forked from NationTech/harmony
feat(opnsense-config): Xml parsing now works great to parse a full production config. Only some element ordering that is not consistent across multiple elements of the same type sometimes does not match but moving some stuff around gets us easily to a 100% matching file
This commit is contained in:
Jean-Gabriel Gill-Couture
@@ -28,28 +28,22 @@
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>
|
||||
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
|
||||
<descr>Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
|
||||
It can also be used to probe for information about your internal networks. These functions come enabled
|
||||
as part of the standard FreeBSD core system.
|
||||
</descr>
|
||||
as part of the standard FreeBSD core system.</descr>
|
||||
<tunable>net.inet.ip.sourceroute</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>
|
||||
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
|
||||
<descr>Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
|
||||
It can also be used to probe for information about your internal networks. These functions come enabled
|
||||
as part of the standard FreeBSD core system.
|
||||
</descr>
|
||||
as part of the standard FreeBSD core system.</descr>
|
||||
<tunable>net.inet.ip.accept_sourceroute</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>
|
||||
This option turns off the logging of redirect packets because there is no limit and this could fill
|
||||
up your logs consuming your whole hard drive.
|
||||
</descr>
|
||||
<descr>This option turns off the logging of redirect packets because there is no limit and this could fill
|
||||
up your logs consuming your whole hard drive.</descr>
|
||||
<tunable>net.inet.icmp.log_redirect</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
@@ -190,17 +184,14 @@
|
||||
</item>
|
||||
<item>
|
||||
<descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
|
||||
and for the sender directly reachable, route and next hop is known.
|
||||
</descr>
|
||||
and for the sender directly reachable, route and next hop is known.</descr>
|
||||
<tunable>net.inet.ip.redirect</tunable>
|
||||
<value>0</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>
|
||||
Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects
|
||||
<descr>Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects
|
||||
to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect
|
||||
packets without returning a response.
|
||||
</descr>
|
||||
packets without returning a response.</descr>
|
||||
<tunable>net.inet.icmp.drop_redirect</tunable>
|
||||
<value>1</value>
|
||||
</item>
|
||||
@@ -1039,10 +1030,10 @@
|
||||
<direction>in</direction>
|
||||
<quick>1</quick>
|
||||
<protocol>icmp</protocol>
|
||||
<icmptype>echoreq</icmptype>
|
||||
<source>
|
||||
<any>1</any>
|
||||
</source>
|
||||
<icmptype>echoreq</icmptype>
|
||||
<destination>
|
||||
<network>wanip</network>
|
||||
</destination>
|
||||
@@ -1058,20 +1049,20 @@
|
||||
</created>
|
||||
</rule>
|
||||
<rule uuid="492b7596-d929-46cb-a6b9-c9cc34a0ca74">
|
||||
<associated-rule-id>nat_618812d37b8193.31302503</associated-rule-id>
|
||||
<interface>wan</interface>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<statetype>keep state</statetype>
|
||||
<descr/>
|
||||
<category/>
|
||||
<protocol>tcp</protocol>
|
||||
<source>
|
||||
<any>1</any>
|
||||
</source>
|
||||
<interface>wan</interface>
|
||||
<statetype>keep state</statetype>
|
||||
<protocol>tcp</protocol>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<destination>
|
||||
<address>x3690_3</address>
|
||||
<port>22</port>
|
||||
</destination>
|
||||
<descr/>
|
||||
<category/>
|
||||
<associated-rule-id>nat_618812d37b8193.31302503</associated-rule-id>
