
</item>
<item>
<descr>Hide processes running as other groups</descr>
<tunable>security.bsd.see_other_gids</tunable>
<value>default</value>
</item>
<item>
<descr>Hide processes running as other users</descr>
<tunable>security.bsd.see_other_uids</tunable>
<value>default</value>
</item>
<item>
<descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
and for the sender directly reachable, route and next hop is known.
</descr>
<tunable>net.inet.ip.redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum outgoing UDP datagram size</descr>
<tunable>net.local.dgram.maxdgram</tunable>
<value>default</value>
</item>
</sysctl>
<system>
<optimization>normal</optimization>
<hostname>OPNsense</hostname>
<domain>localdomain</domain>
<dnsallowoverride>1</dnsallowoverride>
<group>
<name>admins</name>
<description>System Administrators</description>
<scope>system</scope>
<gid>1999</gid>
<member>0</member>
<priv>page-all</priv>
</group>
<user>
<name>root</name>
<descr>System Administrator</descr>
<scope>system</scope>
<groupname>admins</groupname>
<password>$2y$10$YRVoF4SgskIsrXOvOQjGieB9XqHPRra9R7d80B3BZdbY/j21TwBfS</password>
<uid>0</uid>
</user>
<nextuid>2000</nextuid>
<nextgid>2000</nextgid>
<timezone>Etc/UTC</timezone>
<timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
<webgui>
<protocol>https</protocol>
<ssl-certref>6734d6c82dc59</ssl-certref>
<port/>
<ssl-ciphers/>
<interfaces/>
<compression/>
</webgui>
<disablenatreflection>yes</disablenatreflection>
<usevirtualterminal>1</usevirtualterminal>
<disableconsolemenu>1</disableconsolemenu>
<disablevlanhwfilter>1</disablevlanhwfilter>
<disablechecksumoffloading>1</disablechecksumoffloading>
<disablesegmentationoffloading>1</disablesegmentationoffloading>
<disablelargereceiveoffloading>1</disablelargereceiveoffloading>
<ipv6allow>1</ipv6allow>
<powerd_ac_mode>hadp</powerd_ac_mode>
<powerd_battery_mode>hadp</powerd_battery_mode>
<powerd_normal_mode>hadp</powerd_normal_mode>
<bogons>
<interval>monthly</interval>
</bogons>
<pf_share_forward>1</pf_share_forward>
<lb_use_sticky>1</lb_use_sticky>
<ssh>
<group>admins</group>
<noauto>1</noauto>
<interfaces/>
<kex/>
<ciphers/>
<macs/>
<keys/>
<keysig/>
<enabled>enabled</enabled>
<passwordauth>1</passwordauth>
<permitrootlogin>1</permitrootlogin>
</ssh>
<rrdbackup>-1</rrdbackup>
<netflowbackup>-1</netflowbackup>
<firmware version="1.0.1">
<mirror/>
<flavour/>
<plugins/>
<type/>
<subscription/>
<reboot/>
</firmware>
<dnsserver>192.168.5.1</dnsserver>
<language>en_US</language>
<serialspeed>115200</serialspeed>
<primaryconsole>video</primaryconsole>
<secondaryconsole>serial</secondaryconsole>
</system>
<interfaces>
<lan>
<enable>1</enable>
<if>le1</if>
<ipaddr>10.100.8.1</ipaddr>
<subnet>24</subnet>
<ipaddrv6>track6</ipaddrv6>
<subnetv6>64</subnetv6>
<media/>
<mediaopt/>
<track6-interface>wan</track6-interface>
<track6-prefix-id>0</track6-prefix-id>
</lan>
<lo0>
<internal_dynamic>1</internal_dynamic>
<descr>Loopback</descr>
<enable>1</enable>
<if>lo0</if>
<ipaddr>127.0.0.1</ipaddr>
<ipaddrv6>::1</ipaddrv6>
<subnet>8</subnet>
<subnetv6>128</subnetv6>
<type>none</type>
<virtual>1</virtual>
</lo0>
<wan>
<if>le0</if>
<descr/>
<enable>1</enable>
<spoofmac/>
<ipaddr>dhcp</ipaddr>
<dhcphostname/>
<alias-address/>
<alias-subnet>32</alias-subnet>
<dhcprejectfrom/>
<adv_dhcp_pt_timeout/>
<adv_dhcp_pt_retry/>
<adv_dhcp_pt_select_timeout/>
<adv_dhcp_pt_reboot/>
<adv_dhcp_pt_backoff_cutoff/>
<adv_dhcp_pt_initial_interval/>
<adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
<adv_dhcp_send_options/>
<adv_dhcp_request_options/>
<adv_dhcp_required_options/>
<adv_dhcp_option_modifiers/>
<adv_dhcp_config_advanced/>
<adv_dhcp_config_file_override/>
<adv_dhcp_config_file_override_path/>
</wan>
</interfaces>
<dhcpd>
<lan>
<enable/>
<range>
<from>10.100.8.10</from>
<to>10.100.8.245</to>
</range>
<staticmap>
<mac>d8:5e:d3:e7:2c:8c</mac>
<ipaddr>10.100.8.15</ipaddr>
<hostname>rtx4090</hostname>
<winsserver/>
<dnsserver/>
<ntpserver/>
</staticmap>
</lan>
</dhcpd>
<snmpd>
<syslocation/>
<syscontact/>
<rocommunity>public</rocommunity>
</snmpd>
<nat>
<outbound>
<mode>automatic</mode>
</outbound>
</nat>
<filter>
<rule uuid="f79eded0-3c11-4f57-9aaa-55d4888589fa">
<type>pass</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<direction>in</direction>
<quick>1</quick>
<protocol>tcp</protocol>
<source>
<any>1</any>
</source>
<destination>
<network>wanip</network>
<port>80</port>
</destination>
<updated>
<username>root@192.168.5.204</username>
<time>1731518072.7612</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@192.168.5.204</username>
<time>1731518072.7612</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="4a5e7b65-0d7f-4452-8a29-2ec61a47ec19">
<type>pass</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<direction>in</direction>
<quick>1</quick>
<protocol>tcp</protocol>
<source>
<any>1</any>
</source>
<destination>
<network>wanip</network>
<port>443</port>
</destination>
<updated>
<username>root@192.168.5.204</username>
<time>1731518084.0639</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@192.168.5.204</username>
<time>1731518084.0639</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="0465308d-8605-466c-bcb4-95eeb989251a">
<type>pass</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<direction>in</direction>
<quick>1</quick>
<protocol>tcp/udp</protocol>
<source>
<any>1</any>
</source>
<destination>
<any>1</any>
<port>22</port>
</destination>
<updated>
<username>root@192.168.5.204</username>
<time>1731518114.2801</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@192.168.5.204</username>
<time>1731518114.2801</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="2df05591-13e7-4d91-a1b8-d25e338ada5f">
<type>pass</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<descr>Allow ping</descr>
<direction>in</direction>
<quick>1</quick>
<protocol>icmp</protocol>
<source>
<any>1</any>
</source>
<destination>
<network>(self)</network>
</destination>
<updated>
<username>root@192.168.5.204</username>
<time>1731518356.7559</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@192.168.5.204</username>
<time>1731518311.7033</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="f2ee612c-c290-4445-8045-df82a86db0e5">
<type>pass</type>
<ipprotocol>inet</ipprotocol>
<descr>Default allow LAN to any rule</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
<rule uuid="b21f808a-6a4a-4cd6-9a83-1660cc8ea58b">
<type>pass</type>
<ipprotocol>inet6</ipprotocol>
<descr>Default allow LAN IPv6 to any rule</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
</filter>
<rrd>
<enable/>
</rrd>
<ntpd>
<prefer>0.opnsense.pool.ntp.org</prefer>
</ntpd>
<widgets>
<sequence>system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show</sequence>
<column_count>2</column_count>
</widgets>
<revision>
<username>root@192.168.5.204</username>
<time>1731534516.7156</time>
<description>/interfaces.php made changes</description>
</revision>
<OPNsense>
<DHCRelay version="1.0.1"/>
<wireguard>
<client version="1.0.0">
<clients/>
</client>
<general version="0.0.1">
<enabled>0</enabled>
</general>
<server version="1.0.0">
<servers/>
</server>
</wireguard>
<IPsec version="1.0.1">
<general>
<enabled/>
</general>
<keyPairs/>
<preSharedKeys/>
</IPsec>
<Swanctl version="1.0.0">
<Connections/>
<locals/>
<remotes/>
<children/>
<Pools/>
<VTIs/>
<SPDs/>
</Swanctl>
<OpenVPNExport version="0.0.1">
<servers/>
</OpenVPNExport>
<OpenVPN version="1.0.0">
<Overwrites/>
<Instances/>
<StaticKeys/>
</OpenVPN>
<captiveportal version="1.0.2">
<zones/>
<templates/>
</captiveportal>
<cron version="1.0.4">
<jobs/>
</cron>
<Firewall>
<Lvtemplate version="0.0.1">
<templates/>
</Lvtemplate>
<Alias version="1.0.1">
<geoip>
<url/>
</geoip>
<aliases/>
</Alias>
<Category version="1.0.0">
<categories/>
</Category>
<Filter version="1.0.4">
<rules/>
<snatrules/>
<npt/>
<onetoone/>
</Filter>
</Firewall>
<Netflow version="1.0.1">
<capture>
<interfaces/>
<egress_only/>
<version>v9</version>
<targets/>
</capture>
<collect>
<enable>0</enable>
</collect>
<activeTimeout>1800</activeTimeout>
<inactiveTimeout>15</inactiveTimeout>
