matthieu.evrin/harmony
1
0
Fork 0
forked from NationTech/harmony
Code Pull Requests Activity

chore: Reorganize file tree for easier onboarding. Rust project now at the root for simple git clone && cargo run

Browse Source
This commit is contained in:
Jean-Gabriel Gill-Couture
2025-02-12 15:32:59 -05:00
parent 83b4efd625
commit 96bbef8195
144 changed files with 0 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2777
opnsense-config/src/tests/data/config-full-1.xml Normal file
View File

File diff suppressed because it is too large Load Diff

940
opnsense-config/src/tests/data/config-opnsense-25.1.xml Normal file
View File

@@ -0,0 +1,940 @@
<?xml version="1.0"?>
<opnsense>
<theme>opnsense</theme>
<sysctl version="1.0.0">
<item uuid="81d201fc-5b0e-44d5-9feb-aad8d5eb5c58">
<tunable>vfs.read_max</tunable>
<value>default</value>
<descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
</item>
<item uuid="1d4d8672-d740-4274-8729-2bbd9a0c1ee3">
<tunable>net.inet.ip.portrange.first</tunable>
<value>default</value>
<descr>Set the ephemeral port range to be lower.</descr>
</item>
<item uuid="c9c2b79d-6825-44e2-9c57-58a76a3cdda1">
<tunable>net.inet.tcp.blackhole</tunable>
<value>default</value>
<descr>Drop packets to closed TCP ports without returning a RST</descr>
</item>
<item uuid="2bb189ec-368b-4be3-ad06-3eb67a599687">
<tunable>net.inet.udp.blackhole</tunable>
<value>default</value>
<descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
</item>
<item uuid="ba255494-ae47-48ad-bc35-ce6b76441879">
<tunable>net.inet.ip.random_id</tunable>
<value>default</value>
<descr>Randomize the ID field in IP packets</descr>
</item>
<item uuid="b6b18051-830f-4b27-81ec-f772b14681e2">
<tunable>net.inet.ip.sourceroute</tunable>
<value>default</value>
<descr>
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.
</descr>
</item>
<item uuid="ea21409c-62d6-4040-aa2b-36bd01af5578">
<tunable>net.inet.ip.accept_sourceroute</tunable>
<value>default</value>
<descr>
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.
</descr>
</item>
<item uuid="1613256c-ef7e-4b53-a44c-234440046293">
<tunable>net.inet.icmp.log_redirect</tunable>
<value>default</value>
<descr>
This option turns off the logging of redirect packets because there is no limit and this could fill
up your logs consuming your whole hard drive.
</descr>
</item>
<item uuid="1ba88c72-6e5b-4f19-abba-351c2b76d5dc">
<tunable>net.inet.tcp.drop_synfin</tunable>
<value>default</value>
<descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
</item>
<item uuid="6f99f7f4-6824-44eb-986e-bc40c6db07a9">
<tunable>net.inet6.ip6.redirect</tunable>
<value>default</value>
<descr>Enable sending IPv6 redirects</descr>
</item>
<item uuid="ec76b735-42a4-43b2-adce-98451f21f06d">
<tunable>net.inet6.ip6.use_tempaddr</tunable>
<value>default</value>
<descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
</item>
<item uuid="15077673-4e46-476d-8a10-637217fff1ea">
<tunable>net.inet6.ip6.prefer_tempaddr</tunable>
<value>default</value>
<descr>Prefer privacy addresses and use them over the normal addresses</descr>
</item>
<item uuid="713f8cd7-8436-477b-937b-5839033b75cf">
<tunable>net.inet.tcp.syncookies</tunable>
<value>default</value>
<descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
</item>
<item uuid="9efc9598-4a5d-4221-9224-6b3a50332a88">
<tunable>net.inet.tcp.recvspace</tunable>
<value>default</value>
<descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
</item>
<item uuid="c1b7ce2b-1fc2-45ee-a017-eb9c31dc2f9e">
<tunable>net.inet.tcp.sendspace</tunable>
<value>default</value>
<descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
</item>
<item uuid="f640420a-ecee-4de7-bfbf-35923dfab83f">
<tunable>net.inet.tcp.delayed_ack</tunable>
<value>default</value>
<descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
</item>
<item uuid="e7ffaf90-54eb-4570-9d6f-539ddbc03837">
<tunable>net.inet.udp.maxdgram</tunable>
<value>default</value>
<descr>Maximum outgoing UDP datagram size</descr>
</item>
<item uuid="b9877f9c-94d3-4752-8e9d-4a0b5cb27d22">
<tunable>net.link.bridge.pfil_onlyip</tunable>
<value>default</value>
<descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
</item>
<item uuid="966794d5-8a54-4555-81c4-2eee0dc32af0">
<tunable>net.link.bridge.pfil_local_phys</tunable>
<value>default</value>
<descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
</item>
<item uuid="d586dd8f-99fa-4001-8dcf-833ee141347e">
<tunable>net.link.bridge.pfil_member</tunable>
<value>default</value>
<descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
</item>
<item uuid="082b7cd2-f519-4dcd-8b5a-006e318b300b">
<tunable>net.link.bridge.pfil_bridge</tunable>
<value>default</value>
<descr>Set to 1 to enable filtering on the bridge interface</descr>
</item>
<item uuid="5dcfe7bf-e415-4d6b-bda1-c86d0c064a51">
<tunable>net.link.tap.user_open</tunable>
<value>default</value>
<descr>Allow unprivileged access to tap(4) device nodes</descr>
</item>
<item uuid="90a7d4bc-5a1d-4d77-9170-e85eb0155e3c">
<tunable>kern.randompid</tunable>
<value>default</value>
<descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
</item>
<item uuid="0991a997-640b-4516-8aa9-4fd8277b6408">
<tunable>hw.syscons.kbd_reboot</tunable>
<value>default</value>
<descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
</item>
<item uuid="5a14cf5c-1648-4b72-9f4f-41192bb1c313">
<tunable>net.inet.tcp.log_debug</tunable>
<value>default</value>
<descr>Enable TCP extended debugging</descr>
</item>
<item uuid="6c1ec6b6-1d5d-4928-aec1-408db79ffd4d">
<tunable>net.inet.icmp.icmplim</tunable>
<value>default</value>
<descr>Set ICMP Limits</descr>
</item>
<item uuid="ce69c48a-1edf-4a9c-958c-fba9a99fbf5a">
<tunable>net.inet.tcp.tso</tunable>
<value>default</value>
<descr>TCP Offload Engine</descr>
</item>
<item uuid="b5b9598d-c2c6-45c7-be1d-7a57102be6bd">
<tunable>net.inet.udp.checksum</tunable>
<value>default</value>
<descr>UDP Checksums</descr>
</item>
<item uuid="027c1a3f-93e7-48dd-877b-965fd28e858a">
<tunable>kern.ipc.maxsockbuf</tunable>
<value>default</value>
<descr>Maximum socket buffer size</descr>
</item>
<item uuid="41eac5bb-e6f5-4595-8a39-25da91e766ab">
<tunable>vm.pmap.pti</tunable>
<value>default</value>
<descr>Page Table Isolation (Meltdown mitigation, requires reboot.)</descr>
</item>
<item uuid="92e7d557-cc9d-4840-b769-61334650fda2">
<tunable>hw.ibrs_disable</tunable>
<value>default</value>
<descr>Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)</descr>
</item>
<item uuid="02e66e20-4941-4082-a341-9ba61d25dfe7">
<tunable>security.bsd.see_other_gids</tunable>
<value>default</value>
<descr>Hide processes running as other groups</descr>
</item>
<item uuid="17499af0-d726-4c00-8f0a-d6da6131d7d5">
<tunable>security.bsd.see_other_uids</tunable>
<value>default</value>
<descr>Hide processes running as other users</descr>
</item>
<item uuid="2c42ae2f-a7bc-48cb-b27d-db72e738e80b">
<tunable>net.inet.ip.redirect</tunable>
<value>default</value>
<descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
and for the sender directly reachable, route and next hop is known.