|
||||
<created>
|
||||
<username>root@192.168.1.118</username>
|
||||
<time>1636307667.5059</time>
|
||||
@@ -1079,20 +1070,20 @@
|
||||
</created>
|
||||
</rule>
|
||||
<rule uuid="eeba39a9-d0f6-4b1e-a785-7278b0b241ab">
|
||||
<associated-rule-id>nat_64fa19f4acba11.80049900</associated-rule-id>
|
||||
<interface>wan</interface>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<statetype>keep state</statetype>
|
||||
<descr/>
|
||||
<category/>
|
||||
<protocol>tcp</protocol>
|
||||
<source>
|
||||
<any>1</any>
|
||||
</source>
|
||||
<interface>wan</interface>
|
||||
<statetype>keep state</statetype>
|
||||
<protocol>tcp</protocol>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<destination>
|
||||
<address>192.168.20.150</address>
|
||||
<port>7860</port>
|
||||
</destination>
|
||||
<descr/>
|
||||
<category/>
|
||||
<associated-rule-id>nat_64fa19f4acba11.80049900</associated-rule-id>
|
||||
<created>
|
||||
<username>root@172.12.0.10</username>
|
||||
<time>1694112244.7075</time>
|
||||
@@ -1100,20 +1091,20 @@
|
||||
</created>
|
||||
</rule>
|
||||
<rule uuid="c19adc1c-fec2-4183-93ed-5e46efca1adf">
|
||||
<associated-rule-id>nat_64fb1fbba71e29.76190279</associated-rule-id>
|
||||
<interface>wan</interface>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<statetype>keep state</statetype>
|
||||
<descr/>
|
||||
<category/>
|
||||
<protocol>tcp</protocol>
|
||||
<source>
|
||||
<any>1</any>
|
||||
</source>
|
||||
<interface>wan</interface>
|
||||
<statetype>keep state</statetype>
|
||||
<protocol>tcp</protocol>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<destination>
|
||||
<address>192.168.20.150</address>
|
||||
<port>7861</port>
|
||||
</destination>
|
||||
<descr/>
|
||||
<category/>
|
||||
<associated-rule-id>nat_64fb1fbba71e29.76190279</associated-rule-id>
|
||||
<created>
|
||||
<username>root@172.12.0.10</username>
|
||||
<time>1694179259.6845</time>
|
||||
@@ -1121,20 +1112,20 @@
|
||||
</created>
|
||||
</rule>
|
||||
<rule uuid="c0831633-8c3b-408e-82d0-3e3f61d0ee3d">
|
||||
<associated-rule-id>nat_64fb1fcea6d8b7.62653343</associated-rule-id>
|
||||
<interface>wan</interface>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<statetype>keep state</statetype>
|
||||
<descr/>
|
||||
<category/>
|
||||
<protocol>tcp</protocol>
|
||||
<source>
|
||||
<any>1</any>
|
||||
</source>
|
||||
<interface>wan</interface>
|
||||
<statetype>keep state</statetype>
|
||||
<protocol>tcp</protocol>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<destination>
|
||||
<address>192.168.20.150</address>
|
||||
<port>7862</port>
|
||||
</destination>
|
||||
<descr/>
|
||||
<category/>
|
||||
<associated-rule-id>nat_64fb1fcea6d8b7.62653343</associated-rule-id>
|
||||
<created>
|
||||
<username>root@172.12.0.10</username>
|
||||
<time>1694179278.6835</time>
|
||||
@@ -1142,20 +1133,20 @@
|
||||
</created>
|
||||
</rule>
|
||||
<rule uuid="3f600791-1fa6-4cb4-877d-45fe2ea175a9">
|
||||
<associated-rule-id>nat_64fb1fdb48ff18.28912920</associated-rule-id>
|
||||
<interface>wan</interface>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<statetype>keep state</statetype>
|
||||
<descr/>
|
||||
<category/>
|
||||
<protocol>tcp</protocol>
|
||||
<source>
|
||||
<any>1</any>
|
||||
</source>
|
||||
<interface>wan</interface>
|
||||
<statetype>keep state</statetype>
|
||||
<protocol>tcp</protocol>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<destination>
|
||||
<address>192.168.20.150</address>
|
||||
<port>7863</port>
|
||||
</destination>
|
||||
<descr/>
|
||||
<category/>
|
||||
<associated-rule-id>nat_64fb1fdb48ff18.28912920</associated-rule-id>
|
||||
<created>
|
||||
<username>root@172.12.0.10</username>
|
||||
<time>1694179291.299</time>
|
||||
@@ -1163,20 +1154,20 @@