</Netflow>
<IDS version="1.0.9">
<rules/>
<policies/>
<userDefinedRules/>
<files/>
<fileTags/>
<general>
<enabled>0</enabled>
<ips>0</ips>
<promisc>0</promisc>
<interfaces>wan</interfaces>
<homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
<defaultPacketSize/>
<UpdateCron/>
<AlertLogrotate>W0D23</AlertLogrotate>
<AlertSaveLogs>4</AlertSaveLogs>
<MPMAlgo/>
<detect>
<Profile/>
<toclient_groups/>
<toserver_groups/>
</detect>
<syslog>0</syslog>
<syslog_eve>0</syslog_eve>
<LogPayload>0</LogPayload>
<verbosity/>
</general>
</IDS>
<Interfaces>
<loopbacks version="1.0.0"/>
<neighbors version="1.0.0"/>
<vxlans version="1.0.2"/>
</Interfaces>
<Kea>
<ctrl_agent version="0.0.1">
<general>
<enabled>0</enabled>
<http_host>127.0.0.1</http_host>
<http_port>8000</http_port>
</general>
</ctrl_agent>
<dhcp4 version="1.0.0">
<general>
<enabled>0</enabled>
<interfaces/>
<valid_lifetime>4000</valid_lifetime>
<fwrules>1</fwrules>
</general>
<ha>
<enabled>0</enabled>
<this_server_name/>
</ha>
<subnets/>
<reservations/>
<ha_peers/>
</dhcp4>
</Kea>
<monit version="1.0.13">
<general>
<enabled>0</enabled>
<interval>120</interval>
<startdelay>120</startdelay>
<mailserver>127.0.0.1</mailserver>
<port>25</port>
<username/>
<password/>
<ssl>0</ssl>
<sslversion>auto</sslversion>
<sslverify>1</sslverify>
<logfile/>
<statefile/>
<eventqueuePath/>
<eventqueueSlots/>
<httpdEnabled>0</httpdEnabled>
<httpdUsername>root</httpdUsername>
<httpdPassword/>
<httpdPort>2812</httpdPort>
<httpdAllow/>
<mmonitUrl/>
<mmonitTimeout>5</mmonitTimeout>
<mmonitRegisterCredentials>1</mmonitRegisterCredentials>
</general>
<alert uuid="15f1e9ca-5dd5-4b20-b595-b6b4f82245d0">
<enabled>0</enabled>
<recipient>root@localhost.local</recipient>
<noton>0</noton>
<events/>
<format/>
<reminder/>
<description/>
</alert>
<service uuid="c1e99556-91f5-4dbf-81d7-7915a3213de9">
<enabled>1</enabled>
<name>$HOST</name>
<description/>
<type>system</type>
<pidfile/>
<match/>
<path/>
<timeout>300</timeout>
<starttimeout>30</starttimeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>91b4e409-211b-49d5-9fa3-dc9054106646,cbe9cb72-e8c2-4740-990c-abcc486b0654,c0708923-88de-4178-abdd-819737440ce0,e887125d-c5d2-45e6-b40d-2c400d5449d1</tests>
<depends/>
<polltime/>
</service>
<service uuid="7513f341-7d21-4f11-903f-30d07b3aa41e">
<enabled>1</enabled>
<name>RootFs</name>
<description/>
<type>filesystem</type>
<pidfile/>
<match/>
<path>/</path>
<timeout>300</timeout>
<starttimeout>30</starttimeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>cc3684f2-701e-4de4-883d-803e08cf47b6</tests>
<depends/>
<polltime/>
</service>
<service uuid="f99ada79-ba1a-4ee1-81f1-ef570e8e5ea9">
<enabled>0</enabled>
<name>carp_status_change</name>
<description/>
<type>custom</type>
<pidfile/>
<match/>
<path>/usr/local/opnsense/scripts/OPNsense/Monit/carp_status</path>
<timeout>300</timeout>
<starttimeout>30</starttimeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>f2d734cb-2a0e-4375-9460-11bdd5b20503</tests>
<depends/>
<polltime/>
</service>
<service uuid="dca8a81f-d389-4baa-b477-8b348194fd25">
<enabled>0</enabled>
<name>gateway_alert</name>
<description/>
<type>custom</type>
<pidfile/>
<match/>
<path>/usr/local/opnsense/scripts/OPNsense/Monit/gateway_alert</path>
<timeout>300</timeout>
<starttimeout>30</starttimeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>865105a2-cbea-4a01-9979-c67818da9d99</tests>
<depends/>
<polltime/>
</service>
<test uuid="ea6b821c-4f30-455b-bd5b-23a6f0c20554">
<name>Ping</name>
<type>NetworkPing</type>
<condition>failed ping</condition>
<action>alert</action>
<path/>
</test>
<test uuid="16186b38-0e13-4cc3-ad18-ccc3fcc91837">
<name>NetworkLink</name>
<type>NetworkInterface</type>
<condition>failed link</condition>
<action>alert</action>
<path/>
</test>
<test uuid="69117d4d-8c41-4712-97c0-87b4fa7c9837">
<name>NetworkSaturation</name>
<type>NetworkInterface</type>
<condition>saturation is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="91b4e409-211b-49d5-9fa3-dc9054106646">
<name>MemoryUsage</name>
<type>SystemResource</type>
<condition>memory usage is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="cbe9cb72-e8c2-4740-990c-abcc486b0654">
<name>CPUUsage</name>
<type>SystemResource</type>
<condition>cpu usage is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="c0708923-88de-4178-abdd-819737440ce0">
<name>LoadAvg1</name>
<type>SystemResource</type>
<condition>loadavg (1min) is greater than 4</condition>
<action>alert</action>
<path/>
</test>
<test uuid="e887125d-c5d2-45e6-b40d-2c400d5449d1">
<name>LoadAvg5</name>
<type>SystemResource</type>
<condition>loadavg (5min) is greater than 3</condition>
<action>alert</action>
<path/>
</test>
<test uuid="c34aab30-9194-4667-b516-004b9c90c1c0">
<name>LoadAvg15</name>
<type>SystemResource</type>
<condition>loadavg (15min) is greater than 2</condition>
<action>alert</action>
<path/>
</test>
<test uuid="cc3684f2-701e-4de4-883d-803e08cf47b6">
<name>SpaceUsage</name>
<type>SpaceUsage</type>
<condition>space usage is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="f2d734cb-2a0e-4375-9460-11bdd5b20503">
<name>ChangedStatus</name>
<type>ProgramStatus</type>
<condition>changed status</condition>
<action>alert</action>
<path/>
</test>
<test uuid="865105a2-cbea-4a01-9979-c67818da9d99">
<name>NonZeroStatus</name>
<type>ProgramStatus</type>
<condition>status != 0</condition>
<action>alert</action>
<path/>
</test>
</monit>
<Gateways version="1.0.0">
<gateway_item uuid="a6ea102d-68bb-430f-af8b-269d52498fe1">
<disabled>0</disabled>
<name>WAN_GW</name>
<descr>Interface WAN Gateway</descr>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<gateway>172.17.0.1</gateway>
<defaultgw>1</defaultgw>
<fargw>0</fargw>
<monitor_disable>1</monitor_disable>
<monitor_noroute/>
<monitor/>
<force_down/>
<priority>255</priority>
<weight>1</weight>
<latencylow/>
<latencyhigh/>
<losslow/>
<losshigh/>
<interval/>
<time_period/>
<loss_interval/>
<data_length/>
</gateway_item>
</Gateways>
<Syslog version="1.0.2">
<general>
<enabled>1</enabled>
<loglocal>1</loglocal>
<maxpreserve>31</maxpreserve>
<maxfilesize/>
</general>
<destinations/>
</Syslog>
<TrafficShaper version="1.0.3">
<pipes/>
<queues/>
<rules/>
</TrafficShaper>
<unboundplus version="1.0.9">
<general>
<enabled>1</enabled>
<port>53</port>
<stats/>
<active_interface/>
<dns64/>
<dns64prefix/>
<noarecords/>
<regdhcp/>
<regdhcpdomain/>
<regdhcpstatic/>
<noreglladdr6/>
<noregrecords/>
<txtsupport/>
<cacheflush/>
<local_zone_type>transparent</local_zone_type>
<outgoing_interface/>
<enable_wpad/>
</general>
<advanced>
<hideidentity/>
<hideversion/>
<prefetch/>
<prefetchkey/>
<aggressivensec>1</aggressivensec>
<serveexpired/>
<serveexpiredreplyttl/>
<serveexpiredttl/>
<serveexpiredttlreset/>
<serveexpiredclienttimeout/>
<qnameminstrict/>
<extendedstatistics/>
<logqueries/>
<logreplies/>
<logtagqueryreply/>
<logservfail/>
<loglocalactions/>
<logverbosity>1</logverbosity>
<valloglevel>0</valloglevel>
<privatedomain/>
<privateaddress>0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10</privateaddress>
<insecuredomain/>
<msgcachesize/>
<rrsetcachesize/>
<outgoingnumtcp/>
<incomingnumtcp/>
<numqueriesperthread/>
<outgoingrange/>
<jostletimeout/>
<cachemaxttl/>
<cachemaxnegativettl/>
<cacheminttl/>
<infrahostttl/>
<infrakeepprobing/>
<infracachenumhosts/>
<unwantedreplythreshold/>
</advanced>
<acls>
<default_action>allow</default_action>
</acls>
<dnsbl>
<enabled>0</enabled>
<safesearch/>
<type/>
<lists/>
<whitelists/>
<blocklists/>
<wildcards/>
<address/>
<nxdomain/>
</dnsbl>
<forwarding>
<enabled/>
</forwarding>
<dots/>
<hosts/>
<aliases/>
<domains/>
</unboundplus>
</OPNsense>
<hasync version="1.0.0">
<disablepreempt>0</disablepreempt>
<disconnectppps>0</disconnectppps>
<pfsyncenabled>0</pfsyncenabled>
<pfsyncinterface>lan</pfsyncinterface>
<pfsyncpeerip/>
<pfsyncversion>1400</pfsyncversion>
<synchronizetoip/>
<username/>
<password/>
<syncitems/>
</hasync>
<openvpn/>
<ifgroups version="1.0.0"/>
<gifs version="1.0.0">
<gif/>
</gifs>
<gres version="1.0.0">
<gre/>
</gres>
<laggs version="1.0.0">
<lagg/>
</laggs>