</descr>
</item>
<item uuid="7d315fb1-c638-4b79-9f6c-240b41e6d643">
<tunable>net.local.dgram.maxdgram</tunable>
<value>default</value>
<descr>Maximum outgoing UDP datagram size</descr>
</item>
</sysctl>
<system>
<optimization>normal</optimization>
<hostname>fw0</hostname>
<domain>harmony.mcd</domain>
<dnsallowoverride>1</dnsallowoverride>
<group uuid="ddd7a994-e053-46d9-84cf-032b86889d81">
<gid>1999</gid>
<name>admins</name>
<scope>system</scope>
<description>System Administrators</description>
<priv>page-all</priv>
<member>0</member>
</group>
<user uuid="a7114dcd-e6fe-483c-ab49-0638ec8466d5">
<uid>0</uid>
<name>root</name>
<disabled>0</disabled>
<scope>system</scope>
<expires/>
<authorizedkeys/>
<otp_seed/>
<shell/>
<password>$2y$10$YRVoF4SkuhasdkjhasdkjhasdkjhasdkjhasdkjhasdkjhdsTwBfS</password>
<landing_page/>
<comment/>
<email/>
<apikeys/>
<priv/>
<language/>
<descr>System Administrator</descr>
<dashboard/>
</user>
<nextuid>2000</nextuid>
<nextgid>2000</nextgid>
<timezone>America/Toronto</timezone>
<timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
<webgui>
<protocol>https</protocol>
<ssl-certref>6796970f3b58c</ssl-certref>
<port/>
<ssl-ciphers/>
<interfaces/>
<compression/>
</webgui>
<disablenatreflection>yes</disablenatreflection>
<usevirtualterminal>1</usevirtualterminal>
<disableconsolemenu>1</disableconsolemenu>
<disablevlanhwfilter>1</disablevlanhwfilter>
<disablechecksumoffloading>1</disablechecksumoffloading>
<disablesegmentationoffloading>1</disablesegmentationoffloading>
<disablelargereceiveoffloading>1</disablelargereceiveoffloading>
<ipv6allow>1</ipv6allow>
<powerd_ac_mode>hadp</powerd_ac_mode>
<powerd_battery_mode>hadp</powerd_battery_mode>
<powerd_normal_mode>hadp</powerd_normal_mode>
<bogons>
<interval>monthly</interval>
</bogons>
<pf_share_forward>1</pf_share_forward>
<lb_use_sticky>1</lb_use_sticky>
<ssh>
<group>admins</group>
<noauto>1</noauto>
<interfaces/>
<kex/>
<ciphers/>
<macs/>
<keys/>
<keysig/>
<enabled>enabled</enabled>
<passwordauth>1</passwordauth>
<permitrootlogin>1</permitrootlogin>
</ssh>
<rrdbackup>-1</rrdbackup>
<netflowbackup>-1</netflowbackup>
<firmware version="1.0.1">
<mirror/>
<flavour/>
<plugins/>
<type/>
<subscription/>
<reboot/>
</firmware>
<language>en_US</language>
<serialspeed>115200</serialspeed>
<primaryconsole>video</primaryconsole>
</system>
<interfaces>
<wan>
<enable>1</enable>
<if>igc3</if>
<ipaddr>dhcp</ipaddr>
<ipaddrv6>dhcp6</ipaddrv6>
<gateway>WAN_GW</gateway>
<media/>
<mediaopt/>
<dhcp6-ia-pd-len>0</dhcp6-ia-pd-len>
</wan>
<lan>
<enable>1</enable>
<if>igc0</if>
<ipaddr>192.168.33.1</ipaddr>
<subnet>24</subnet>
<ipaddrv6/>
<subnetv6/>
<media/>
<mediaopt/>
<gateway/>
<gatewayv6/>
</lan>
<lo0>
<internal_dynamic>1</internal_dynamic>
<descr>Loopback</descr>
<enable>1</enable>
<if>lo0</if>
<ipaddr>127.0.0.1</ipaddr>
<ipaddrv6>::1</ipaddrv6>
<subnet>8</subnet>
<subnetv6>128</subnetv6>
<type>none</type>
<virtual>1</virtual>
</lo0>
</interfaces>
<dhcpd>
<lan>
<enable>1</enable>
<range>
<from>192.168.33.10</from>
<to>192.168.33.245</to>
</range>
</lan>
</dhcpd>
<snmpd>
<syslocation/>
<syscontact/>
<rocommunity>public</rocommunity>
</snmpd>
<nat>
<outbound>
<mode>automatic</mode>
</outbound>
</nat>
<filter>
<rule>
<type>pass</type>
<ipprotocol>inet</ipprotocol>
<descr>Default allow LAN to any rule</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
<rule>
<type>pass</type>
<ipprotocol>inet6</ipprotocol>
<descr>Default allow LAN IPv6 to any rule</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
</filter>
<rrd>
<enable/>
</rrd>
<ntpd>
<prefer>0.opnsense.pool.ntp.org</prefer>
</ntpd>
<widgets>
<sequence>system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show</sequence>
<column_count>2</column_count>
</widgets>
<revision>
<username>(system)</username>
<description>/usr/local/opnsense/mvc/script/run_migrations.php made changes</description>
<time>1738511129.2333</time>
</revision>
<OPNsense>
<DHCRelay version="1.0.1"/>
<wireguard>
<client version="1.0.0">
<clients/>
</client>
<general version="0.0.1">
<enabled>0</enabled>
</general>
<server version="1.0.0">
<servers/>
</server>
</wireguard>
<IPsec version="1.0.3">
<general>
<enabled/>
<preferred_oldsa>0</preferred_oldsa>
<disablevpnrules>0</disablevpnrules>
<passthrough_networks/>
</general>
<charon>
<max_ikev1_exchanges/>
<threads>16</threads>
<ikesa_table_size>32</ikesa_table_size>
<ikesa_table_segments>4</ikesa_table_segments>
<init_limit_half_open>1000</init_limit_half_open>
<ignore_acquire_ts>1</ignore_acquire_ts>
<make_before_break/>
<retransmit_tries/>
<retransmit_timeout/>
<retransmit_base/>
<retransmit_jitter/>
<retransmit_limit/>
<syslog>
<daemon>