|
||||
</created>
|
||||
</rule>
|
||||
<rule uuid="7dd160f0-663e-465b-be94-a069df112a95">
|
||||
<associated-rule-id>nat_651ffc35e573d9.09092618</associated-rule-id>
|
||||
<interface>wan</interface>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<statetype>keep state</statetype>
|
||||
<descr/>
|
||||
<category/>
|
||||
<protocol>tcp</protocol>
|
||||
<source>
|
||||
<any>1</any>
|
||||
</source>
|
||||
<interface>wan</interface>
|
||||
<statetype>keep state</statetype>
|
||||
<protocol>tcp</protocol>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<destination>
|
||||
<address>192.168.20.140</address>
|
||||
<port>22</port>
|
||||
</destination>
|
||||
<descr/>
|
||||
<category/>
|
||||
<associated-rule-id>nat_651ffc35e573d9.09092618</associated-rule-id>
|
||||
<created>
|
||||
<username>root@172.12.0.11</username>
|
||||
<time>1696594997.9399</time>
|
||||
@@ -1185,19 +1176,19 @@
|
||||
</rule>
|
||||
<rule uuid="1e576704-da50-4dd9-a425-77fa5c4e563a">
|
||||
<associated-rule-id>nat_65aed5a66c4f65.25454286</associated-rule-id>
|
||||
<interface>wan</interface>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<statetype>keep state</statetype>
|
||||
<descr/>
|
||||
<category/>
|
||||
<protocol>tcp</protocol>
|
||||
<source>
|
||||
<any>1</any>
|
||||
</source>
|
||||
<interface>wan</interface>
|
||||
<statetype>keep state</statetype>
|
||||
<protocol>tcp</protocol>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<destination>
|
||||
<address>192.168.20.140</address>
|
||||
<port>8081</port>
|
||||
</destination>
|
||||
<descr/>
|
||||
<category/>
|
||||
<created>
|
||||
<username>root@192.168.20.100</username>
|
||||
<time>1705956774.4437</time>
|
||||
@@ -1206,19 +1197,19 @@
|
||||
</rule>
|
||||
<rule uuid="aa41dd13-9c5a-4048-8820-f9558cea8ba3">
|
||||
<associated-rule-id>nat_65aed67d497580.58958916</associated-rule-id>
|
||||
<interface>wan</interface>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<statetype>keep state</statetype>
|
||||
<descr/>
|
||||
<category/>
|
||||
<protocol>tcp</protocol>
|
||||
<source>
|
||||
<any>1</any>
|
||||
</source>
|
||||
<interface>wan</interface>
|
||||
<statetype>keep state</statetype>
|
||||
<protocol>tcp</protocol>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<destination>
|
||||
<address>192.168.20.160</address>
|
||||
<port>8080</port>
|
||||
</destination>
|
||||
<descr/>
|
||||
<category/>
|
||||
<created>
|
||||
<username>root@192.168.20.100</username>
|
||||
<time>1705956989.3009</time>
|
||||
@@ -1227,19 +1218,19 @@
|
||||
</rule>
|
||||
<rule uuid="dfd53bf0-cea9-4254-8b0a-106f327d72e5">
|
||||
<associated-rule-id>nat_65aed6961c4ea7.81903986</associated-rule-id>
|
||||
<interface>wan</interface>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<statetype>keep state</statetype>
|
||||
<descr/>
|
||||
<category/>
|
||||
<protocol>tcp</protocol>
|
||||
<source>
|
||||
<any>1</any>
|
||||
</source>
|
||||
<interface>wan</interface>
|
||||
<statetype>keep state</statetype>
|
||||
<protocol>tcp</protocol>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<destination>
|
||||
<address>192.168.20.160</address>
|
||||
<port>4000</port>
|
||||
</destination>
|
||||
<descr/>
|
||||
<category/>
|
||||
<created>
|
||||
<username>root@192.168.20.100</username>
|
||||
<time>1705957014.116</time>
|
||||
@@ -1248,19 +1239,19 @@
|
||||
</rule>
|
||||
<rule uuid="777bdd94-51b9-4daf-b744-70b9cb3c9f94">
|
||||
<associated-rule-id>nat_65f4a5b928c9a7.52477383</associated-rule-id>
|
||||
<interface>wan</interface>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<statetype>keep state</statetype>
|
||||
<descr/>
|
||||
<category/>
|
||||
<protocol>tcp</protocol>
|
||||
<source>
|
||||
<any>1</any>
|
||||
</source>