<virtualip version="1.0.0">
<vip/>
</virtualip>
<vlans version="1.0.0">
<vlan/>
</vlans>
<staticroutes version="1.0.0">
<route/>
</staticroutes>
<bridges>
<bridged/>
</bridges>
<ppps>
<ppp/>
</ppps>
<wireless>
<clone/>
</wireless>
<ca/>
<dhcpdv6/>
<cert uuid="547102e9-23ba-48b8-8af8-64be61049e96">
<refid>6734d13fa9e4a</refid>
<descr>Web GUI TLS certificate</descr>
<caref/>
<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVSUhVRkpwc253VGtzYWRrZmRDNUp1SDhqWnZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5ERXhNVE14TmpFNE1EbGFGdzB5TlRFeU1UVXhOakU0TURsYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURKU1FlZ1RYckp5dDVWYmk0Rk9IeHJrOXhxQ21FRU54V2pINVVwNDBFK3hjUzZQU1NyCkNEclc3ZDlYcVJkOEpEZENtdGtLRGlMYWNaUzJMUm1abnd6VnRzZGtBR2pOYm5OM1hSNmlFajdGL0JnbVBlcDEKU2pJWnBTZzNkOS9YeHFPQTNZQllzTS9uUk9vWHlmTHcycFJOLzhHVjN3MHoxbVFZUitMZWI3UTFuc1c3dTJ5NworVHc5STZGU0J4bkdaR3RyUFl5NkVBb0NMdm1GQnFCYWxkWTQ2ejdlWjlIRkZXaE8ybWpaUzVPdTE3ZVozVHBxCnBRTVB1T2JxV3FyaE0xdjVjdmJodU5kREhNZ3ZVVFVnQ0RNK2FkS3dIc0dNNGw5ZGtOQTgxdGlJcXpzN1BqcjEKUm0wMlVuUXRneW8zY3hPRXVsYk9nU0hsdGhTMmtUMXE2UmhyemYvRGRJSEhta1RROGtwWVloWGc0VmpMQVdpSQpQbm9ncnZsRUlWMERhQ3ZEMjZiRkRDbVkxc29FbDV1NGtYanJScDRXK29NUVRHeG80NzFMQnNBMlh1Si82ZFJBCkJMVzh4dXBFODhEYmlrWW51NVdQaUp6ZXh4UVIyNU1FQVd6TCtKK0lubFExbmpMVWwyN3R0c1VQQ1VjL3c0NXoKcHBERHYwZnU0Nnp1S3EzY0VWRitiREsrQWdlT0Q2SXNzUjVRRTdFNVdkWjYrNWl6ZHB4eWdUeGh0L1k1RlBkSApHQjlCbDFrejR4bHRhczlvbmZrSDFkVHk3dzFNck43Z1l5WjgvS0pMWW9EY2NBOVFuNGt6bGtPeFVUMENuS1ExCmtWNk90aFRsVFgzK2duaUpJK3RXWUQ5bTRldXNzYWN1anpyWDl5TTNZcEloMnZqODJ0NHpPNjIrNFFJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRkJRZytucWI5QW9HSWtoTUxhNHFzWGRvY0JGcE1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVUlIVUYKSnBzbndUa3NhZGtmZEM1SnVIOGpadk13SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQUZqNlQ1MmRIUklVMHJuZDE0d2dob2tjUkdrK0hIQloyTGlDRHpUeUwKNHdCeTJ1ZXJXQWdvYUZzeUlNQzhwWTBhWlc4TFlSd1BtRVB0OXlUS09ZZzF0NWtOUnk2RkF5akszeis5TGZTQwoxRlFpb0pma3FHRnhoc1IxV1R5RjBGNmJmM2tZRDZ4OWw1dEdqMXF3SndrekZWZWcvZGNtUVhvRTBmUDRqSFFvCmgxWXdiZ3pTa084TzRLUVhuWXVRM3g0bWdoZnBvR0hQM2xINlcybDJlWHpqSzllRjJtUG1ZS0p1M3JpSnkvL3gKRzhQWXBYNlNTN3RoVnNNeHF3cGJHbURXQXRuSnNrSmVsNDI1WUdOYlZ4YTNPOHE3RWxLNGFoNXpmai8wRnVwTgo3SnlqMWQyZjZFck14WlFnUi9EdmlUVnhISytRY1lBRXBqU2ZmZzBrRStpS1BlN0VYTVk1VU1aZUFTK1ZteG1LCjBPOWxaQXNpWUlEMzkwVjNTaDZxYjhoL2xMZ0V2NCtSNUw1VEpFaldYc0dQSUpGaHJNSFJWR1lhV3JIYWx3eHYKNjE5NFlpSXBEaUlHSVVSWGN1U3dNcndIQzN0bms2QVo2OW5CczVXT1JYM0NxOVhRRnVrVlA5eUMxQnRuSmFwbQpubUMzK3NtTTErRjkxUXlkVXJtbUxPNUVwUmtTMitBcmRTSklUR1NRNWt4L3VLNjhzV0QzVVdNNVRibUxrcWdOCkt6djZjemVCbzJiVExDT0JKUWJ4STFCckRPTUFMSDlCdXdUamVXdUVtWE9TWE1lTDFsejdhL2JZKzJxa1BSOVAKTE5IekE2QXZlVmxucDNaeFdqMjZFK3dwYnU5cHBaY0QzRGVHRnRnZzVJbUJ2ZDNWbjJ6UVc4a1ZMT1ZBdllSawptdWc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
<csr/>
<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpSQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1M0d2dna3FBZ0VBQW9JQ0FRREpTUWVnVFhySnl0NVYKYmk0Rk9IeHJrOXhxQ21FRU54V2pINVVwNDBFK3hjUzZQU1NyQ0RyVzdkOVhxUmQ4SkRkQ210a0tEaUxhY1pTMgpMUm1abnd6VnRzZGtBR2pOYm5OM1hSNmlFajdGL0JnbVBlcDFTaklacFNnM2Q5L1h4cU9BM1lCWXNNL25ST29YCnlmTHcycFJOLzhHVjN3MHoxbVFZUitMZWI3UTFuc1c3dTJ5NytUdzlJNkZTQnhuR1pHdHJQWXk2RUFvQ0x2bUYKQnFCYWxkWTQ2ejdlWjlIRkZXaE8ybWpaUzVPdTE3ZVozVHBxcFFNUHVPYnFXcXJoTTF2NWN2Ymh1TmRESE1ndgpVVFVnQ0RNK2FkS3dIc0dNNGw5ZGtOQTgxdGlJcXpzN1BqcjFSbTAyVW5RdGd5bzNjeE9FdWxiT2dTSGx0aFMyCmtUMXE2UmhyemYvRGRJSEhta1RROGtwWVloWGc0VmpMQVdpSVBub2dydmxFSVYwRGFDdkQyNmJGRENtWTFzb0UKbDV1NGtYanJScDRXK29NUVRHeG80NzFMQnNBMlh1Si82ZFJBQkxXOHh1cEU4OERiaWtZbnU1V1BpSnpleHhRUgoyNU1FQVd6TCtKK0lubFExbmpMVWwyN3R0c1VQQ1VjL3c0NXpwcEREdjBmdTQ2enVLcTNjRVZGK2JESytBZ2VPCkQ2SXNzUjVRRTdFNVdkWjYrNWl6ZHB4eWdUeGh0L1k1RlBkSEdCOUJsMWt6NHhsdGFzOW9uZmtIMWRUeTd3MU0Kck43Z1l5WjgvS0pMWW9EY2NBOVFuNGt6bGtPeFVUMENuS1Exa1Y2T3RoVGxUWDMrZ25pSkkrdFdZRDltNGV1cwpzYWN1anpyWDl5TTNZcEloMnZqODJ0NHpPNjIrNFFJREFRQUJBb0lDQUNPNnZpc1BIY3pzb1NjK2dkWkU1dGNNCnZkc240UDFIenVRd0VzRUcrVG1zanVWMVBZbExrbkE4OU1DQmdDejEyOFpMcU51ZlUwSDkxK1Uzbjd2MGJ1bVAKd3BpR2R4UUNOMlpZaGZ2RWE5YW1qMTNZYjBJbks3b0FKbUdrT254NW91UFl6YlBRblBNRE9WK0VKa2JwTWRxZgptOHdmOWg2OXYzSk03bUZJS0UrOVVZR252UjhuMkhETTNwR3FONEhQS1A4MkE0RXlvQ2d2a1BTelRxc052bU5ICnBOY0RURW5rNlNsWUhUVDNOSzJjVnBldUhMUzUrazlqNWI5elhUSlE5TkpVZlN6bnEvUmFpMUZVNDY1K0xpUjEKMGVPWDdnajFWUExOcGgwcWtQQy9ubW0vZStVMmZXUGZZb2FDcWkrQ0VwU2twQXlQZ1FZZTJsSG0rYVU4MzZ2UQpuaHZuL0p5ZHJDL1NyTUFZaXpOZFYyZjlHTkNwcE1SbUZyOS9saVJiNEFpSzRLSDRETGdSRUxHaDJLNzJuOFRLCkxUSVhIV3RacisyMWU4c0Mxbm5MSENnK21wMHBvSWJsbEtoYk9VTmVxR09yWm95NFBXdDZMQndFYzN0MG1wVEMKODhiSUpqMzFCQngzTGE1SUE5b0FNRi9lbHJYdFhhVnl4bm5yTHdjYzFNVWpCV20rZDVqbC9WOEdIcEJRd3pXYwpPNWdNSXlQNUIvdzBacUcyZjV1akZkOHo4dElmcEFRRTJSbDNxRUFYNU1NY1JQaFlTNDJqTWl4czc3TmtOVldQCkpqUVoxVDVXQTVKOUxEL2FKRkplQ2MvbjhpNldOQ3FzdEQ5OVNPTCsrTTBFQTlka2lLNWtOcXFZeXZuRG9SZVcKSW84eXhvVnpObURsWjBkSU9UUzlBb0lCQVFEb2tvMWxPS05FNlBWWmRRU3lmS0JOTEZNcEl1V1VVZmp0ODU4awpJTTB0TnNyS0d2N3NmYkt0dlMvOWgwMGluU2FyWTJ4amVETG91WEI5VzdKY1B1NjRoNHYwek1lbXRhdDRyTUJnClA5bkQ3MW00dERqS2ZrZDAza2tUbk4ySTBxYkwzeFVoTjNEQlJZTU9veDFMa2M4MFFFMHhSUEM1YmRJaXcwemEKTWdtK1dOZVY1VEZoSkpQZ2dVRVo5U1A2aWV1VEY0OW9wRGNWdGUwQ0I0WnFUaTRWb3YvZFVDWGpNK0djRnNWdgpPWTZYTE9KTmRldHdnUVNkd1hlSzB1WlBpWnVKTGlsTEg4OFVKYWNoQThDZW1SclMxRUtxWElwK2dkQWV4MnhVCmY5amRMMGF2SlJEY0xqWlhETXBvWlJpc0JoWVArZzY3VHZza3FscDh4M2p2STlWVkFvSUJBUURkajZrdWNLM0MKYXprMzlqYllvM3RFZ0R5L2VGNnBjWFlpK21Ba1ZNRk9vSWJ5cmNyN3BqSnRMNFMyMEFDRmpBUGFQT042dWVVWQpQQm92dC9QODB1V1c5cGZCK29mRmdadzRqc3hLWFY4eEJmOVdLWVZndFBsOHhIL1RJcERTMjhVTlowNDlhUW4vCjlCRzNac0lyenk3RzFLRTZPLzBMMnVmMnFyaUxxRFQyV3dsdFVsbWs2Ym5NeThkR0sra1JLcFhvSm1RTlNHRHoKOXd4blU2ZmZ1NDdDLzRYMHRIVk1MVFVneFh4djdqN3BpSzI4dzBuZ1N5S3ozV0IzWTJwaFVsZEJIdEprQko1RQpoRm8zMXJCVDU5enhkb2crYXh1bkh4S3EySGFHRkt0ZUZ6RGpkTTFpQzE3bWNtWXBzR2tuenA0cjRjZm5FYTFSCko4Wmo5ZVFQaEVOZEFvSUJBUUN3d2hsbXNkb2MySFVJVFZDSm13QjJSdGJaYitWT2lkS0lmdDBYcHpwcFA3aDIKVEhndEl3ZDIxayt2LzNJWGVaclhMWlJHTVNkNEN1QTgxa0ZEckt6Z1lGeDFiR0hkQ1R2T1ZuVkxjWnUvTjUxWQpMTmp3eFhMbmxyMnhnMG8zMytuWERyQlBjNFJsejcvZ2t3WUQxa2pGckkwK2dlZjI5a2w4RkRUSHJMb05DaGFuCm5PNmZweDRneGZ2Rmo3T05pZDhhQnhEK2RiaEw3dDIzNmlJMWp6K2xRQ0g0Z1I2YWhHYldxOVBZU2NWZWprVmMKbTkrWnZPVFdSU0RteUkwMExDQ2k3UXVEUmlTcmFrYVFaL3F3VHlxOHk0ZnpWS3dKby8yYU52VFZiK2xSaWNuTgorWHpMNnU5dno0L1NNZXZEYWtqQVVjdDZmbmVQa1UxK2dsZ2VZSHlWQW9JQkFRRFJtYW0wVEZhbFdXaHMvNWtOClEwTkhINFhZb1JmMGRta0xXQStCNzBoY2lOS0JYRlp0ME9GZGw1bVdsSm9adk1hY1BBUDd3MGJ1c1ZVWWxZN1YKTy9LRTZVM1I3WjlxQWw1Mnh1aU81Vnc3ZFhBRDVBM1EyZ1EzdTNFdG5VS2lwOVA0QlNYb1JLbDRJVDV0WVdJSgpyZHVUciszQ3VLT0FCcHh4Snpxa3JBRkdtZ01HRCtUTWRXd1hTU1NBeHVPYklNMW1MSU4wYVdlSEJNMFFKdnptClZIb1BFVXA1b0FwamdWVUVacTk4K0VjK0NOWkxmL2d3bndQNllsQnpRWEtQRlNXRWJwTWNtWjNjTmRWZmc5T1YKM1FDUTBkQzhNL21hRlhSRWVibE95TmtCanpEcHpVTExJUFNyVDhoRVlpWm95VGVyVGRJZVVBUEZoYnBTTUhtTApFRlhsQW9JQkFRQ0VUdVJQRHZvMC9tdDhyTzhLNENsamtuU0gxZ1FBSjFha3U3UXg3NUJUTDB6OWRNY2lMK1JLCng1R1lFTW1wcUtNb2FPbWc0WFVRMVRlQ2Vic1R0NjMyWXp6cmNCU0d1RzVnN1o0UUVublUzRXU5QklIMUVSL2gKSEk0NWowU0xNRUpObkNiTkpnRVNRRUFCbzN3cHhrRTdiRGlNdTVPOXVqMlFRVTlTTm94QkFmbVFXRDJJaU1BRQpWYzV3QTNZajBMdElSYkJmdzNBTE9uNlRSc2xucy9JMnd2Z1RCQW9sU3NZbEtEK0NRY3hDZldlNmZwU21aYmlCClBGUE9DY1ZQTXhGeXBhZWFJMkRXNWRPNFNoNGQ0ZlZma2F3ck9LN1N2QnFZb0Y5L2VndThzQS9ZdklaRVltQUQKd0ZIOGs1QjJ4WXdiNkVmNmFFQ29ZTitsNWtlWmhNWTgKLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
</cert>
<cert uuid="cad18e13-92c5-48b6-9b44-ad2e5dcc799e">
<refid>6734d6c82dc59</refid>
<descr>Web GUI TLS certificate</descr>
<caref/>