<ike_name>1</ike_name>
<log_level>0</log_level>
<app>1</app>
<asn>1</asn>
<cfg>1</cfg>
<chd>1</chd>
<dmn>1</dmn>
<enc>1</enc>
<esp>1</esp>
<ike>1</ike>
<imc>1</imc>
<imv>1</imv>
<job>1</job>
<knl>1</knl>
<lib>1</lib>
<mgr>1</mgr>
<net>1</net>
<pts>1</pts>
<tls>1</tls>
<tnc>1</tnc>
</daemon>
</syslog>
</charon>
<keyPairs/>
<preSharedKeys/>
</IPsec>
<Swanctl version="1.0.0">
<Connections/>
<locals/>
<remotes/>
<children/>
<Pools/>
<VTIs/>
<SPDs/>
</Swanctl>
<OpenVPNExport version="0.0.1">
<servers/>
</OpenVPNExport>
<OpenVPN version="1.0.1">
<Overwrites/>
<Instances/>
<StaticKeys/>
</OpenVPN>
<captiveportal version="1.0.2">
<zones/>
<templates/>
</captiveportal>
<cron version="1.0.4">
<jobs/>
</cron>
<Firewall>
<Lvtemplate version="0.0.1">
<templates/>
</Lvtemplate>
<Alias version="1.0.1">
<geoip>
<url/>
</geoip>
<aliases/>
</Alias>
<Category version="1.0.0">
<categories/>
</Category>
<Filter version="1.0.4">
<rules/>
<snatrules/>
<npt/>
<onetoone/>
</Filter>
</Firewall>
<Netflow version="1.0.1">
<capture>
<interfaces/>
<egress_only/>
<version>v9</version>
<targets/>
</capture>
<collect>
<enable>0</enable>
</collect>
<activeTimeout>1800</activeTimeout>
<inactiveTimeout>15</inactiveTimeout>
</Netflow>
<IDS version="1.1.0">
<rules/>
<policies/>
<userDefinedRules/>
<files/>
<fileTags/>
<general>
<enabled>0</enabled>
<ips>0</ips>
<promisc>0</promisc>
<interfaces>wan</interfaces>
<homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
<defaultPacketSize/>
<UpdateCron/>
<AlertLogrotate>W0D23</AlertLogrotate>
<AlertSaveLogs>4</AlertSaveLogs>
<MPMAlgo/>
<detect>
<Profile/>
<toclient_groups/>
<toserver_groups/>
</detect>
<syslog>0</syslog>
<syslog_eve>0</syslog_eve>
<LogPayload>0</LogPayload>
<verbosity/>
<eveLog>
<http>
<enable>0</enable>
<extended>0</extended>
<dumpAllHeaders/>
</http>
<tls>
<enable>0</enable>
<extended>0</extended>
<sessionResumption>0</sessionResumption>
<custom/>
</tls>
</eveLog>
</general>
</IDS>
<Interfaces>
<loopbacks version="1.0.0"/>
<neighbors version="1.0.0"/>
<vxlans version="1.0.2"/>
</Interfaces>
<Kea>
<ctrl_agent version="0.0.1">
<general>
<enabled>0</enabled>
<http_host>127.0.0.1</http_host>
<http_port>8000</http_port>
</general>
</ctrl_agent>
<dhcp4 version="1.0.3">
<general>
<enabled>0</enabled>
<interfaces/>
<valid_lifetime>4000</valid_lifetime>
<fwrules>1</fwrules>
<dhcp_socket_type>raw</dhcp_socket_type>
</general>
<ha>
<enabled>0</enabled>
<this_server_name/>
<max_unacked_clients>2</max_unacked_clients>
</ha>
<subnets/>
<reservations/>
<ha_peers/>
</dhcp4>
</Kea>
<monit version="1.0.13">
<general>
<enabled>0</enabled>
<interval>120</interval>
<startdelay>120</startdelay>
<mailserver>127.0.0.1</mailserver>
<port>25</port>
<username/>
<password/>
<ssl>0</ssl>
<sslversion>auto</sslversion>
<sslverify>1</sslverify>
<logfile/>
<statefile/>
<eventqueuePath/>
<eventqueueSlots/>
<httpdEnabled>0</httpdEnabled>
<httpdUsername>root</httpdUsername>
<httpdPassword/>
<httpdPort>2812</httpdPort>
<httpdAllow/>
<mmonitUrl/>
<mmonitTimeout>5</mmonitTimeout>
<mmonitRegisterCredentials>1</mmonitRegisterCredentials>
</general>
<alert uuid="8e3719e1-dd47-467e-bfed-55787df3a8e7">
<enabled>0</enabled>
<recipient>root@localhost.local</recipient>
<noton>0</noton>
<events/>
<format/>
<reminder/>
<description/>
</alert>
<service uuid="68d541ef-8edb-42cc-8a24-2d8c62ac8439">
<enabled>1</enabled>
<name>$HOST</name>
<description/>
<type>system</type>
<pidfile/>
<match/>
<path/>
<timeout>300</timeout>
<starttimeout>30</starttimeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>b9a4410c-bc95-4de6-ac83-567dd8cf60c0,c1ec5aac-2fda-45f5-a0d8-9bea7db470d6,f1a4fa3a-65a2-43da-b6e0-18b0361ac43b,76c03880-d148-413e-8097-3ee0aa33cb2c</tests>
<depends/>
<polltime/>
</service>
<service uuid="ebf7ab21-6712-45d4-981c-d459ad8ae284">
<enabled>1</enabled>
<name>RootFs</name>
<description/>
<type>filesystem</type>
<pidfile/>
<match/>
<path>/</path>
<timeout>300</timeout>
<starttimeout>30</starttimeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>f24e0d56-0445-4e5f-9b58-3af0f246b80d</tests>
<depends/>
<polltime/>
</service>
<service uuid="ca9f44d4-b52e-42e9-998a-bbfb64dca7a9">
<enabled>0</enabled>
<name>carp_status_change</name>
<description/>
<type>custom</type>
<pidfile/>
<match/>
<path>/usr/local/opnsense/scripts/OPNsense/Monit/carp_status</path>
<timeout>300</timeout>
<starttimeout>30</starttimeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>f48cfab6-de1e-4006-bcd7-c8f8990d25d6</tests>
<depends/>
<polltime/>
</service>
<service uuid="39ef4972-9370-4d92-b374-b52d2ebbd75b">
<enabled>0</enabled>
<name>gateway_alert</name>
<description/>
<type>custom</type>
<pidfile/>
<match/>