|
||||
<interface>wan</interface>
|
||||
<statetype>keep state</statetype>
|
||||
<protocol>tcp</protocol>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<destination>
|
||||
<address>192.168.20.115</address>
|
||||
<port>5000</port>
|
||||
</destination>
|
||||
<descr/>
|
||||
<category/>
|
||||
<created>
|
||||
<username>root@192.168.20.100</username>
|
||||
<time>1710532025.1671</time>
|
||||
@@ -1269,19 +1260,19 @@
|
||||
</rule>
|
||||
<rule uuid="98f400f5-1a91-46aa-8d35-f78b34bc7a04">
|
||||
<associated-rule-id>nat_662bb59baf7573.98640354</associated-rule-id>
|
||||
<interface>wan</interface>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<statetype>keep state</statetype>
|
||||
<descr>Redirecting to someservice1 on somehost9</descr>
|
||||
<category/>
|
||||
<protocol>tcp</protocol>
|
||||
<source>
|
||||
<any>1</any>
|
||||
</source>
|
||||
<interface>wan</interface>
|
||||
<statetype>keep state</statetype>
|
||||
<protocol>tcp</protocol>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<destination>
|
||||
<address>192.168.20.115</address>
|
||||
<port>11434</port>
|
||||
</destination>
|
||||
<descr>Redirecting to someservice1 on somehost9</descr>
|
||||
<category/>
|
||||
<created>
|
||||
<username>root@192.168.20.100</username>
|
||||
<time>1714140571.7187</time>
|
||||
@@ -1290,19 +1281,19 @@
|
||||
</rule>
|
||||
<rule uuid="fef5ec47-f5e7-45cc-a9f7-f8eeb6d1160c">
|
||||
<associated-rule-id>nat_663c3458b7b5e4.19986620</associated-rule-id>
|
||||
<interface>wan</interface>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<statetype>keep state</statetype>
|
||||
<descr>Redirecting to someservice81 on somehost9</descr>
|
||||
<category/>
|
||||
<protocol>tcp</protocol>
|
||||
<source>
|
||||
<any>1</any>
|
||||
</source>
|
||||
<interface>wan</interface>
|
||||
<statetype>keep state</statetype>
|
||||
<protocol>tcp</protocol>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<destination>
|
||||
<address>192.168.20.115</address>
|
||||
<port>27017</port>
|
||||
</destination>
|
||||
<descr>Redirecting to someservice81 on somehost9</descr>
|
||||
<category/>
|
||||
<created>
|
||||
<username>root@172.12.0.8</username>
|
||||
<time>1715221592.7525</time>
|
||||
@@ -1311,19 +1302,19 @@
|
||||
</rule>
|
||||
<rule uuid="4170cf4e-4116-42e9-a3ec-eff6768bca9d">
|
||||
<associated-rule-id>nat_663d85b2e3b364.53108170</associated-rule-id>
|
||||
<interface>wan</interface>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<statetype>keep state</statetype>
|
||||
<descr>Redirecting to someservice858 on somehost545</descr>
|
||||
<category/>
|
||||
<protocol>tcp</protocol>
|
||||
<source>
|
||||
<any>1</any>
|
||||
</source>
|
||||
<interface>wan</interface>
|
||||
<statetype>keep state</statetype>
|
||||
<protocol>tcp</protocol>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<destination>
|
||||
<address>192.168.20.163</address>
|
||||
<port>8888</port>
|
||||
</destination>
|
||||
<descr>Redirecting to someservice858 on somehost545</descr>
|
||||
<category/>
|
||||
<created>
|
||||
<username>root@172.12.0.10</username>
|
||||
<time>1715307954.9327</time>
|
||||
@@ -1332,19 +1323,19 @@
|
||||
</rule>
|
||||
<rule uuid="79e4325d-93af-4af2-9fa0-263c69545eb0">
|
||||
<associated-rule-id>nat_666c8932142ed6.34062700</associated-rule-id>
|
||||
<interface>wan</interface>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<statetype>keep state</statetype>
|
||||
<descr>Redirecting to someservice858 on somehost9</descr>
|
||||
<category/>
|
||||
<protocol>tcp</protocol>
|
||||
<source>
|
||||
<any>1</any>
|
||||
</source>
|
||||
<interface>wan</interface>
|
||||
<statetype>keep state</statetype>
|
||||
<protocol>tcp</protocol>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<destination>