<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVZkNETXpFclQ4dlVoenJaTVJta3JiT3dnSUdNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5ERXhNVE14TmpReE5EVmFGdzB5TlRFeU1UVXhOalF4TkRWYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURMc0xEbjRta1R4RXJYdHdqTXoxencyeHJhNTZ5bTYrYzlRNEM3UjMyMzVuWjVPM1ovCnczL2tNV2Y5L25GbGpnMkFXWERJSmNXZjk0NFJFblFMdmlha2NNTHR1Qm1KTVRYZnVQWnhsSWE4Wlc0S0ZuT20KVFM0WXFCVzhHQkpJd0xtQ2kxb2RoWXhmUEQ2TFdEZnZYMm1tWEIrUFNxL0l4WEhOSjdxZVB4YzVuSzUyMW1uNQpuQ0FtZFBDY2JmdmdXdUM2TnhWbXpkeXpta1QvNnVqRUJFYTZ6RkQyUUtDN1N6a2ptZUNpd2VDQjc5NjZqeEV5ClFrVlFqYlQ5MFlyeENvdE8rbTJIQU5QZHNjT3FvNldXMEhmSlNpa2k4K2NDWHlzbGRFSzFZbmxueTNFWlVqTEwKVmplRS9XQVU0Q1BZUmhYVFVGVTIxZFV2azNvYUVpeldVdmhKc1FHYnh2aFRUQlN3aVliOUQ3Ymx1MWl4UzJxNwo3Mzk5VWdRN3FTNUFhOElHbXA4NUNoUUlBWUVjSTd6RGVWTGtrOGpkWkFCaTdGbDl0M05OQTU3WlVZVzErWE45CitUZ3ljMTlTbGoxVW1RdkRvekxCQzk5TVJpLzREQTIxRFpIODY3ekFYenFqZWUrckorQkZvNzVEQjlqd2tMTmUKUGVpemxRenRIWmpSU0tnaWdSNU9KSmtSVHIvNjduaTBtbzVITGNkU3hBSDFmdXdXS0hWS2RHQlQrNjhhYkUrZwprUSsrVDhMenVhK1FtakxOUVFqMVJCSFYzSzVQL3dvbXJKZG02d1ZLbm85RXlNait4azFwS05wb0F4UnR1WllmCkNEVVVQWjR1cEJtbzBLN3dGNHdtV3VXYSttVndlb1ZTcDRXMEhOWVJGU1pyWWxrc1AzdWViSHcva1FJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRktidDd0QkRKN1daV1lMblQ5cEhTMklPdTg1TU1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVWZDRE0KekVyVDh2VWh6clpNUm1rcmJPd2dJR013SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQWNQbmllQ29FSmRjV25CVHdqRmE3bjZqTFMrZ1pUYUk2ZjAzWktQMFYKQ0pSaDUxWTNwb2dpcnJYcVNHQ1VGTVNHbGpsQ21mU2VhdW9GWFYwanZLejhnMGZ1NU9kYlhjd2FrZFBZSXgydQpVT0dMbllTaEdCNlpoMmhpWWdSVGFpemJoTVliQitzQkV4QU1CdHZRZElSZ3dBWkRNWE9jY0MwZnJaMFhRRlRFCnQ3by82VGYvZEprdnB0cmRYWW1INnFUWlA2MGxyTnlabVloTjc1NEluOFZLRVVSRWNZamg1ejlJanA1NTE1cU0Kb0VrSGNKbTBDNkh2VStETG1ybFpFYkV4bnVOMFQzWTBNZ0hiVFVhU2Y1L2FKVmlIM0dOMnMzbG1ZM0VXTS9Vcwo3azFyc2JTa2orZzJvQXlTcjU0Nlc4RkdaMjliZFlOYk1EaTQ4aXVRQWlzRlQrTGZXN3Y3RVl3WGJ3NUhSVkpNCjV2MlhnenJwN2Yxa08zckEzeXUyS1VSSktHdjJ1ZXhNSythb1VOZXhRT3ludmZGUTBCemRHQ1dlcmVvZTZ3bDMKbHc4Z2dCWDI1VGIxbzR3d1UzNXdtUUIrMC9rbjB0SXoveVBhY2JzbDAwZ0dJNFhTbWpRQmF0MUZYRHFEME1JMgp4S0RqMXZ2dkNTVnRKc09ESG95eDhLc3ptbno5UVFoV0ZNeC9LTXp1clh0OWtsWFRJc0t3d2NXMytZQWtQMzNaClgvOGJnZS8zK2RibTdNN3BndmFBNVFlU3VTbkwzNjdLT1g1NlNZNGFZWHhkc1haVDc0ZGxVRU1jbG9NU0NIOG4KR25QWlpyWTNHdnZaU2ovQWdqT2lDNHNBL2JSSmh4cCtUQndlRFByR0pFUEJFVW9sZEZHVXdraFJXMVVuRlc2YwpyTGM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
<csr/>
<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRRExzTERuNG1rVHhFclgKdHdqTXoxencyeHJhNTZ5bTYrYzlRNEM3UjMyMzVuWjVPM1ovdzMva01XZjkvbkZsamcyQVdYRElKY1dmOTQ0UgpFblFMdmlha2NNTHR1Qm1KTVRYZnVQWnhsSWE4Wlc0S0ZuT21UUzRZcUJXOEdCSkl3TG1DaTFvZGhZeGZQRDZMCldEZnZYMm1tWEIrUFNxL0l4WEhOSjdxZVB4YzVuSzUyMW1uNW5DQW1kUENjYmZ2Z1d1QzZOeFZtemR5em1rVC8KNnVqRUJFYTZ6RkQyUUtDN1N6a2ptZUNpd2VDQjc5NjZqeEV5UWtWUWpiVDkwWXJ4Q290TyttMkhBTlBkc2NPcQpvNldXMEhmSlNpa2k4K2NDWHlzbGRFSzFZbmxueTNFWlVqTExWamVFL1dBVTRDUFlSaFhUVUZVMjFkVXZrM29hCkVpeldVdmhKc1FHYnh2aFRUQlN3aVliOUQ3Ymx1MWl4UzJxNzczOTlVZ1E3cVM1QWE4SUdtcDg1Q2hRSUFZRWMKSTd6RGVWTGtrOGpkWkFCaTdGbDl0M05OQTU3WlVZVzErWE45K1RneWMxOVNsajFVbVF2RG96TEJDOTlNUmkvNApEQTIxRFpIODY3ekFYenFqZWUrckorQkZvNzVEQjlqd2tMTmVQZWl6bFF6dEhaalJTS2dpZ1I1T0pKa1JUci82CjduaTBtbzVITGNkU3hBSDFmdXdXS0hWS2RHQlQrNjhhYkUrZ2tRKytUOEx6dWErUW1qTE5RUWoxUkJIVjNLNVAKL3dvbXJKZG02d1ZLbm85RXlNait4azFwS05wb0F4UnR1WllmQ0RVVVBaNHVwQm1vMEs3d0Y0d21XdVdhK21Wdwplb1ZTcDRXMEhOWVJGU1pyWWxrc1AzdWViSHcva1FJREFRQUJBb0lDQUFzc3hPL2IzSTd3a0hpWU9wdmQ3b2ZxClJXVm9HM0ZHOVBkSCtrcU1DQW9zVXlpZ2lnWkZhQUZSY3BhZFBJUnBVRFZQOHQrUUx2RHhTSEtJVkNTR3lLRHgKN01mVTkxV3ZCUGtpc1NhWEV2TklEMHJ2WTJYbXl4WWdOcDBNcHdnbHhxZXlWSDNWSTFmZ09zQXpWVkpGSmtzeAp0NnVKV2U2R1lwRnlVZ3MzZytNdHhPYVJLZHcvWkFZb0dVRkR5WE5NR1JNdVRYYkg2WWxTOStFZ2RxZTJZbGtDCk41amkvODUydUlwSytXZUVnbmd1ZkVZNDdpVVhQSzFJTVB0UjRURUxOb3hkTWVBYnZBUG9La2QwMWZOWnVaQ3EKQ0dxNS9kMEQ4cDZKNjlUK3M1RnR1R1UrdkxtcUg3NmtsZjVmTTZnOFpCc2xSNStNQ0xlay9DaHRBZGU2VXBQRApXQ2EwazU3dmdneUdQdGVlVXY2RVJBMEp6SjlJd2VHZGdVWHhNdW5LK3ZSNWYydWJKWFJoMVJpNTNFSTNvVUxYClFvWm9hOTY3VzNUajQ3UzR2RlQyK2dLb0g2OXlNckdVNVkwcjJrSTFXMVVhWEJ1aVVrMi94amdyWVdTblUzUUQKZkM3ZXllTlNlN3c4UW9MMVBEYXJwVXdaK2xGZ0w3NFVScldLQU12WVhxa3NTMHVtb0tTSWo4cjZMM0hVSUVaUgpZRzhBTU91dFhrQk5lMkNpTXRKM2NYUXNIOWloQU9QL3AvaE9BTTBGNkM3Ymt1Vm85d1pRdDVESWxRWUl4TlArClFRZ2doRnhBNTlTWmpwRk00QkN5L0hEOENJY3VuSURZOVNlbXNSYXdyUVY1eGk1akFScVdOYTdBSVMvVlArdUUKQkpmS0dDNFlZVmxqS1VLeEgxVUJBb0lCQVFEcnZOWXNrd3ZhQ2Z6MlcvbkIrRjNjVE1RbjM2RENSYnZwQ0s1dApldm96TjJGbjBJdWFnN2RrYzN2NTFxTVNEd0h1cVNkVTRHUHZMcm83alpJaFNEZ1AwLzBLWmc0VmxtZE5HbEovCk1lcXhmOGRkOFdTQjZiUksrK2FRcEhaeDd2SUFTWkE4eHkvZ3F2NGJpSmlqVDhUQ2lSeXdYSTQ0ZlRYM0xLZTIKVG1Uc29XNk9yQmErSWJRYjBpTEh4WE4rZ3JDM0cxWWxIUlNvTEpKUkU0eFVLMGsvM1JLNU16RjRIYUNZb1BWOQpDOFpQellMR253SE9ERU8zbHRtSGJvQUNFa0VrT2dFV3U4RFo2YlYrMXJBcVh6WnN0L3hNZnJ5KzlMRVdYQUwvCkRnOEdkall0YzdyUTFZd1BIY1h6cFo2clVIdXh2K0p6VEE1ZzNCS1p6aWhwNFdHaEFvSUJBUURkTXE3N0dRWGMKYW5hYlMxanlFT3VzNFp5ZlJ4cW10NEVFaHZjY0dRVVVrV0IrWk11bnpyaENxb3ZwQ1dhVU9zWVhuNG45Y3BQSAo3bm1mOUJHbFI4NVhCVHNLM2d4bE5NMUhjSGFTNXZSem9WQVBNd3o2VVV0ZFNLWXRLR0Q3Wkxmbm9ISXN1SlEzCnJ6WWIyTFhpVmx6MWlNNUVmT0VrL1J5UjBwMGtleXVwa0F0OXBRV0hzaURYb0pibDE2d1ZLc2NDNGUzNjdRRWsKcFdoeXcyS3A4bXdtOGxqQllxZWtHdUREeGVZSDMzMVlGa2FMUEJCT2xPQnlveFlOUDdBVVREUlV3KzB1T01jNwozb0N1VE9jWnAxVWMwQURBOXRTRVRINklWdlFEUXZlYzR6MWRTVGRmUEkxRzVUTCt4Mzlvam5OcGVoYng0bEwvCmRxTTBmcFlPL2ZmeEFvSUJBRmwzOU8wNzdjNlY1ZHoyY1djTnhVbThGT0p4UEVrZlFEOGtYVmNOeW5HdnZoY3gKamhwWmpUdmhuSmJvd0VFMVV1MXFZNVFTQ2J1WVIzUWN1ZTVKdzRVMlZwNGd0NDIzNUlMZHo1dVlyVk1xaE5jQgpxN3ltbnhlcVhRcGVjTm15NzBQdXA0QjV0SkVYTkpQc2xzbThsNWVoaERMbkhjOFFybStlRWhUZDBlNEJJcjJoClVJeGVyRVcyemg1MXNPeTkyeVhUaVRGU3hTbENxVkYrRXM5TEVtVGJtYVNTYWw4RkY1TjEyMVhYSnkvWWRwNjkKY0dqc1BMTXIzR2xMSmVnalYzZlJUK0o1NWFxT3lhUlhCTXRBRVo3WGdUampETzJJWHNGMnNHaHV4SU1XVUYrVgp3YnhLbi9xSXVUMU1pVmpKbGZpVE0vWEFVdUN1QlowOEloaDFRcUVDZ2dFQUZwdzJySzRMSGxPM21mb2l0bU9xClkzcVFVdXVtdXNIcEt6aE1qQSsycURxUC9YdDZJY1lNcWF2YkwwL3ByMTh1bm4yTlVsM2k0ejNxS3NKOUIwTUcKd1hoa1o2RDQ3V052VkUwWG9iNS80RTN0N0EvUTFNbDRoYW1HYXZsRXFJM01DcDRvN1k5VWZ6aW10RVA3bTQ0dQpaRjYranR1ZysvSHZlS3hwcWEvNWI1U3N5QVFWUTZDZW9Ndm1nTW9CNmd2OFdid1VZbURWakJSb1Q4clBEQVllCnJnQjV1QkxJaGdyRlROMnV2TUZJZzdlTE1ISk1UR3dGWVZKd1Q1eGgrRUV0M0RoR3gwSEFnOHNqcGkxd05md1gKeENFeTRvYVloSWw1S2FDUndyK1dwZS9JZHYrajdGVTVMN1QvK0hFV0FlOEZ0eE5td3dUYWJRaUllRFkwU29ZRgpVUUtDQVFFQXRiclZqbTFsaDQ1REhIWnVsem4xNllIQzJrMUYwWG9FZFVSQ3o0QTFsMHBEK3ljL2srdmJ0Qmg0Cm1RRDV1a3FicHFFZy9GNUhDZmdOaHlieHNNdVV6NzFaU24zN2dwczNDWUdiUyt4RkhjZTJBakNTbUlYQWIxQjgKR0Z2WnV4UlB5QXU0YVBvT1J3RzM3NVBOM0VNNk83bzdxbjlYeExTZWRIMHExM2U0YkhYYm4rc2xOa1RIM2xmcwpLVnBOUUhVSUNDSW5vQ0llV1dwdnAwQnFoYjlKclRsbXd2c25zOHpZVDNiY3F5QXZHZGRnNUs3Y0MwRVJaem9ECnFJTkI3S05FVjQ1NmF0eDZVT3VYUlpKREMvaHNJUTZNaVBveUJacHRsK1ZIMEtQbEFIWGExb0FXZmNuL0U3MFYKK0RaeVBiMWxkQUdpb1hqditGd2h5VzZlWEVrQlBnPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
</cert>
<syslog/>
</opnsense>

View File

@ -0,0 +1,987 @@
</acls>
<acls>
<action>alert</action>
<action>alert</action>
<action>alert</action>
<action>alert</action>
<action>alert</action>
<action>alert</action>
<action>alert</action>
<action>alert</action>
<action>alert</action>
<action>alert</action>
<action>alert</action>
<active_interface/>
<activeTimeout>1800</activeTimeout>
<address/>
<address/>
<address/>
<address/>
<address/>
</advanced>
<advanced>
<adv_dhcp_config_advanced/>
<adv_dhcp_config_file_override/>
<adv_dhcp_config_file_override_path/>
<adv_dhcp_option_modifiers/>
<adv_dhcp_pt_backoff_cutoff/>
<adv_dhcp_pt_initial_interval/>
<adv_dhcp_pt_reboot/>
<adv_dhcp_pt_retry/>
<adv_dhcp_pt_select_timeout/>
<adv_dhcp_pt_timeout/>
<adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
<adv_dhcp_request_options/>
<adv_dhcp_required_options/>
<adv_dhcp_send_options/>
<aggressivensec>1</aggressivensec>
</alert>
<AlertLogrotate>W0D23</AlertLogrotate>
<AlertSaveLogs>4</AlertSaveLogs>
<alert uuid="15f1e9ca-5dd5-4b20-b595-b6b4f82245d0">
</Alias>
<alias-address/>
<aliases/>
<aliases/>
<alias-subnet>32</alias-subnet>
<Alias version="1.0.1">
and for the sender directly reachable, route and next hop is known.</descr>
<any/>
<any/>
<any>1</any>
<any>1</any>
<any>1</any>
<any>1</any>
<any>1</any>
as part of the standard FreeBSD core system.</descr>
as part of the standard FreeBSD core system.</descr>
<blocklists/>
</bogons>
<bogons>
<bridged/>
</bridges>
<bridges>
<ca/>
<cacheflush/>
<cachemaxnegativettl/>
<cachemaxttl/>
<cacheminttl/>
</captiveportal>
<captiveportal version="1.0.2">
</capture>
<capture>
<caref/>
<caref/>
<categories/>
</Category>
<Category version="1.0.0">
</cert>
</cert>
<cert uuid="547102e9-23ba-48b8-8af8-64be61049e96">
<cert uuid="cad18e13-92c5-48b6-9b44-ad2e5dcc799e">
<children/>
<ciphers/>
</client>
<clients/>
<client version="1.0.0">
<clone/>
</collect>
<collect>
<column_count>2</column_count>
<compression/>
<condition>changed status</condition>
<condition>cpu usage is greater than 75%</condition>
<condition>failed link</condition>
<condition>failed ping</condition>