<path>/usr/local/opnsense/scripts/OPNsense/Monit/gateway_alert</path>
<timeout>300</timeout>
<starttimeout>30</starttimeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>5e0dc1c7-90ac-48cc-944e-e0b20c482656</tests>
<depends/>
<polltime/>
</service>
<test uuid="2a8b1b91-4518-45a8-bc5c-cf80501752a0">
<name>Ping</name>
<type>NetworkPing</type>
<condition>failed ping</condition>
<action>alert</action>
<path/>
</test>
<test uuid="7aa46fcf-93b0-4d50-b680-7987d79986cb">
<name>NetworkLink</name>
<type>NetworkInterface</type>
<condition>failed link</condition>
<action>alert</action>
<path/>
</test>
<test uuid="3b123130-ce2f-4796-941d-10f2d75f9237">
<name>NetworkSaturation</name>
<type>NetworkInterface</type>
<condition>saturation is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="b9a4410c-bc95-4de6-ac83-567dd8cf60c0">
<name>MemoryUsage</name>
<type>SystemResource</type>
<condition>memory usage is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="c1ec5aac-2fda-45f5-a0d8-9bea7db470d6">
<name>CPUUsage</name>
<type>SystemResource</type>
<condition>cpu usage is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="f1a4fa3a-65a2-43da-b6e0-18b0361ac43b">
<name>LoadAvg1</name>
<type>SystemResource</type>
<condition>loadavg (1min) is greater than 8</condition>
<action>alert</action>
<path/>
</test>
<test uuid="76c03880-d148-413e-8097-3ee0aa33cb2c">
<name>LoadAvg5</name>
<type>SystemResource</type>
<condition>loadavg (5min) is greater than 6</condition>
<action>alert</action>
<path/>
</test>
<test uuid="e89b68a9-503a-474f-afde-ce39a4264494">
<name>LoadAvg15</name>
<type>SystemResource</type>
<condition>loadavg (15min) is greater than 4</condition>
<action>alert</action>
<path/>
</test>
<test uuid="f24e0d56-0445-4e5f-9b58-3af0f246b80d">
<name>SpaceUsage</name>
<type>SpaceUsage</type>
<condition>space usage is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="f48cfab6-de1e-4006-bcd7-c8f8990d25d6">
<name>ChangedStatus</name>
<type>ProgramStatus</type>
<condition>changed status</condition>
<action>alert</action>
<path/>
</test>
<test uuid="5e0dc1c7-90ac-48cc-944e-e0b20c482656">
<name>NonZeroStatus</name>
<type>ProgramStatus</type>
<condition>status != 0</condition>
<action>alert</action>
<path/>
</test>
</monit>
<Gateways version="1.0.0">
<gateway_item uuid="b5f483d7-8a2f-402a-b169-d955156f2cdb">
<disabled>0</disabled>
<name>WAN_GW</name>
<descr>WAN Gateway</descr>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<gateway/>
<defaultgw>1</defaultgw>
<fargw/>
<monitor_disable>1</monitor_disable>
<monitor_noroute/>
<monitor/>
<force_down/>
<priority>255</priority>
<weight>1</weight>
<latencylow/>
<latencyhigh/>
<losslow/>
<losshigh/>
<interval/>
<time_period/>
<loss_interval/>
<data_length/>
</gateway_item>
</Gateways>
<Syslog version="1.0.2">
<general>
<enabled>1</enabled>
<loglocal>1</loglocal>
<maxpreserve>31</maxpreserve>
<maxfilesize/>
</general>
<destinations/>
</Syslog>
<TrafficShaper version="1.0.3">
<pipes/>
<queues/>
<rules/>
</TrafficShaper>
<unboundplus version="1.0.11">
<general>
<enabled>1</enabled>
<port>53</port>
<stats/>
<active_interface/>
<dnssec/>
<dns64/>
<dns64prefix/>
<noarecords/>
<regdhcp/>
<regdhcpdomain/>
<regdhcpstatic/>
<noreglladdr6/>
<noregrecords/>
<txtsupport/>
<cacheflush/>
<local_zone_type>transparent</local_zone_type>
<outgoing_interface/>
<enable_wpad/>
</general>
<advanced>
<hideidentity/>
<hideversion/>
<prefetch/>
<prefetchkey/>
<dnssecstripped/>
<aggressivensec>1</aggressivensec>
<serveexpired/>
<serveexpiredreplyttl/>
<serveexpiredttl/>
<serveexpiredttlreset/>
<serveexpiredclienttimeout/>
<qnameminstrict/>
<extendedstatistics/>
<logqueries/>
<logreplies/>
<logtagqueryreply/>
<logservfail/>
<loglocalactions/>
<logverbosity>1</logverbosity>
<valloglevel>0</valloglevel>
<privatedomain/>
<privateaddress>0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10</privateaddress>
<insecuredomain/>
<msgcachesize/>
<rrsetcachesize/>
<outgoingnumtcp/>
<incomingnumtcp/>
<numqueriesperthread/>
<outgoingrange/>
<jostletimeout/>
<discardtimeout/>
<cachemaxttl/>
<cachemaxnegativettl/>
<cacheminttl/>
<infrahostttl/>
<infrakeepprobing/>
<infracachenumhosts/>
<unwantedreplythreshold/>
</advanced>
<acls>
<default_action>allow</default_action>
</acls>
<dnsbl>
<enabled>0</enabled>
<safesearch/>
<type/>
<lists/>
<whitelists/>
<blocklists/>
<wildcards/>
<address/>
<nxdomain/>
</dnsbl>
<forwarding>
<enabled/>
</forwarding>
<dots/>
<hosts/>
<aliases/>
</unboundplus>
<trust>
<general version="1.0.1">
<store_intermediate_certs>0</store_intermediate_certs>
<install_crls>0</install_crls>
<fetch_crls>0</fetch_crls>
<enable_legacy_sect>1</enable_legacy_sect>