|
||||
<address>192.168.20.115</address>
|
||||
<port>8888</port>
|
||||
</destination>
|
||||
<descr>Redirecting to someservice858 on somehost9</descr>
|
||||
<category/>
|
||||
<created>
|
||||
<username>root@192.168.20.100</username>
|
||||
<time>1718389042.0827</time>
|
||||
@@ -1353,19 +1344,19 @@
|
||||
</rule>
|
||||
<rule uuid="1b68a264-e475-4cc6-b852-0797154fdf2b">
|
||||
<associated-rule-id>nat_667cd97504d870.57128970</associated-rule-id>
|
||||
<interface>wan</interface>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<statetype>keep state</statetype>
|
||||
<descr>Redirecting to someservice858 on somehost545</descr>
|
||||
<category/>
|
||||
<protocol>tcp</protocol>
|
||||
<source>
|
||||
<any>1</any>
|
||||
</source>
|
||||
<interface>wan</interface>
|
||||
<statetype>keep state</statetype>
|
||||
<protocol>tcp</protocol>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<destination>
|
||||
<address>192.168.20.163</address>
|
||||
<port>8889</port>
|
||||
</destination>
|
||||
<descr>Redirecting to someservice858 on somehost545</descr>
|
||||
<category/>
|
||||
<created>
|
||||
<username>root@172.12.0.8</username>
|
||||
<time>1719458165.0199</time>
|
||||
@@ -1401,9 +1392,9 @@
|
||||
</rule>
|
||||
<rule uuid="96d70c20-b78c-4e18-9823-79b71eba964c">
|
||||
<type>pass</type>
|
||||
<interface>lan</interface>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<descr>Default allow LAN to any rule</descr>
|
||||
<interface>lan</interface>
|
||||
<source>
|
||||
<network>lan</network>
|
||||
</source>
|
||||
@@ -1413,9 +1404,9 @@
|
||||
</rule>
|
||||
<rule uuid="61194fb7-8916-4e30-a32b-a90495987c64">
|
||||
<type>pass</type>
|
||||
<interface>lan</interface>
|
||||
<ipprotocol>inet6</ipprotocol>
|
||||
<descr>Default allow LAN IPv6 to any rule</descr>
|
||||
<interface>lan</interface>
|
||||
<source>
|
||||
<network>lan</network>
|
||||
</source>
|
||||
@@ -1474,19 +1465,19 @@
|
||||
</rule>
|
||||
<rule>
|
||||
<associated-rule-id>nat_6709763b6a6748.85579760</associated-rule-id>
|
||||
<interface>wan</interface>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<statetype>keep state</statetype>
|
||||
<descr>port forwarding for reconfig of someservice2 somehost3</descr>
|
||||
<category/>
|
||||
<protocol>tcp</protocol>
|
||||
<source>
|
||||
<any>1</any>
|
||||
</source>
|
||||
<interface>wan</interface>
|
||||
<statetype>keep state</statetype>
|
||||
<protocol>tcp</protocol>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<destination>
|
||||
<address>192.168.20.132</address>
|
||||
<port>55555</port>
|
||||
</destination>
|
||||
<descr>port forwarding for reconfig of someservice2 somehost3</descr>
|
||||
<category/>
|
||||
<created>
|
||||
<username>root@172.12.0.12</username>
|
||||
<time>1728673339.4359</time>
|
||||
@@ -1496,19 +1487,19 @@
|
||||
</rule>
|
||||
<rule>
|
||||
<associated-rule-id>nat_670979b3279551.73601303</associated-rule-id>
|
||||
<interface>wan</interface>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<statetype>keep state</statetype>
|
||||
<descr>port forwarding for virtual ip for someservice2 servers</descr>
|
||||
<category/>
|
||||
<protocol>tcp</protocol>
|
||||
<source>
|
||||
<any>1</any>
|
||||
</source>
|
||||
<interface>wan</interface>
|
||||
<statetype>keep state</statetype>
|
||||
<protocol>tcp</protocol>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<destination>
|
||||
<address>192.168.20.1</address>
|
||||
<port>55555</port>
|
||||
</destination>
|
||||
<descr>port forwarding for virtual ip for someservice2 servers</descr>
|
||||
<category/>
|
||||
<created>
|
||||
<username>root@172.12.0.12</username>
|
||||
<time>1728674227.1622</time>
|
||||
|
||||
Reference in New Issue
Block a user