<condition>loadavg (15min) is greater than 2</condition>
<condition>loadavg (1min) is greater than 4</condition>
<condition>loadavg (5min) is greater than 3</condition>
<condition>memory usage is greater than 75%</condition>
<condition>saturation is greater than 75%</condition>
<condition>space usage is greater than 75%</condition>
<condition>status != 0</condition>
<Connections/>
</created>
</created>
</created>
</created>
<created>
<created>
<created>
<created>
</cron>
<cron version="1.0.4">
<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVSUhVRkpwc253VGtzYWRrZmRDNUp1SDhqWnZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5ERXhNVE14TmpFNE1EbGFGdzB5TlRFeU1UVXhOakU0TURsYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURKU1FlZ1RYckp5dDVWYmk0Rk9IeHJrOXhxQ21FRU54V2pINVVwNDBFK3hjUzZQU1NyCkNEclc3ZDlYcVJkOEpEZENtdGtLRGlMYWNaUzJMUm1abnd6VnRzZGtBR2pOYm5OM1hSNmlFajdGL0JnbVBlcDEKU2pJWnBTZzNkOS9YeHFPQTNZQllzTS9uUk9vWHlmTHcycFJOLzhHVjN3MHoxbVFZUitMZWI3UTFuc1c3dTJ5NworVHc5STZGU0J4bkdaR3RyUFl5NkVBb0NMdm1GQnFCYWxkWTQ2ejdlWjlIRkZXaE8ybWpaUzVPdTE3ZVozVHBxCnBRTVB1T2JxV3FyaE0xdjVjdmJodU5kREhNZ3ZVVFVnQ0RNK2FkS3dIc0dNNGw5ZGtOQTgxdGlJcXpzN1BqcjEKUm0wMlVuUXRneW8zY3hPRXVsYk9nU0hsdGhTMmtUMXE2UmhyemYvRGRJSEhta1RROGtwWVloWGc0VmpMQVdpSQpQbm9ncnZsRUlWMERhQ3ZEMjZiRkRDbVkxc29FbDV1NGtYanJScDRXK29NUVRHeG80NzFMQnNBMlh1Si82ZFJBCkJMVzh4dXBFODhEYmlrWW51NVdQaUp6ZXh4UVIyNU1FQVd6TCtKK0lubFExbmpMVWwyN3R0c1VQQ1VjL3c0NXoKcHBERHYwZnU0Nnp1S3EzY0VWRitiREsrQWdlT0Q2SXNzUjVRRTdFNVdkWjYrNWl6ZHB4eWdUeGh0L1k1RlBkSApHQjlCbDFrejR4bHRhczlvbmZrSDFkVHk3dzFNck43Z1l5WjgvS0pMWW9EY2NBOVFuNGt6bGtPeFVUMENuS1ExCmtWNk90aFRsVFgzK2duaUpJK3RXWUQ5bTRldXNzYWN1anpyWDl5TTNZcEloMnZqODJ0NHpPNjIrNFFJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRkJRZytucWI5QW9HSWtoTUxhNHFzWGRvY0JGcE1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVUlIVUYKSnBzbndUa3NhZGtmZEM1SnVIOGpadk13SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQUZqNlQ1MmRIUklVMHJuZDE0d2dob2tjUkdrK0hIQloyTGlDRHpUeUwKNHdCeTJ1ZXJXQWdvYUZzeUlNQzhwWTBhWlc4TFlSd1BtRVB0OXlUS09ZZzF0NWtOUnk2RkF5akszeis5TGZTQwoxRlFpb0pma3FHRnhoc1IxV1R5RjBGNmJmM2tZRDZ4OWw1dEdqMXF3SndrekZWZWcvZGNtUVhvRTBmUDRqSFFvCmgxWXdiZ3pTa084TzRLUVhuWXVRM3g0bWdoZnBvR0hQM2xINlcybDJlWHpqSzllRjJtUG1ZS0p1M3JpSnkvL3gKRzhQWXBYNlNTN3RoVnNNeHF3cGJHbURXQXRuSnNrSmVsNDI1WUdOYlZ4YTNPOHE3RWxLNGFoNXpmai8wRnVwTgo3SnlqMWQyZjZFck14WlFnUi9EdmlUVnhISytRY1lBRXBqU2ZmZzBrRStpS1BlN0VYTVk1VU1aZUFTK1ZteG1LCjBPOWxaQXNpWUlEMzkwVjNTaDZxYjhoL2xMZ0V2NCtSNUw1VEpFaldYc0dQSUpGaHJNSFJWR1lhV3JIYWx3eHYKNjE5NFlpSXBEaUlHSVVSWGN1U3dNcndIQzN0bms2QVo2OW5CczVXT1JYM0NxOVhRRnVrVlA5eUMxQnRuSmFwbQpubUMzK3NtTTErRjkxUXlkVXJtbUxPNUVwUmtTMitBcmRTSklUR1NRNWt4L3VLNjhzV0QzVVdNNVRibUxrcWdOCkt6djZjemVCbzJiVExDT0JKUWJ4STFCckRPTUFMSDlCdXdUamVXdUVtWE9TWE1lTDFsejdhL2JZKzJxa1BSOVAKTE5IekE2QXZlVmxucDNaeFdqMjZFK3dwYnU5cHBaY0QzRGVHRnRnZzVJbUJ2ZDNWbjJ6UVc4a1ZMT1ZBdllSawptdWc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVZkNETXpFclQ4dlVoenJaTVJta3JiT3dnSUdNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5ERXhNVE14TmpReE5EVmFGdzB5TlRFeU1UVXhOalF4TkRWYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURMc0xEbjRta1R4RXJYdHdqTXoxencyeHJhNTZ5bTYrYzlRNEM3UjMyMzVuWjVPM1ovCnczL2tNV2Y5L25GbGpnMkFXWERJSmNXZjk0NFJFblFMdmlha2NNTHR1Qm1KTVRYZnVQWnhsSWE4Wlc0S0ZuT20KVFM0WXFCVzhHQkpJd0xtQ2kxb2RoWXhmUEQ2TFdEZnZYMm1tWEIrUFNxL0l4WEhOSjdxZVB4YzVuSzUyMW1uNQpuQ0FtZFBDY2JmdmdXdUM2TnhWbXpkeXpta1QvNnVqRUJFYTZ6RkQyUUtDN1N6a2ptZUNpd2VDQjc5NjZqeEV5ClFrVlFqYlQ5MFlyeENvdE8rbTJIQU5QZHNjT3FvNldXMEhmSlNpa2k4K2NDWHlzbGRFSzFZbmxueTNFWlVqTEwKVmplRS9XQVU0Q1BZUmhYVFVGVTIxZFV2azNvYUVpeldVdmhKc1FHYnh2aFRUQlN3aVliOUQ3Ymx1MWl4UzJxNwo3Mzk5VWdRN3FTNUFhOElHbXA4NUNoUUlBWUVjSTd6RGVWTGtrOGpkWkFCaTdGbDl0M05OQTU3WlVZVzErWE45CitUZ3ljMTlTbGoxVW1RdkRvekxCQzk5TVJpLzREQTIxRFpIODY3ekFYenFqZWUrckorQkZvNzVEQjlqd2tMTmUKUGVpemxRenRIWmpSU0tnaWdSNU9KSmtSVHIvNjduaTBtbzVITGNkU3hBSDFmdXdXS0hWS2RHQlQrNjhhYkUrZwprUSsrVDhMenVhK1FtakxOUVFqMVJCSFYzSzVQL3dvbXJKZG02d1ZLbm85RXlNait4azFwS05wb0F4UnR1WllmCkNEVVVQWjR1cEJtbzBLN3dGNHdtV3VXYSttVndlb1ZTcDRXMEhOWVJGU1pyWWxrc1AzdWViSHcva1FJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRktidDd0QkRKN1daV1lMblQ5cEhTMklPdTg1TU1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVWZDRE0KekVyVDh2VWh6clpNUm1rcmJPd2dJR013SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQWNQbmllQ29FSmRjV25CVHdqRmE3bjZqTFMrZ1pUYUk2ZjAzWktQMFYKQ0pSaDUxWTNwb2dpcnJYcVNHQ1VGTVNHbGpsQ21mU2VhdW9GWFYwanZLejhnMGZ1NU9kYlhjd2FrZFBZSXgydQpVT0dMbllTaEdCNlpoMmhpWWdSVGFpemJoTVliQitzQkV4QU1CdHZRZElSZ3dBWkRNWE9jY0MwZnJaMFhRRlRFCnQ3by82VGYvZEprdnB0cmRYWW1INnFUWlA2MGxyTnlabVloTjc1NEluOFZLRVVSRWNZamg1ejlJanA1NTE1cU0Kb0VrSGNKbTBDNkh2VStETG1ybFpFYkV4bnVOMFQzWTBNZ0hiVFVhU2Y1L2FKVmlIM0dOMnMzbG1ZM0VXTS9Vcwo3azFyc2JTa2orZzJvQXlTcjU0Nlc4RkdaMjliZFlOYk1EaTQ4aXVRQWlzRlQrTGZXN3Y3RVl3WGJ3NUhSVkpNCjV2MlhnenJwN2Yxa08zckEzeXUyS1VSSktHdjJ1ZXhNSythb1VOZXhRT3ludmZGUTBCemRHQ1dlcmVvZTZ3bDMKbHc4Z2dCWDI1VGIxbzR3d1UzNXdtUUIrMC9rbjB0SXoveVBhY2JzbDAwZ0dJNFhTbWpRQmF0MUZYRHFEME1JMgp4S0RqMXZ2dkNTVnRKc09ESG95eDhLc3ptbno5UVFoV0ZNeC9LTXp1clh0OWtsWFRJc0t3d2NXMytZQWtQMzNaClgvOGJnZS8zK2RibTdNN3BndmFBNVFlU3VTbkwzNjdLT1g1NlNZNGFZWHhkc1haVDc0ZGxVRU1jbG9NU0NIOG4KR25QWlpyWTNHdnZaU2ovQWdqT2lDNHNBL2JSSmh4cCtUQndlRFByR0pFUEJFVW9sZEZHVXdraFJXMVVuRlc2YwpyTGM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
<csr/>
<csr/>
</ctrl_agent>
<ctrl_agent version="0.0.1">
<data_length/>
<default_action>allow</default_action>
<defaultgw>1</defaultgw>
<defaultPacketSize/>
<depends/>
<depends/>
<depends/>
<depends/>
<descr/>
<descr>Allow ping</descr>
<descr>Allow unprivileged access to tap(4) device nodes</descr>
<descr>Default allow LAN IPv6 to any rule</descr>
<descr>Default allow LAN to any rule</descr>
<descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
<descr>Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)</descr>
<descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
<descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
<descr>Drop packets to closed TCP ports without returning a RST</descr>
<descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
<descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
<descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
<descr>Enable sending IPv6 redirects</descr>
<descr>Enable TCP extended debugging</descr>
<descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
<descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
<descr>Hide processes running as other groups</descr>
<descr>Hide processes running as other users</descr>
<descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
<descr>Interface WAN Gateway</descr>
<description/>
<description/>
<description/>
<description/>
<description/>
<description>/firewall_rules_edit.php made changes</description>
<description>/firewall_rules_edit.php made changes</description>
<description>/firewall_rules_edit.php made changes</description>
<description>/firewall_rules_edit.php made changes</description>
<description>/firewall_rules_edit.php made changes</description>
<description>/firewall_rules_edit.php made changes</description>
<description>/firewall_rules_edit.php made changes</description>
<description>/firewall_rules_edit.php made changes</description>
<description>/interfaces.php made changes</description>
<description>System Administrators</description>
<descr>Loopback</descr>
<descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
<descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
<descr>Maximum outgoing UDP datagram size</descr>
<descr>Maximum outgoing UDP datagram size</descr>
<descr>Maximum socket buffer size</descr>
<descr>Page Table Isolation (Meltdown mitigation, requires reboot.)</descr>
<descr>Prefer privacy addresses and use them over the normal addresses</descr>
<descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
<descr>Randomize the ID field in IP packets</descr>
<descr>Set ICMP Limits</descr>
<descr>Set the ephemeral port range to be lower.</descr>
<descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
<descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
<descr>Set to 1 to enable filtering on the bridge interface</descr>
<descr>Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