<enable_config_constraints>0</enable_config_constraints>
<CipherString/>
<Ciphersuites/>
<SignatureAlgorithms/>
<groups/>
<MinProtocol/>
<MinProtocol_DTLS/>
</general>
</trust>
</OPNsense>
<hasync version="1.0.2">
<disablepreempt>0</disablepreempt>
<disconnectppps>0</disconnectppps>
<pfsyncinterface/>
<pfsyncpeerip/>
<pfsyncversion>1400</pfsyncversion>
<synchronizetoip/>
<verifypeer>0</verifypeer>
<username/>
<password/>
<syncitems/>
</hasync>
<openvpn/>
<ifgroups version="1.0.0"/>
<gifs version="1.0.0">
<gif/>
</gifs>
<gres version="1.0.0">
<gre/>
</gres>
<laggs version="1.0.0">
<lagg/>
</laggs>
<virtualip version="1.0.0">
<vip/>
</virtualip>
<vlans version="1.0.0">
<vlan/>
</vlans>
<staticroutes version="1.0.0"/>
<bridges>
<bridged/>
</bridges>
<ppps>
<ppp/>
</ppps>
<wireless>
<clone/>
</wireless>
<ca/>
<dhcpdv6/>
<cert uuid="c1f73db9-f01b-46ba-b866-f8b911e83f96">
<refid>6796970f3b58c</refid>
<descr>Web GUI TLS certificate</descr>
<caref/>
<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVR3B1ZFZqRzR5a0JVYS9NUWxyU2ZBcWs5VCtRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5UQXhNall5TURFeU1EWmFGdzB5TmpBeU1qY3lNREV5TURaYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUUM0alhjOXE4VENxMmZzc05zRU94dktuZm1FVjRNTzFRWDZNdmRReVN2QXIzNmRlNXVMCmZ3bkJSRnVkRC9zQ1B0ZzhXajVCaCtiNGF3WC9mOUdnQnNJbnhKNVB2SWFXMlBtWThpS0Q1Q01WQXhxUE1lMlQKT0VxaEYvWkJxZlNNUWk2RkVhTTRFS0J6bllMbzhnMlAyTW93VjBDbmI3aXVJVWlKRFF3a2JWOVZESG55VkhGaApkVVlONjlpTXRYMEZiSHVtY2tKWHJwQTVQcGFSdVdsaUNnNHl4dWxEOGRsL3dJOXAzZENQY2tNaXgvYjQ1aWdJCjZHbC9GUmhhZmx5VWJ2WWxSMEw5d1pVMmNpcHFQemJJR0tlZ2pkRVdIcGRzVW5sTnJiR1I0azZieWQ4ZGd1a0YKWlNVNUlUSkZRSFdNN3ZNNkZuMTloUE51NG94TEtVUTc1b1YwZDdHV2RaQ1RIYnU3R1hqekhhVHJKYnhTTjMyVApIcDFEMlhUQ1BPTEs1NjNMc2YrNm12Ty9BQSt5SWQyZ0tvWllsdG9GUDdGcHNwWmIwYnhqeWt1amxvOUg0TW1iCmpDeCtWTVkwWUozelVTU3NCOE5IdHpyS0hyVW9oMG9oNTZPNzBNQjZpUWt5dTNaZzNlL1lTUnJwOVJwMTFMMWwKU2F3NmIzMEtFOUh6VHkxWDVXczJlQmxYajFvS2FBVktlTEN4dzlnRDJuSFdqaHViTlFwSmhmdFY2S3F0TjFVeQp4NXBWUTRrL0l1VUNTRlRMK3JOTThWOEc1NCsxTlFTaWZlWVpLdzF4bGRIMlpDbjA1QURrWUhEaFI3VUtkSGhCCncycjkrTjNjdENSaVM1V1BlRTBhQzJ5bFU2czdtU0RwWGM1cy84SnA2QlN5c1ZYL3dpZGRFMWl4N1FJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRkhIMGNpYU9qNXdrKzBLeFlYUFNtL1pveFpHT01JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVUdwdWQKVmpHNHlrQlVhL01RbHJTZkFxazlUK1F3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQUhwcjZXQ2RmMzFWblR2RlMwUjA4RTUySHJvZHc3TjVJMGpwNkYrdHMKR2xsdGxaMDdvOWxvN2E5VFNBK1FnSGFQK1VOMkZUZmlFeHZ0RG0vdDZEQjhSald4ZnV4eloyOTMxeE8wWEhUNwp1Vll3OGpaYnlhOVQyU1VjTGR2ZFpyUHZFajJscnExYXRnc2UwMmhUUTdOSGhpd0hrbEdWTHR5K0FpaVc1STBPCkpPNGFiUHdBU3Z0SEtTU2hYTEhJY1NqWTIwLzF0TjUvdFRMTTFKUUFHZFM1NWU4YVpkdWRHWkVJdHlTZk0ya3kKY21zVnNMS0ZsL1ZLRmUrQnQySmd0d0FPUk0xbzM5WTZLQ2RHTkJPYThGUS9GQWhqZ2JrM1IwYVk3MEFBRDlyNQpXT0dPeEFxS0g5YmdhUUhrY05zSnNWekJlTFZzd3NPYnI2dktqUkUzSm1jTC9COGsxNVJaeXdMV2YxV2N6QzhwCjd5VDNUcW5vRXhQUlZZa3AzSmFQRkNncDN1YzQ0S01UZ1laQW4xeHJLS3hQdUV3NE0rSisyNzBGRzhqckJPN1UKdENMajVPMVpVMXBoVDBEckswVGloOHJlbkgrWDZkVUY4UmY4WDA0QXd5a3MzbjYramNoT3E2azFaaWVYT0NVYwppclM5eTFnNnZCM25YdW1kU05JdEZvQVhTWXRtOE5KaVUxN3kyanlnOWRHK3B4K1FpZTV2YjBMNE5xdzVoMFZhCldiWVpsMjA2cVpFenpFVEJtTHNuaWYydHB0aUlkbWh0UEZPYXBvT3hTL1ByV0V3VXc4NXdNQ0ZLcW1tZ3QzeVYKRUVlRXVRVTJIMFE5NS8wWGJOZnhKcVJSUXltOTBHeTlmTTUzU2VGbnpwVlU2VzJ6WTQyd3AwQktBZGxDdW9CdAplTjg9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
<csr/>
<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRQzRqWGM5cThUQ3EyZnMKc05zRU94dktuZm1FVjRNTzFRWDZNdmRReVN2QXIzNmRlNXVMZnduQlJGdWREL3NDUHRnOFdqNUJoK2I0YXdYLwpmOUdnQnNJbnhKNVB2SWFXMlBtWThpS0Q1Q01WQXhxUE1lMlRPRXFoRi9aQnFmU01RaTZGRWFNNEVLQnpuWUxvCjhnMlAyTW93VjBDbmI3aXVJVWlKRFF3a2JWOVZESG55VkhGaGRVWU42OWlNdFgwRmJIdW1ja0pYcnBBNVBwYVIKdVdsaUNnNHl4dWxEOGRsL3dJOXAzZENQY2tNaXgvYjQ1aWdJNkdsL0ZSaGFmbHlVYnZZbFIwTDl3WlUyY2lwcQpQemJJR0tlZ2pkRVdIcGRzVW5sTnJiR1I0azZieWQ4ZGd1a0ZaU1U1SVRKRlFIV003dk02Rm4xOWhQTnU0b3hMCktVUTc1b1YwZDdHV2RaQ1RIYnU3R1hqekhhVHJKYnhTTjMyVEhwMUQyWFRDUE9MSzU2M0xzZis2bXZPL0FBK3kKSWQyZ0tvWllsdG9GUDdGcHNwWmIwYnhqeWt1amxvOUg0TW1iakN4K1ZNWTBZSjN6VVNTc0I4Tkh0enJLSHJVbwpoMG9oNTZPNzBNQjZpUWt5dTNaZzNlL1lTUnJwOVJwMTFMMWxTYXc2YjMwS0U5SHpUeTFYNVdzMmVCbFhqMW9LCmFBVktlTEN4dzlnRDJuSFdqaHViTlFwSmhmdFY2S3F0TjFVeXg1cFZRNGsvSXVVQ1NGVEwrck5NOFY4RzU0KzEKTlFTaWZlWVpLdzF4bGRIMlpDbjA1QURrWUhEaFI3VUtkSGhCdzJyOStOM2N0Q1JpUzVXUGVFMGFDMnlsVTZzNwptU0RwWGM1cy84SnA2QlN5c1ZYL3dpZGRFMWl4N1FJREFRQUJBb0lDQUJ4UldLS1Y0TE1lS2V3Zmx2dW5OalI0CjJQaDlsUmFKaVVsQzJNQUVuam9LczVybWhJOTdCcndwQ1FXb2xoTmFJVVBoZFB3SkpsK256RnZQK1JKYzl4MnoKQmJlbWJlQm5tcVRsUW5hS1l2ZXVhanplcEYyYW5aanFYRmJuQlNjZ1lKTDZpZGpvZERaSlRQVUJieU5MV0hyaQphSUZJbTBYY3hZeUIvQUw2NVUzZmhEYXl6bEx0ODduZkhuTTR4ZDQzTHlIekZrcnQ5aU5TZnpnTkF5YVA5RzNHCko3VE5QMXBpNlo2TThwdVFKTTBKY2RQdlBPVmhCQThENWFDOUV1ZVR2eUVwTmhaSnhlTjgwUlZNYmROMk5RSmwKd0Zkc2lqK015Q0FyTHJ2N3hhUVI3YkpSaS8vUDdVNCswYi9lakNyNzMwWmlmUTd0ZjR6Y0pqckNNajRldVF0SwowSHdmYll0L2NLVWc0aTlTd0hCRlg4QUxva2M1WkNkOXkxVEQzSU1LVlpDS0pFY24rT2gvMGRTT0pDWlFoTDdKClN1czBtUU1BVDYwTGkwZXhyMC92NjZ2dWJqTWpNcHhQVjlIY2RDbTRSbVU3aFMvQlJpaGpBc0ZqelhOVlFXQzMKSUVWVTNNRC92Q1hQRzZKb284bi9UOGhQWHc0T3U0NkE5RXF5dnR4VzFlWDgrMERFVFBreCtkbzJ2R0ZWRGtRMQpoNmNLSGVmMFFGSUViaHV2V1FKRTRWNE9VdEYyRlp6VjliS3laWE5jQnNTNWdkTlFKRmt1ZkYvOFV2SlFLT0tHCi9VeVYvejZrY01xMHNUc2JSRjNVSzM2QnUxSENudldoVlVvV3NBb2JKV3pBemRpRkt0V1BpclBJNW9TUWFob24Kc2JqejAwdUJJQkFhdk5rUVhiY0JBb0lCQVFEemF5bHc1VEFWYnBza3A1WUpnaWppTzVhRUNPQlNka1FwZ1Jodwo1Y0VWenZhbUlZZ2NDMVBjSE1DeUUvMjFITFF3OUtpcVRqSGJrTWhOMEs0TW1HeWJwM1hKL2hHYkd6UzRVSGFKClQrdyt4NDRWTUxxN2l4Q2dmc3JXRHNOU2RhOUFGYnEzYWg4REpaVjNIcHplRVlOR3BIZ2hzM041STNNckR2Q2QKeXowWjhNOStWdUpIVDBjYXVqa0JlTWtZbEhYVEdabnFtYzBoaFlUdDlZVGxTTXNMV1JEdUpkdDNoQjkyTDZLOApOa082Z2lxeURteWswbHZWejhSdFZBdUQ2TWtJaDEwT3lCRksyaEpCaVhQa0R5dmM4b1JSa2xpSmxaR3UzN2VXCmVacENYSmJ4MU5meGhnckhBbnhtbU91N3dVUG5oUUNGRW1RMmZicnNZcVkxZGVrMUFvSUJBUURDRjJoV0YwQjgKc0dUMVBoek0zR3RiVkpyVFh3bXFxb3BVYjlTVi9IU1JGMkJiWUUxNWFFMy9vMmVQVmovNDVoaUlyYVhweklVeQpaWkV4Yml4WkhoZy9Qa2NqeG1oTllmTUJrdFdQZHBvMFh6ZVBWQ1hFV0J2VXNBclc4RDI1ZzlkbHEzTlEyd0hqCktDQUtoZGJudU9OeUllT25DZ0tTTEdNbjJMbGJ0dWFJcmcxUnFkOU5KOCszOVQrUXZmNHVvWmxTenpPRHgwaTEKRlFMUEgxcitRdVZYMUVqL08va3kvSzJxcWRZSXlyUHRGTXpjSVdTZ3EyTWErZ1c5T29CK3NhL2JwNWZOMEl4cAp4WjlKa2grNDRjaFgvVkE4dDJORk9HVW5TOXNXRTlsNE9wcEdxSDNtZmtLMk12SnRpS3FSTG43S0k3dnVhRnRtCnk1eFdXdXNURW5UWkFvSUJBQUYxcmd6d1F1YU9BRDRyQnhwTmZvTkV5alZHZkZuaVBheG1Dc2g2aURyaVA5WmwKTXhTLytLUEVSRitOQVNONTVaYTVrTjFjbEszMVkwNGNKejhLRnZTai8yL1RwelZmNTJRSGozNXBUVWhmRi9vRwpqY2djSUdCbUFqOWdYVWw4VFMyOE01OXY4bm1wV3drWTFPWDhBdWFFaS9mZnhKeUFXdXR5TG4wenY4ME5CYUdEClVkNE5tcWFOWVZRaDdrckljU0J2OGQxWFNNU2ZzVmxmOUlrUGM3QkF1M3BDSGR2TW5nZXVaM0pyZk9KOGIxY2MKQVFqSC9pYjlGUGQyM283TzhZMnNpaUZSajlEOEY4bnUwaFFYQnpOTy9QNGtPNFd2c096MGlIeE5oR0JMZjlnNQpaNFlhUUt4SzFvWWkrcDdvbk1paG9vd3B2UklhbE9sZitoRXVBTlVDZ2dFQkFMcWJpc01MQkFOZURSTUZMdWVBCkhPL29maHN2U3JuOTBaV3hGM0ZGRWtYVmRkMGswQmdrUXFuQVQzY3VjNzg0YXVvdUdsQ1pSSTdadkNrTVJqTkEKamd0d016R2dOdlAvY29aV3lHRndwSDRwOWQ4bUJsR3FiTWVtb2lWWlFkODFkVWpZK0x3S2ROd1QzZ3AvOThrKwpwOTg1MmdqbHhPY0pLaVJMYUp0WFZIcWc3VWxReTlNQXJlT3VOZmxSMGlxL1VBeWdEbVZxbXVzUFVtNFZOWVUwCmlCQlRtQU5kaEJDVGc5Mk1BSzdmUlBKeWh5dzJKdXViSEdQNWNyOG1taGcxZW1EejF5NFlqb2U3YTVSdW0zVkUKRHowWjNhVWlwSjBPeGFKc2VpM1YwOGFXZ1hIaDJYcGNkb042cEQ3UG9UNkl0M3BkdFBoWStWZng5MVBIZ2pBSwpGTEVDZ2dFQkFLeVVmRjBqK09TZWFSV3JtdnhCdSs2czF0Y3hFNG1IYzNtaTZuenp3WGxPRTFuSGR2b2lyNmtVCldscVRVcU5kbFF3NU9oUUlOeHMxWXpyNWdvVmlSZlhsSUd3VVFJOTRuY09XSWhNNXY5SXU4RUV4alY2TnNjUUoKRGIzNjdFamV2NWJnbFJ5ejExcmdQZTlBVzlWcXpzZHNMcjdJUVcybHlaRWR6VmEzRUVCbXpaTW00T1V6a1dkVQo5TVd4N2kyRFlWNVF2b1BSMzcwNzR2elNNeFYrZDhYZmp4MFcwbzl2WWU1UHNVMVRTaEp3SkVtWXc0bmNmL3h1CitBVzRNQWtISlRONm1FYXg4SUlpV2VIN3VZT3UveDZtazZBejVIK3UyK2ZRcHpyZEtVVm02SWFLT2I1THlLQzcKTnFrZnpXeXdTNXlUWmorN3FibVZ2b3ZLYjZubXczRT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
</cert>
<syslog/>
</opnsense>

1439
opnsense-config/src/tests/data/config-structure-with-dhcp-staticmap-entry.xml Normal file
View File

File diff suppressed because it is too large Load Diff

1431
opnsense-config/src/tests/data/config-structure.xml Normal file
View File

File diff suppressed because it is too large Load Diff

994
opnsense-config/src/tests/data/config-vm-test.xml Normal file
View File

@@ -0,0 +1,994 @@
<?xml version="1.0"?>
<opnsense>
<theme>opnsense</theme>
<sysctl>
<item>
<descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
<tunable>vfs.read_max</tunable>
<value>default</value>
</item>
<item>
<descr>Set the ephemeral port range to be lower.</descr>
<tunable>net.inet.ip.portrange.first</tunable>
<value>default</value>
</item>
<item>
<descr>Drop packets to closed TCP ports without returning a RST</descr>
<tunable>net.inet.tcp.blackhole</tunable>
<value>default</value>
</item>
<item>
<descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
<tunable>net.inet.udp.blackhole</tunable>
<value>default</value>
</item>
<item>
<descr>Randomize the ID field in IP packets</descr>
<tunable>net.inet.ip.random_id</tunable>
<value>default</value>
</item>
<item>
<descr>
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.
</descr>
<tunable>net.inet.ip.sourceroute</tunable>
<value>default</value>
</item>
<item>
<descr>
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.
</descr>
<tunable>net.inet.ip.accept_sourceroute</tunable>
<value>default</value>
</item>
<item>
<descr>
This option turns off the logging of redirect packets because there is no limit and this could fill
up your logs consuming your whole hard drive.