<descr>Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
<descr>System Administrator</descr>
<descr>TCP Offload Engine</descr>
<descr>This option turns off the logging of redirect packets because there is no limit and this could fill
<descr>UDP Checksums</descr>
<descr>Web GUI TLS certificate</descr>
<descr>Web GUI TLS certificate</descr>
</destination>
</destination>
</destination>
</destination>
</destination>
</destination>
<destination>
<destination>
<destination>
<destination>
<destination>
<destination>
<destinations/>
</detect>
<detect>
</dhcp4>
<dhcp4 version="1.0.0">
</dhcpd>
<dhcpd>
<dhcpdv6/>
<dhcphostname/>
<dhcprejectfrom/>
<DHCRelay version="1.0.1"/>
<direction>in</direction>
<direction>in</direction>
<direction>in</direction>
<direction>in</direction>
<disablechecksumoffloading>1</disablechecksumoffloading>
<disableconsolemenu>1</disableconsolemenu>
<disabled>0</disabled>
<disablelargereceiveoffloading>1</disablelargereceiveoffloading>
<disablenatreflection>yes</disablenatreflection>
<disablepreempt>0</disablepreempt>
<disablesegmentationoffloading>1</disablesegmentationoffloading>
<disablevlanhwfilter>1</disablevlanhwfilter>
<disconnectppps>0</disconnectppps>
<dns64/>
<dns64prefix/>
<dnsallowoverride>1</dnsallowoverride>
</dnsbl>
<dnsbl>
<dnsserver/>
<dnsserver>192.168.5.1</dnsserver>
<domain>localdomain</domain>
<domains/>
<dots/>
<egress_only/>
<enable/>
<enable/>
<enable>0</enable>
<enable>1</enable>
<enable>1</enable>
<enable>1</enable>
<enabled/>
<enabled/>
<enabled>0</enabled>
<enabled>0</enabled>
<enabled>0</enabled>
<enabled>0</enabled>
<enabled>0</enabled>
<enabled>0</enabled>
<enabled>0</enabled>
<enabled>0</enabled>
<enabled>0</enabled>
<enabled>0</enabled>
<enabled>1</enabled>
<enabled>1</enabled>
<enabled>1</enabled>
<enabled>1</enabled>
<enabled>enabled</enabled>
<enable_wpad/>
<eventqueuePath/>
<eventqueueSlots/>
<events/>
<extendedstatistics/>
<fargw>0</fargw>
<files/>
<fileTags/>
</filter>
<filter>
</Filter>
<Filter version="1.0.4">
</Firewall>
<Firewall>
</firmware>
<firmware version="1.0.1">
<flavour/>
<force_down/>
<format/>
</forwarding>
<forwarding>
<from>10.100.8.10</from>
<fwrules>1</fwrules>
<gateway>172.17.0.1</gateway>
</gateway_item>
<gateway_item uuid="a6ea102d-68bb-430f-af8b-269d52498fe1">
</Gateways>
<Gateways version="1.0.0">
</general>
</general>
<general>
<general>
</general>
</general>
</general>
</general>
</general>
</general>
<general>
<general>
<general>
<general>
<general>
<general version="0.0.1">
</geoip>
<geoip>
<gid>1999</gid>
<gif/>
</gifs>
<gifs version="1.0.0">
<gre/>
</gres>
<gres version="1.0.0">
</group>
<group>
<group>admins</group>
<groupname>admins</groupname>
</ha>
<ha>
<ha_peers/>
</hasync>
<hasync version="1.0.0">
<hideidentity/>
<hideversion/>
<homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
<hostname>OPNsense</hostname>
<hostname>rtx4090</hostname>
<hosts/>
<httpdAllow/>
<httpdEnabled>0</httpdEnabled>
<httpdPassword/>
<httpdPort>2812</httpdPort>
<httpdUsername>root</httpdUsername>
<http_host>127.0.0.1</http_host>
<http_port>8000</http_port>
</IDS>
<IDS version="1.0.9">
<ifgroups version="1.0.0"/>
<if>le0</if>
<if>le1</if>
<if>lo0</if>
<inactiveTimeout>15</inactiveTimeout>
<incomingnumtcp/>
<infracachenumhosts/>
<infrahostttl/>
<infrakeepprobing/>
<insecuredomain/>
<Instances/>
<interface/>
<interface/>
<interface/>
<interface/>
<interface>lan</interface>
<interface>lan</interface>
<interfaces/>
<interfaces/>
<interfaces/>
<interfaces/>
</interfaces>
<interfaces>
</Interfaces>
<Interfaces>
<interfaces>wan</interfaces>
<interface>wan</interface>
<interface>wan</interface>
<interface>wan</interface>
<interface>wan</interface>
<interface>wan</interface>
<internal_dynamic>1</internal_dynamic>
<interval/>
<interval>120</interval>
<interval>monthly</interval>
<ipaddr>10.100.8.15</ipaddr>
<ipaddr>10.100.8.1</ipaddr>
<ipaddr>127.0.0.1</ipaddr>
<ipaddr>dhcp</ipaddr>
<ipaddrv6>::1</ipaddrv6>
<ipaddrv6>track6</ipaddrv6>
<ipprotocol>inet6</ipprotocol>
<ipprotocol>inet</ipprotocol>
<ipprotocol>inet</ipprotocol>
<ipprotocol>inet</ipprotocol>
<ipprotocol>inet</ipprotocol>
<ipprotocol>inet</ipprotocol>
<ipprotocol>inet</ipprotocol>
<ips>0</ips>
</IPsec>
<IPsec version="1.0.1">
<ipv6allow>1</ipv6allow>
It can also be used to probe for information about your internal networks. These functions come enabled
It can also be used to probe for information about your internal networks. These functions come enabled
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<jobs/>
<jostletimeout/>
</Kea>
<Kea>
<kex/>
<keyPairs/>
<keys/>
<keysig/>
<lagg/>
</laggs>
<laggs version="1.0.0">
</lan>
</lan>
<lan>
<lan>
<language>en_US</language>
<latencyhigh/>
<latencylow/>
<lb_use_sticky>1</lb_use_sticky>
<lists/>
</lo0>
<lo0>
<locals/>
<local_zone_type>transparent</local_zone_type>
<logfile/>
<loglocal>1</loglocal>
<loglocalactions/>
<LogPayload>0</LogPayload>
<logqueries/>
<logreplies/>
<logservfail/>
<logtagqueryreply/>
<logverbosity>1</logverbosity>
<loopbacks version="1.0.0"/>
<losshigh/>
<loss_interval/>
<losslow/>
</Lvtemplate>
<Lvtemplate version="0.0.1">
<mac>d8:5e:d3:e7:2c:8c</mac>
<macs/>
<mailserver>127.0.0.1</mailserver>
<match/>
<match/>
<match/>
<match/>
<maxfilesize/>
<maxpreserve>31</maxpreserve>
<media/>
<mediaopt/>
<member>0</member>
<mirror/>
<mmonitRegisterCredentials>1</mmonitRegisterCredentials>
<mmonitTimeout>5</mmonitTimeout>
<mmonitUrl/>
<mode>automatic</mode>
</monit>
<monitor/>
<monitor_disable>1</monitor_disable>
<monitor_noroute/>
<monit version="1.0.13">
<MPMAlgo/>
<msgcachesize/>
<name>$HOST</name>
<name>admins</name>
<name>carp_status_change</name>
<name>ChangedStatus</name>
<name>CPUUsage</name>
<name>gateway_alert</name>
<name>LoadAvg15</name>
<name>LoadAvg1</name>
<name>LoadAvg5</name>
<name>MemoryUsage</name>
<name>NetworkLink</name>
<name>NetworkSaturation</name>
<name>NonZeroStatus</name>
<name>Ping</name>
<name>RootFs</name>
<name>root</name>
<name>SpaceUsage</name>
<name>WAN_GW</name>
</nat>
<nat>
<neighbors version="1.0.0"/>
</Netflow>
<netflowbackup>-1</netflowbackup>
<Netflow version="1.0.1">
<network>lan</network>
<network>lan</network>
<network>(self)</network>
<network>wanip</network>
<network>wanip</network>
<nextgid>2000</nextgid>
<nextuid>2000</nextuid>
<noarecords/>
<noauto>1</noauto>
<noreglladdr6/>
<noregrecords/>
<noton>0</noton>
<npt/>
</ntpd>
<ntpd>
<ntpserver/>
<numqueriesperthread/>
<nxdomain/>
<onetoone/>
<openvpn/>
</OpenVPN>
</OpenVPNExport>
<OpenVPNExport version="0.0.1">
<OpenVPN version="1.0.0">
</opnsense>
<opnsense>
</OPNsense>
<OPNsense>
<optimization>normal</optimization>
</outbound>
<outbound>
<outgoing_interface/>
<outgoingnumtcp/>
<outgoingrange/>
<Overwrites/>
<password/>
<password/>
<password>$2y$10$YRVoF4SgskIsrXOvOQjGieB9XqHPRra9R7d80B3BZdbY/j21TwBfS</password>
<passwordauth>1</passwordauth>
<path/>
<path/>
<path/>
<path/>
<path/>
<path/>
<path/>
<path/>
<path/>
<path/>
<path/>
<path/>
<path>/</path>
<path>/usr/local/opnsense/scripts/OPNsense/Monit/carp_status</path>
<path>/usr/local/opnsense/scripts/OPNsense/Monit/gateway_alert</path>
<permitrootlogin>1</permitrootlogin>
<pf_share_forward>1</pf_share_forward>
<pfsyncenabled>0</pfsyncenabled>
<pfsyncinterface>lan</pfsyncinterface>
<pfsyncpeerip/>
<pfsyncversion>1400</pfsyncversion>
<pidfile/>
<pidfile/>
<pidfile/>
<pidfile/>
<pipes/>
<plugins/>
<policies/>
<polltime/>
<polltime/>
<polltime/>
<polltime/>
<Pools/>
<port/>
<port>22</port>
<port>25</port>
<port>443</port>
<port>53</port>
<port>80</port>
<powerd_ac_mode>hadp</powerd_ac_mode>
<powerd_battery_mode>hadp</powerd_battery_mode>
<powerd_normal_mode>hadp</powerd_normal_mode>
<ppp/>
</ppps>
<ppps>
<prefer>0.opnsense.pool.ntp.org</prefer>
<prefetch/>
<prefetchkey/>
<preSharedKeys/>
<primaryconsole>video</primaryconsole>
<priority>255</priority>
<privateaddress>0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10</privateaddress>
<privatedomain/>
<priv>page-all</priv>
<Profile/>
<promisc>0</promisc>
<protocol>https</protocol>
<protocol>icmp</protocol>
<protocol>tcp</protocol>
<protocol>tcp</protocol>
<protocol>tcp/udp</protocol>
<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRRExzTERuNG1rVHhFclgKdHdqTXoxencyeHJhNTZ5bTYrYzlRNEM3UjMyMzVuWjVPM1ovdzMva01XZjkvbkZsamcyQVdYRElKY1dmOTQ0UgpFblFMdmlha2NNTHR1Qm1KTVRYZnVQWnhsSWE4Wlc0S0ZuT21UUzRZcUJXOEdCSkl3TG1DaTFvZGhZeGZQRDZMCldEZnZYMm1tWEIrUFNxL0l4WEhOSjdxZVB4YzVuSzUyMW1uNW5DQW1kUENjYmZ2Z1d1QzZOeFZtemR5em1rVC8KNnVqRUJFYTZ6RkQyUUtDN1N6a2ptZUNpd2VDQjc5NjZqeEV5UWtWUWpiVDkwWXJ4Q290TyttMkhBTlBkc2NPcQpvNldXMEhmSlNpa2k4K2NDWHlzbGRFSzFZbmxueTNFWlVqTExWamVFL1dBVTRDUFlSaFhUVUZVMjFkVXZrM29hCkVpeldVdmhKc1FHYnh2aFRUQlN3aVliOUQ3Ymx1MWl4UzJxNzczOTlVZ1E3cVM1QWE4SUdtcDg1Q2hRSUFZRWMKSTd6RGVWTGtrOGpkWkFCaTdGbDl0M05OQTU3WlVZVzErWE45K1RneWMxOVNsajFVbVF2RG96TEJDOTlNUmkvNApEQTIxRFpIODY3ekFYenFqZWUrckorQkZvNzVEQjlqd2tMTmVQZWl6bFF6dEhaalJTS2dpZ1I1T0pKa1JUci82CjduaTBtbzVITGNkU3hBSDFmdXdXS0hWS2RHQlQrNjhhYkUrZ2tRKytUOEx6dWErUW1qTE5RUWoxUkJIVjNLNVAKL3dvbXJKZG02d1ZLbm85RXlNait4azFwS05wb0F4UnR1WllmQ0RVVVBaNHVwQm1vMEs3d0Y0d21XdVdhK21Wdwplb1ZTcDRXMEhOWVJGU1pyWWxrc1AzdWViSHcva1FJREFRQUJBb0lDQUFzc3hPL2IzSTd3a0hpWU9wdmQ3b2ZxClJXVm9HM0ZHOVBkSCtrcU1DQW9zVXlpZ2lnWkZhQUZSY3BhZFBJUnBVRFZQOHQrUUx2RHhTSEtJVkNTR3lLRHgKN01mVTkxV3ZCUGtpc1NhWEV2TklEMHJ2WTJYbXl4WWdOcDBNcHdnbHhxZXlWSDNWSTFmZ09zQXpWVkpGSmtzeAp0NnVKV2U2R1lwRnlVZ3MzZytNdHhPYVJLZHcvWkFZb0dVRkR5WE5NR1JNdVRYYkg2WWxTOStFZ2RxZTJZbGtDCk41amkvODUydUlwSytXZUVnbmd1ZkVZNDdpVVhQSzFJTVB0UjRURUxOb3hkTWVBYnZBUG9La2QwMWZOWnVaQ3EKQ0dxNS9kMEQ4cDZKNjlUK3M1RnR1R1UrdkxtcUg3NmtsZjVmTTZnOFpCc2xSNStNQ0xlay9DaHRBZGU2VXBQRApXQ2EwazU3dmdneUdQdGVlVXY2RVJBMEp6SjlJd2VHZGdVWHhNdW5LK3ZSNWYydWJKWFJoMVJpNTNFSTNvVUxYClFvWm9hOTY3VzNUajQ3UzR2RlQyK2dLb0g2OXlNckdVNVkwcjJrSTFXMVVhWEJ1aVVrMi94amdyWVdTblUzUUQKZkM3ZXllTlNlN3c4UW9MMVBEYXJwVXdaK2xGZ0w3NFVScldLQU12WVhxa3NTMHVtb0tTSWo4cjZMM0hVSUVaUgpZRzhBTU91dFhrQk5lMkNpTXRKM2NYUXNIOWloQU9QL3AvaE9BTTBGNkM3Ymt1Vm85d1pRdDVESWxRWUl4TlArClFRZ2doRnhBNTlTWmpwRk00QkN5L0hEOENJY3VuSURZOVNlbXNSYXdyUVY1eGk1akFScVdOYTdBSVMvVlArdUUKQkpmS0dDNFlZVmxqS1VLeEgxVUJBb0lCQVFEcnZOWXNrd3ZhQ2Z6MlcvbkIrRjNjVE1RbjM2RENSYnZwQ0s1dApldm96TjJGbjBJdWFnN2RrYzN2NTFxTVNEd0h1cVNkVTRHUHZMcm83alpJaFNEZ1AwLzBLWmc0VmxtZE5HbEovCk1lcXhmOGRkOFdTQjZiUksrK2FRcEhaeDd2SUFTWkE4eHkvZ3F2NGJpSmlqVDhUQ2lSeXdYSTQ0ZlRYM0xLZTIKVG1Uc29XNk9yQmErSWJRYjBpTEh4WE4rZ3JDM0cxWWxIUlNvTEpKUkU0eFVLMGsvM1JLNU16RjRIYUNZb1BWOQpDOFpQellMR253SE9ERU8zbHRtSGJvQUNFa0VrT2dFV3U4RFo2YlYrMXJBcVh6WnN0L3hNZnJ5KzlMRVdYQUwvCkRnOEdkall0YzdyUTFZd1BIY1h6cFo2clVIdXh2K0p6VEE1ZzNCS1p6aWhwNFdHaEFvSUJBUURkTXE3N0dRWGMKYW5hYlMxanlFT3VzNFp5ZlJ4cW10NEVFaHZjY0dRVVVrV0IrWk11bnpyaENxb3ZwQ1dhVU9zWVhuNG45Y3BQSAo3bm1mOUJHbFI4NVhCVHNLM2d4bE5NMUhjSGFTNXZSem9WQVBNd3o2VVV0ZFNLWXRLR0Q3Wkxmbm9ISXN1SlEzCnJ6WWIyTFhpVmx6MWlNNUVmT0VrL1J5UjBwMGtleXVwa0F0OXBRV0hzaURYb0pibDE2d1ZLc2NDNGUzNjdRRWsKcFdoeXcyS3A4bXdtOGxqQllxZWtHdUREeGVZSDMzMVlGa2FMUEJCT2xPQnlveFlOUDdBVVREUlV3KzB1T01jNwozb0N1VE9jWnAxVWMwQURBOXRTRVRINklWdlFEUXZlYzR6MWRTVGRmUEkxRzVUTCt4Mzlvam5OcGVoYng0bEwvCmRxTTBmcFlPL2ZmeEFvSUJBRmwzOU8wNzdjNlY1ZHoyY1djTnhVbThGT0p4UEVrZlFEOGtYVmNOeW5HdnZoY3gKamhwWmpUdmhuSmJvd0VFMVV1MXFZNVFTQ2J1WVIzUWN1ZTVKdzRVMlZwNGd0NDIzNUlMZHo1dVlyVk1xaE5jQgpxN3ltbnhlcVhRcGVjTm15NzBQdXA0QjV0SkVYTkpQc2xzbThsNWVoaERMbkhjOFFybStlRWhUZDBlNEJJcjJoClVJeGVyRVcyemg1MXNPeTkyeVhUaVRGU3hTbENxVkYrRXM5TEVtVGJtYVNTYWw4RkY1TjEyMVhYSnkvWWRwNjkKY0dqc1BMTXIzR2xMSmVnalYzZlJUK0o1NWFxT3lhUlhCTXRBRVo3WGdUampETzJJWHNGMnNHaHV4SU1XVUYrVgp3YnhLbi9xSXVUMU1pVmpKbGZpVE0vWEFVdUN1QlowOEloaDFRcUVDZ2dFQUZwdzJySzRMSGxPM21mb2l0bU9xClkzcVFVdXVtdXNIcEt6aE1qQSsycURxUC9YdDZJY1lNcWF2YkwwL3ByMTh1bm4yTlVsM2k0ejNxS3NKOUIwTUcKd1hoa1o2RDQ3V052VkUwWG9iNS80RTN0N0EvUTFNbDRoYW1HYXZsRXFJM01DcDRvN1k5VWZ6aW10RVA3bTQ0dQpaRjYranR1ZysvSHZlS3hwcWEvNWI1U3N5QVFWUTZDZW9Ndm1nTW9CNmd2OFdid1VZbURWakJSb1Q4clBEQVllCnJnQjV1QkxJaGdyRlROMnV2TUZJZzdlTE1ISk1UR3dGWVZKd1Q1eGgrRUV0M0RoR3gwSEFnOHNqcGkxd05md1gKeENFeTRvYVloSWw1S2FDUndyK1dwZS9JZHYrajdGVTVMN1QvK0hFV0FlOEZ0eE5td3dUYWJRaUllRFkwU29ZRgpVUUtDQVFFQXRiclZqbTFsaDQ1REhIWnVsem4xNllIQzJrMUYwWG9FZFVSQ3o0QTFsMHBEK3ljL2srdmJ0Qmg0Cm1RRDV1a3FicHFFZy9GNUhDZmdOaHlieHNNdVV6NzFaU24zN2dwczNDWUdiUyt4RkhjZTJBakNTbUlYQWIxQjgKR0Z2WnV4UlB5QXU0YVBvT1J3RzM3NVBOM0VNNk83bzdxbjlYeExTZWRIMHExM2U0YkhYYm4rc2xOa1RIM2xmcwpLVnBOUUhVSUNDSW5vQ0llV1dwdnAwQnFoYjlKclRsbXd2c25zOHpZVDNiY3F5QXZHZGRnNUs3Y0MwRVJaem9ECnFJTkI3S05FVjQ1NmF0eDZVT3VYUlpKREMvaHNJUTZNaVBveUJacHRsK1ZIMEtQbEFIWGExb0FXZmNuL0U3MFYKK0RaeVBiMWxkQUdpb1hqditGd2h5VzZlWEVrQlBnPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpSQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1M0d2dna3FBZ0VBQW9JQ0FRREpTUWVnVFhySnl0NVYKYmk0Rk9IeHJrOXhxQ21FRU54V2pINVVwNDBFK3hjUzZQU1NyQ0RyVzdkOVhxUmQ4SkRkQ210a0tEaUxhY1pTMgpMUm1abnd6VnRzZGtBR2pOYm5OM1hSNmlFajdGL0JnbVBlcDFTaklacFNnM2Q5L1h4cU9BM1lCWXNNL25ST29YCnlmTHcycFJOLzhHVjN3MHoxbVFZUitMZWI3UTFuc1c3dTJ5NytUdzlJNkZTQnhuR1pHdHJQWXk2RUFvQ0x2bUYKQnFCYWxkWTQ2ejdlWjlIRkZXaE8ybWpaUzVPdTE3ZVozVHBxcFFNUHVPYnFXcXJoTTF2NWN2Ymh1TmRESE1ndgpVVFVnQ0RNK2FkS3dIc0dNNGw5ZGtOQTgxdGlJcXpzN1BqcjFSbTAyVW5RdGd5bzNjeE9FdWxiT2dTSGx0aFMyCmtUMXE2UmhyemYvRGRJSEhta1RROGtwWVloWGc0VmpMQVdpSVBub2dydmxFSVYwRGFDdkQyNmJGRENtWTFzb0UKbDV1NGtYanJScDRXK29NUVRHeG80NzFMQnNBMlh1Si82ZFJBQkxXOHh1cEU4OERiaWtZbnU1V1BpSnpleHhRUgoyNU1FQVd6TCtKK0lubFExbmpMVWwyN3R0c1VQQ1VjL3c0NXpwcEREdjBmdTQ2enVLcTNjRVZGK2JESytBZ2VPCkQ2SXNzUjVRRTdFNVdkWjYrNWl6ZHB4eWdUeGh0L1k1RlBkSEdCOUJsMWt6NHhsdGFzOW9uZmtIMWRUeTd3MU0Kck43Z1l5WjgvS0pMWW9EY2NBOVFuNGt6bGtPeFVUMENuS1Exa1Y2T3RoVGxUWDMrZ25pSkkrdFdZRDltNGV1cwpzYWN1anpyWDl5TTNZcEloMnZqODJ0NHpPNjIrNFFJREFRQUJBb0lDQUNPNnZpc1BIY3pzb1NjK2dkWkU1dGNNCnZkc240UDFIenVRd0VzRUcrVG1zanVWMVBZbExrbkE4OU1DQmdDejEyOFpMcU51ZlUwSDkxK1Uzbjd2MGJ1bVAKd3BpR2R4UUNOMlpZaGZ2RWE5YW1qMTNZYjBJbks3b0FKbUdrT254NW91UFl6YlBRblBNRE9WK0VKa2JwTWRxZgptOHdmOWg2OXYzSk03bUZJS0UrOVVZR252UjhuMkhETTNwR3FONEhQS1A4MkE0RXlvQ2d2a1BTelRxc052bU5ICnBOY0RURW5rNlNsWUhUVDNOSzJjVnBldUhMUzUrazlqNWI5elhUSlE5TkpVZlN6bnEvUmFpMUZVNDY1K0xpUjEKMGVPWDdnajFWUExOcGgwcWtQQy9ubW0vZStVMmZXUGZZb2FDcWkrQ0VwU2twQXlQZ1FZZTJsSG0rYVU4MzZ2UQpuaHZuL0p5ZHJDL1NyTUFZaXpOZFYyZjlHTkNwcE1SbUZyOS9saVJiNEFpSzRLSDRETGdSRUxHaDJLNzJuOFRLCkxUSVhIV3RacisyMWU4c0Mxbm5MSENnK21wMHBvSWJsbEtoYk9VTmVxR09yWm95NFBXdDZMQndFYzN0MG1wVEMKODhiSUpqMzFCQngzTGE1SUE5b0FNRi9lbHJYdFhhVnl4bm5yTHdjYzFNVWpCV20rZDVqbC9WOEdIcEJRd3pXYwpPNWdNSXlQNUIvdzBacUcyZjV1akZkOHo4dElmcEFRRTJSbDNxRUFYNU1NY1JQaFlTNDJqTWl4czc3TmtOVldQCkpqUVoxVDVXQTVKOUxEL2FKRkplQ2MvbjhpNldOQ3FzdEQ5OVNPTCsrTTBFQTlka2lLNWtOcXFZeXZuRG9SZVcKSW84eXhvVnpObURsWjBkSU9UUzlBb0lCQVFEb2tvMWxPS05FNlBWWmRRU3lmS0JOTEZNcEl1V1VVZmp0ODU4awpJTTB0TnNyS0d2N3NmYkt0dlMvOWgwMGluU2FyWTJ4amVETG91WEI5VzdKY1B1NjRoNHYwek1lbXRhdDRyTUJnClA5bkQ3MW00dERqS2ZrZDAza2tUbk4ySTBxYkwzeFVoTjNEQlJZTU9veDFMa2M4MFFFMHhSUEM1YmRJaXcwemEKTWdtK1dOZVY1VEZoSkpQZ2dVRVo5U1A2aWV1VEY0OW9wRGNWdGUwQ0I0WnFUaTRWb3YvZFVDWGpNK0djRnNWdgpPWTZYTE9KTmRldHdnUVNkd1hlSzB1WlBpWnVKTGlsTEg4OFVKYWNoQThDZW1SclMxRUtxWElwK2dkQWV4MnhVCmY5amRMMGF2SlJEY0xqWlhETXBvWlJpc0JoWVArZzY3VHZza3FscDh4M2p2STlWVkFvSUJBUURkajZrdWNLM0MKYXprMzlqYllvM3RFZ0R5L2VGNnBjWFlpK21Ba1ZNRk9vSWJ5cmNyN3BqSnRMNFMyMEFDRmpBUGFQT042dWVVWQpQQm92dC9QODB1V1c5cGZCK29mRmdadzRqc3hLWFY4eEJmOVdLWVZndFBsOHhIL1RJcERTMjhVTlowNDlhUW4vCjlCRzNac0lyenk3RzFLRTZPLzBMMnVmMnFyaUxxRFQyV3dsdFVsbWs2Ym5NeThkR0sra1JLcFhvSm1RTlNHRHoKOXd4blU2ZmZ1NDdDLzRYMHRIVk1MVFVneFh4djdqN3BpSzI4dzBuZ1N5S3ozV0IzWTJwaFVsZEJIdEprQko1RQpoRm8zMXJCVDU5enhkb2crYXh1bkh4S3EySGFHRkt0ZUZ6RGpkTTFpQzE3bWNtWXBzR2tuenA0cjRjZm5FYTFSCko4Wmo5ZVFQaEVOZEFvSUJBUUN3d2hsbXNkb2MySFVJVFZDSm13QjJSdGJaYitWT2lkS0lmdDBYcHpwcFA3aDIKVEhndEl3ZDIxayt2LzNJWGVaclhMWlJHTVNkNEN1QTgxa0ZEckt6Z1lGeDFiR0hkQ1R2T1ZuVkxjWnUvTjUxWQpMTmp3eFhMbmxyMnhnMG8zMytuWERyQlBjNFJsejcvZ2t3WUQxa2pGckkwK2dlZjI5a2w4RkRUSHJMb05DaGFuCm5PNmZweDRneGZ2Rmo3T05pZDhhQnhEK2RiaEw3dDIzNmlJMWp6K2xRQ0g0Z1I2YWhHYldxOVBZU2NWZWprVmMKbTkrWnZPVFdSU0RteUkwMExDQ2k3UXVEUmlTcmFrYVFaL3F3VHlxOHk0ZnpWS3dKby8yYU52VFZiK2xSaWNuTgorWHpMNnU5dno0L1NNZXZEYWtqQVVjdDZmbmVQa1UxK2dsZ2VZSHlWQW9JQkFRRFJtYW0wVEZhbFdXaHMvNWtOClEwTkhINFhZb1JmMGRta0xXQStCNzBoY2lOS0JYRlp0ME9GZGw1bVdsSm9adk1hY1BBUDd3MGJ1c1ZVWWxZN1YKTy9LRTZVM1I3WjlxQWw1Mnh1aU81Vnc3ZFhBRDVBM1EyZ1EzdTNFdG5VS2lwOVA0QlNYb1JLbDRJVDV0WVdJSgpyZHVUciszQ3VLT0FCcHh4Snpxa3JBRkdtZ01HRCtUTWRXd1hTU1NBeHVPYklNMW1MSU4wYVdlSEJNMFFKdnptClZIb1BFVXA1b0FwamdWVUVacTk4K0VjK0NOWkxmL2d3bndQNllsQnpRWEtQRlNXRWJwTWNtWjNjTmRWZmc5T1YKM1FDUTBkQzhNL21hRlhSRWVibE95TmtCanpEcHpVTExJUFNyVDhoRVlpWm95VGVyVGRJZVVBUEZoYnBTTUhtTApFRlhsQW9JQkFRQ0VUdVJQRHZvMC9tdDhyTzhLNENsamtuU0gxZ1FBSjFha3U3UXg3NUJUTDB6OWRNY2lMK1JLCng1R1lFTW1wcUtNb2FPbWc0WFVRMVRlQ2Vic1R0NjMyWXp6cmNCU0d1RzVnN1o0UUVublUzRXU5QklIMUVSL2gKSEk0NWowU0xNRUpObkNiTkpnRVNRRUFCbzN3cHhrRTdiRGlNdTVPOXVqMlFRVTlTTm94QkFmbVFXRDJJaU1BRQpWYzV3QTNZajBMdElSYkJmdzNBTE9uNlRSc2xucy9JMnd2Z1RCQW9sU3NZbEtEK0NRY3hDZldlNmZwU21aYmlCClBGUE9DY1ZQTXhGeXBhZWFJMkRXNWRPNFNoNGQ0ZlZma2F3ck9LN1N2QnFZb0Y5L2VndThzQS9ZdklaRVltQUQKd0ZIOGs1QjJ4WXdiNkVmNmFFQ29ZTitsNWtlWmhNWTgKLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