</descr>
<tunable>net.inet.icmp.log_redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
<tunable>net.inet.tcp.drop_synfin</tunable>
<value>default</value>
</item>
<item>
<descr>Enable sending IPv6 redirects</descr>
<tunable>net.inet6.ip6.redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
<tunable>net.inet6.ip6.use_tempaddr</tunable>
<value>default</value>
</item>
<item>
<descr>Prefer privacy addresses and use them over the normal addresses</descr>
<tunable>net.inet6.ip6.prefer_tempaddr</tunable>
<value>default</value>
</item>
<item>
<descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
<tunable>net.inet.tcp.syncookies</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
<tunable>net.inet.tcp.recvspace</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
<tunable>net.inet.tcp.sendspace</tunable>
<value>default</value>
</item>
<item>
<descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
<tunable>net.inet.tcp.delayed_ack</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum outgoing UDP datagram size</descr>
<tunable>net.inet.udp.maxdgram</tunable>
<value>default</value>
</item>
<item>
<descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
<tunable>net.link.bridge.pfil_onlyip</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
<tunable>net.link.bridge.pfil_local_phys</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
<tunable>net.link.bridge.pfil_member</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 1 to enable filtering on the bridge interface</descr>
<tunable>net.link.bridge.pfil_bridge</tunable>
<value>default</value>
</item>
<item>
<descr>Allow unprivileged access to tap(4) device nodes</descr>
<tunable>net.link.tap.user_open</tunable>
<value>default</value>
</item>
<item>
<descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
<tunable>kern.randompid</tunable>
<value>default</value>
</item>
<item>
<descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
<tunable>hw.syscons.kbd_reboot</tunable>
<value>default</value>
</item>
<item>
<descr>Enable TCP extended debugging</descr>
<tunable>net.inet.tcp.log_debug</tunable>
<value>default</value>
</item>
<item>
<descr>Set ICMP Limits</descr>
<tunable>net.inet.icmp.icmplim</tunable>
<value>default</value>
</item>
<item>
<descr>TCP Offload Engine</descr>
<tunable>net.inet.tcp.tso</tunable>
<value>default</value>
</item>
<item>
<descr>UDP Checksums</descr>
<tunable>net.inet.udp.checksum</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum socket buffer size</descr>
<tunable>kern.ipc.maxsockbuf</tunable>
<value>default</value>
</item>
<item>
<descr>Page Table Isolation (Meltdown mitigation, requires reboot.)</descr>
<tunable>vm.pmap.pti</tunable>
<value>default</value>
</item>
<item>
<descr>Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)</descr>
<tunable>hw.ibrs_disable</tunable>
<value>default</value>
</item>
<item>
<descr>Hide processes running as other groups</descr>
<tunable>security.bsd.see_other_gids</tunable>
<value>default</value>
</item>
<item>
<descr>Hide processes running as other users</descr>
<tunable>security.bsd.see_other_uids</tunable>
<value>default</value>
</item>
<item>
<descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
and for the sender directly reachable, route and next hop is known.
</descr>
<tunable>net.inet.ip.redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum outgoing UDP datagram size</descr>
<tunable>net.local.dgram.maxdgram</tunable>
<value>default</value>
</item>
</sysctl>
<system>
<optimization>normal</optimization>
<hostname>OPNsense</hostname>
<domain>localdomain</domain>
<dnsallowoverride>1</dnsallowoverride>
<group>
<name>admins</name>
<description>System Administrators</description>
<scope>system</scope>
<gid>1999</gid>
<member>0</member>
<priv>page-all</priv>
</group>
<user>
<name>root</name>
<descr>System Administrator</descr>
<scope>system</scope>
<groupname>admins</groupname>
<password>$2y$10$YRVoF4SgskIsrXOvOQjGieB9XqHPRra9R7d80B3BZdbY/j21TwBfS</password>
<uid>0</uid>
</user>
<nextuid>2000</nextuid>
<nextgid>2000</nextgid>
<timezone>Etc/UTC</timezone>
<timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
<webgui>
<protocol>https</protocol>
<ssl-certref>6734d6c82dc59</ssl-certref>
<port/>
<ssl-ciphers/>
<interfaces/>
<compression/>
</webgui>
<disablenatreflection>yes</disablenatreflection>
<usevirtualterminal>1</usevirtualterminal>
<disableconsolemenu>1</disableconsolemenu>
<disablevlanhwfilter>1</disablevlanhwfilter>
<disablechecksumoffloading>1</disablechecksumoffloading>
<disablesegmentationoffloading>1</disablesegmentationoffloading>
<disablelargereceiveoffloading>1</disablelargereceiveoffloading>
<ipv6allow>1</ipv6allow>
<powerd_ac_mode>hadp</powerd_ac_mode>
<powerd_battery_mode>hadp</powerd_battery_mode>
<powerd_normal_mode>hadp</powerd_normal_mode>
<bogons>
<interval>monthly</interval>
</bogons>
<pf_share_forward>1</pf_share_forward>
<lb_use_sticky>1</lb_use_sticky>
<ssh>
<group>admins</group>
<noauto>1</noauto>
<interfaces/>
<kex/>
<ciphers/>
<macs/>
<keys/>
<keysig/>
<enabled>enabled</enabled>
<passwordauth>1</passwordauth>
<permitrootlogin>1</permitrootlogin>
</ssh>
<rrdbackup>-1</rrdbackup>
<netflowbackup>-1</netflowbackup>
<firmware version="1.0.1">
<mirror/>
<flavour/>
<plugins/>
<type/>
<subscription/>
<reboot/>
</firmware>
<dnsserver>192.168.5.1</dnsserver>
<language>en_US</language>
<serialspeed>115200</serialspeed>
<primaryconsole>video</primaryconsole>
<secondaryconsole>serial</secondaryconsole>
</system>
<interfaces>
<lan>
<enable>1</enable>
<if>le1</if>
<ipaddr>10.100.8.1</ipaddr>
<subnet>24</subnet>
<ipaddrv6>track6</ipaddrv6>
<subnetv6>64</subnetv6>
<media/>
<mediaopt/>
<track6-interface>wan</track6-interface>
<track6-prefix-id>0</track6-prefix-id>
</lan>
<lo0>
<internal_dynamic>1</internal_dynamic>
<descr>Loopback</descr>
<enable>1</enable>
<if>lo0</if>
<ipaddr>127.0.0.1</ipaddr>
<ipaddrv6>::1</ipaddrv6>
<subnet>8</subnet>
<subnetv6>128</subnetv6>
<type>none</type>
<virtual>1</virtual>
</lo0>
<wan>
<if>le0</if>
<descr/>
<enable>1</enable>
<spoofmac/>
<ipaddr>dhcp</ipaddr>
<dhcphostname/>
<alias-address/>
<alias-subnet>32</alias-subnet>
<dhcprejectfrom/>
<adv_dhcp_pt_timeout/>
<adv_dhcp_pt_retry/>
<adv_dhcp_pt_select_timeout/>
<adv_dhcp_pt_reboot/>
<adv_dhcp_pt_backoff_cutoff/>
<adv_dhcp_pt_initial_interval/>
<adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
<adv_dhcp_send_options/>
<adv_dhcp_request_options/>
<adv_dhcp_required_options/>
<adv_dhcp_option_modifiers/>
<adv_dhcp_config_advanced/>
<adv_dhcp_config_file_override/>
<adv_dhcp_config_file_override_path/>
</wan>
</interfaces>
<dhcpd>
<lan>
<enable/>
<range>
<from>10.100.8.10</from>
<to>10.100.8.245</to>
</range>
<staticmap>
<mac>d8:5e:d3:e7:2c:8c</mac>
<ipaddr>10.100.8.15</ipaddr>