<qnameminstrict/>
<queues/>
<quick>1</quick>
<quick>1</quick>
<quick>1</quick>
<quick>1</quick>
</range>
<range>
<reboot/>
<recipient>root@localhost.local</recipient>
<refid>6734d13fa9e4a</refid>
<refid>6734d6c82dc59</refid>
<regdhcp/>
<regdhcpdomain/>
<regdhcpstatic/>
<reminder/>
<remotes/>
<reservations/>
</revision>
<revision>
<rocommunity>public</rocommunity>
<route/>
</rrd>
<rrd>
<rrdbackup>-1</rrdbackup>
<rrsetcachesize/>
</rule>
</rule>
</rule>
</rule>
</rule>
</rule>
<rules/>
<rules/>
<rules/>
<rule uuid="0465308d-8605-466c-bcb4-95eeb989251a">
<rule uuid="2df05591-13e7-4d91-a1b8-d25e338ada5f">
<rule uuid="4a5e7b65-0d7f-4452-8a29-2ec61a47ec19">
<rule uuid="b21f808a-6a4a-4cd6-9a83-1660cc8ea58b">
<rule uuid="f2ee612c-c290-4445-8045-df82a86db0e5">
<rule uuid="f79eded0-3c11-4f57-9aaa-55d4888589fa">
<safesearch/>
<scope>system</scope>
<scope>system</scope>
<secondaryconsole>serial</secondaryconsole>
<sequence>system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show</sequence>
<serialspeed>115200</serialspeed>
<serveexpired/>
<serveexpiredclienttimeout/>
<serveexpiredreplyttl/>
<serveexpiredttl/>
<serveexpiredttlreset/>
</server>
<servers/>
<servers/>
<server version="1.0.0">
</service>
</service>
</service>
</service>
<service uuid="7513f341-7d21-4f11-903f-30d07b3aa41e">
<service uuid="c1e99556-91f5-4dbf-81d7-7915a3213de9">
<service uuid="dca8a81f-d389-4baa-b477-8b348194fd25">
<service uuid="f99ada79-ba1a-4ee1-81f1-ef570e8e5ea9">
<snatrules/>
</snmpd>
<snmpd>
</source>
</source>
</source>
</source>
</source>
</source>
<source>
<source>
<source>
<source>
<source>
<source>
<SPDs/>
<spoofmac/>
</ssh>
<ssh>
<ssl>0</ssl>
<ssl-certref>6734d6c82dc59</ssl-certref>
<ssl-ciphers/>
<sslverify>1</sslverify>
<sslversion>auto</sslversion>
<start/>
<start/>
<start/>
<start/>
<startdelay>120</startdelay>
<starttimeout>30</starttimeout>
<starttimeout>30</starttimeout>
<starttimeout>30</starttimeout>
<starttimeout>30</starttimeout>
<statefile/>
<statetype>keep state</statetype>
<statetype>keep state</statetype>
<statetype>keep state</statetype>
<statetype>keep state</statetype>
<StaticKeys/>
</staticmap>
<staticmap>
</staticroutes>
<staticroutes version="1.0.0">
<stats/>
<stop/>
<stop/>
<stop/>
<stop/>
<subnet>24</subnet>
<subnet>8</subnet>
<subnets/>
<subnetv6>128</subnetv6>
<subnetv6>64</subnetv6>
<subscription/>
</Swanctl>
<Swanctl version="1.0.0">
<synchronizetoip/>
<syncitems/>
<syscontact/>
</sysctl>
<sysctl>
<syslocation/>
<syslog/>
</Syslog>
<syslog>0</syslog>
<syslog_eve>0</syslog_eve>
<Syslog version="1.0.2">
</system>
<system>
<targets/>
<templates/>
<templates/>
</test>
</test>
</test>
</test>
</test>
</test>
</test>
</test>
</test>
</test>
</test>
<tests>865105a2-cbea-4a01-9979-c67818da9d99</tests>
<tests>91b4e409-211b-49d5-9fa3-dc9054106646,cbe9cb72-e8c2-4740-990c-abcc486b0654,c0708923-88de-4178-abdd-819737440ce0,e887125d-c5d2-45e6-b40d-2c400d5449d1</tests>
<tests>cc3684f2-701e-4de4-883d-803e08cf47b6</tests>
<tests>f2d734cb-2a0e-4375-9460-11bdd5b20503</tests>
<test uuid="16186b38-0e13-4cc3-ad18-ccc3fcc91837">
<test uuid="69117d4d-8c41-4712-97c0-87b4fa7c9837">
<test uuid="865105a2-cbea-4a01-9979-c67818da9d99">
<test uuid="91b4e409-211b-49d5-9fa3-dc9054106646">
<test uuid="c0708923-88de-4178-abdd-819737440ce0">
<test uuid="c34aab30-9194-4667-b516-004b9c90c1c0">
<test uuid="cbe9cb72-e8c2-4740-990c-abcc486b0654">
<test uuid="cc3684f2-701e-4de4-883d-803e08cf47b6">
<test uuid="e887125d-c5d2-45e6-b40d-2c400d5449d1">
<test uuid="ea6b821c-4f30-455b-bd5b-23a6f0c20554">
<test uuid="f2d734cb-2a0e-4375-9460-11bdd5b20503">
<theme>opnsense</theme>
<this_server_name/>
<time>1731518072.7612</time>
<time>1731518072.7612</time>
<time>1731518084.0639</time>
<time>1731518084.0639</time>
<time>1731518114.2801</time>
<time>1731518114.2801</time>
<time>1731518311.7033</time>
<time>1731518356.7559</time>
<time>1731534516.7156</time>
<timeout>300</timeout>
<timeout>300</timeout>
<timeout>300</timeout>
<timeout>300</timeout>
<time_period/>
<timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
<timezone>Etc/UTC</timezone>
<to>10.100.8.245</to>
<toclient_groups/>
<toserver_groups/>
<track6-interface>wan</track6-interface>
<track6-prefix-id>0</track6-prefix-id>
</TrafficShaper>
<TrafficShaper version="1.0.3">
<tunable>hw.ibrs_disable</tunable>
<tunable>hw.syscons.kbd_reboot</tunable>
<tunable>kern.ipc.maxsockbuf</tunable>
<tunable>kern.randompid</tunable>
<tunable>net.inet6.ip6.prefer_tempaddr</tunable>
<tunable>net.inet6.ip6.redirect</tunable>
<tunable>net.inet6.ip6.use_tempaddr</tunable>
<tunable>net.inet.icmp.icmplim</tunable>
<tunable>net.inet.icmp.log_redirect</tunable>
<tunable>net.inet.ip.accept_sourceroute</tunable>
<tunable>net.inet.ip.portrange.first</tunable>
<tunable>net.inet.ip.random_id</tunable>
<tunable>net.inet.ip.redirect</tunable>
<tunable>net.inet.ip.sourceroute</tunable>
<tunable>net.inet.tcp.blackhole</tunable>
<tunable>net.inet.tcp.delayed_ack</tunable>
<tunable>net.inet.tcp.drop_synfin</tunable>
<tunable>net.inet.tcp.log_debug</tunable>
<tunable>net.inet.tcp.recvspace</tunable>
<tunable>net.inet.tcp.sendspace</tunable>
<tunable>net.inet.tcp.syncookies</tunable>
<tunable>net.inet.tcp.tso</tunable>
<tunable>net.inet.udp.blackhole</tunable>
<tunable>net.inet.udp.checksum</tunable>
<tunable>net.inet.udp.maxdgram</tunable>
<tunable>net.link.bridge.pfil_bridge</tunable>
<tunable>net.link.bridge.pfil_local_phys</tunable>
<tunable>net.link.bridge.pfil_member</tunable>
<tunable>net.link.bridge.pfil_onlyip</tunable>
<tunable>net.link.tap.user_open</tunable>
<tunable>net.local.dgram.maxdgram</tunable>
<tunable>security.bsd.see_other_gids</tunable>
<tunable>security.bsd.see_other_uids</tunable>
<tunable>vfs.read_max</tunable>
<tunable>vm.pmap.pti</tunable>
<txtsupport/>
<type/>
<type/>
<type>custom</type>
<type>custom</type>
<type>filesystem</type>
<type>NetworkInterface</type>
<type>NetworkInterface</type>
<type>NetworkPing</type>
<type>none</type>
<type>pass</type>
<type>pass</type>
<type>pass</type>
<type>pass</type>
<type>pass</type>
<type>pass</type>
<type>ProgramStatus</type>
<type>ProgramStatus</type>
<type>SpaceUsage</type>
<type>SystemResource</type>
<type>SystemResource</type>
<type>SystemResource</type>
<type>SystemResource</type>
<type>SystemResource</type>
<type>system</type>
<uid>0</uid>
</unboundplus>
<unboundplus version="1.0.9">
<unwantedreplythreshold/>
<UpdateCron/>
</updated>
</updated>
</updated>
</updated>
<updated>
<updated>
<updated>
<updated>
up your logs consuming your whole hard drive.</descr>
<url/>
</user>
<user>
<userDefinedRules/>
<username/>
<username/>
<username>root@192.168.5.204</username>
<username>root@192.168.5.204</username>
<username>root@192.168.5.204</username>
<username>root@192.168.5.204</username>
<username>root@192.168.5.204</username>
<username>root@192.168.5.204</username>
<username>root@192.168.5.204</username>
<username>root@192.168.5.204</username>
<username>root@192.168.5.204</username>
<usevirtualterminal>1</usevirtualterminal>
<valid_lifetime>4000</valid_lifetime>
<valloglevel>0</valloglevel>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<verbosity/>
<version>v9</version>
<vip/>
<virtual>1</virtual>
</virtualip>
<virtualip version="1.0.0">
<vlan/>
</vlans>
<vlans version="1.0.0">
<VTIs/>
<vxlans version="1.0.2"/>
</wan>
<wan>
</webgui>
<webgui>
<weight>1</weight>
<whitelists/>
</widgets>
<widgets>
<wildcards/>
<winsserver/>
</wireguard>
<wireguard>
</wireless>
<wireless>
<?xml version="1.0"?>
<zones/>