<hostname>rtx4090</hostname>
<winsserver/>
<dnsserver/>
<ntpserver/>
</staticmap>
</lan>
</dhcpd>
<snmpd>
<syslocation/>
<syscontact/>
<rocommunity>public</rocommunity>
</snmpd>
<nat>
<outbound>
<mode>automatic</mode>
</outbound>
</nat>
<filter>
<rule uuid="f79eded0-3c11-4f57-9aaa-55d4888589fa">
<type>pass</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<direction>in</direction>
<quick>1</quick>
<protocol>tcp</protocol>
<source>
<any>1</any>
</source>
<destination>
<network>wanip</network>
<port>80</port>
</destination>
<updated>
<username>root@192.168.5.204</username>
<time>1731518072.7612</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@192.168.5.204</username>
<time>1731518072.7612</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="4a5e7b65-0d7f-4452-8a29-2ec61a47ec19">
<type>pass</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<direction>in</direction>
<quick>1</quick>
<protocol>tcp</protocol>
<source>
<any>1</any>
</source>
<destination>
<network>wanip</network>
<port>443</port>
</destination>
<updated>
<username>root@192.168.5.204</username>
<time>1731518084.0639</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@192.168.5.204</username>
<time>1731518084.0639</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="0465308d-8605-466c-bcb4-95eeb989251a">
<type>pass</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<direction>in</direction>
<quick>1</quick>
<protocol>tcp/udp</protocol>
<source>
<any>1</any>
</source>
<destination>
<any>1</any>
<port>22</port>
</destination>
<updated>
<username>root@192.168.5.204</username>
<time>1731518114.2801</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@192.168.5.204</username>
<time>1731518114.2801</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="2df05591-13e7-4d91-a1b8-d25e338ada5f">
<type>pass</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<descr>Allow ping</descr>
<direction>in</direction>
<quick>1</quick>
<protocol>icmp</protocol>
<source>
<any>1</any>
</source>
<destination>
<network>(self)</network>
</destination>
<updated>
<username>root@192.168.5.204</username>
<time>1731518356.7559</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@192.168.5.204</username>
<time>1731518311.7033</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="f2ee612c-c290-4445-8045-df82a86db0e5">
<type>pass</type>
<ipprotocol>inet</ipprotocol>
<descr>Default allow LAN to any rule</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
<rule uuid="b21f808a-6a4a-4cd6-9a83-1660cc8ea58b">
<type>pass</type>
<ipprotocol>inet6</ipprotocol>
<descr>Default allow LAN IPv6 to any rule</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
</filter>
<rrd>
<enable/>
</rrd>
<ntpd>
<prefer>0.opnsense.pool.ntp.org</prefer>
</ntpd>
<widgets>
<sequence>system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show</sequence>
<column_count>2</column_count>
</widgets>
<revision>
<username>root@192.168.5.204</username>
<time>1731534516.7156</time>
<description>/interfaces.php made changes</description>
</revision>
<OPNsense>
<DHCRelay version="1.0.1"/>
<wireguard>
<client version="1.0.0">
<clients/>
</client>
<general version="0.0.1">
<enabled>0</enabled>
</general>
<server version="1.0.0">
<servers/>
</server>
</wireguard>
<IPsec version="1.0.1">
<general>
<enabled/>
</general>
<keyPairs/>
<preSharedKeys/>
</IPsec>
<Swanctl version="1.0.0">
<Connections/>
<locals/>
<remotes/>
<children/>
<Pools/>
<VTIs/>
<SPDs/>
</Swanctl>
<OpenVPNExport version="0.0.1">
<servers/>
</OpenVPNExport>
<OpenVPN version="1.0.0">
<Overwrites/>
<Instances/>
<StaticKeys/>
</OpenVPN>
<captiveportal version="1.0.2">
<zones/>
<templates/>
</captiveportal>
<cron version="1.0.4">
<jobs/>
</cron>
<Firewall>
<Lvtemplate version="0.0.1">
<templates/>
</Lvtemplate>
<Alias version="1.0.1">
<geoip>
<url/>
</geoip>
<aliases/>
</Alias>
<Category version="1.0.0">
<categories/>
</Category>
<Filter version="1.0.4">
<rules/>
<snatrules/>
<npt/>
<onetoone/>
</Filter>
</Firewall>
<Netflow version="1.0.1">
<capture>
<interfaces/>
<egress_only/>
<version>v9</version>
<targets/>
</capture>
<collect>
<enable>0</enable>
</collect>
<activeTimeout>1800</activeTimeout>
<inactiveTimeout>15</inactiveTimeout>
</Netflow>
<IDS version="1.0.9">
<rules/>
<policies/>
<userDefinedRules/>
<files/>
<fileTags/>
<general>
<enabled>0</enabled>
<ips>0</ips>
<promisc>0</promisc>
<interfaces>wan</interfaces>
<homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
<defaultPacketSize/>
<UpdateCron/>
<AlertLogrotate>W0D23</AlertLogrotate>
<AlertSaveLogs>4</AlertSaveLogs>
<MPMAlgo/>
<detect>
<Profile/>
<toclient_groups/>
<toserver_groups/>
</detect>
<syslog>0</syslog>
<syslog_eve>0</syslog_eve>
<LogPayload>0</LogPayload>
<verbosity/>
</general>
</IDS>
<Interfaces>
<loopbacks version="1.0.0"/>
<neighbors version="1.0.0"/>
<vxlans version="1.0.2"/>
</Interfaces>
<Kea>
<ctrl_agent version="0.0.1">
<general>
<enabled>0</enabled>
<http_host>127.0.0.1</http_host>
<http_port>8000</http_port>
</general>
</ctrl_agent>
<dhcp4 version="1.0.0">
<general>
<enabled>0</enabled>
<interfaces/>
<valid_lifetime>4000</valid_lifetime>
<fwrules>1</fwrules>
</general>
<ha>
<enabled>0</enabled>
<this_server_name/>
</ha>
<subnets/>
<reservations/>
<ha_peers/>
</dhcp4>
</Kea>
<monit version="1.0.13">
<general>
<enabled>0</enabled>
<interval>120</interval>
<startdelay>120</startdelay>
<mailserver>127.0.0.1</mailserver>
<port>25</port>
<username/>
<password/>
<ssl>0</ssl>
<sslversion>auto</sslversion>
<sslverify>1</sslverify>
<logfile/>
<statefile/>
<eventqueuePath/>
<eventqueueSlots/>
<httpdEnabled>0</httpdEnabled>
<httpdUsername>root</httpdUsername>
<httpdPassword/>
<httpdPort>2812</httpdPort>
<httpdAllow/>
<mmonitUrl/>
<mmonitTimeout>5</mmonitTimeout>
<mmonitRegisterCredentials>1</mmonitRegisterCredentials>
</general>
<alert uuid="15f1e9ca-5dd5-4b20-b595-b6b4f82245d0">
<enabled>0</enabled>
<recipient>root@localhost.local</recipient>
<noton>0</noton>
<events/>
<format/>
<reminder/>
<description/>
</alert>
<service uuid="c1e99556-91f5-4dbf-81d7-7915a3213de9">
<enabled>1</enabled>
<name>$HOST</name>
<description/>
<type>system</type>
<pidfile/>
<match/>
<path/>
<timeout>300</timeout>
<starttimeout>30</starttimeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>91b4e409-211b-49d5-9fa3-dc9054106646,cbe9cb72-e8c2-4740-990c-abcc486b0654,c0708923-88de-4178-abdd-819737440ce0,e887125d-c5d2-45e6-b40d-2c400d5449d1</tests>
<depends/>
<polltime/>
</service>
<service uuid="7513f341-7d21-4f11-903f-30d07b3aa41e">
<enabled>1</enabled>
<name>RootFs</name>
<description/>
<type>filesystem</type>
<pidfile/>
<match/>
<path>/</path>
<timeout>300</timeout>
<starttimeout>30</starttimeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>cc3684f2-701e-4de4-883d-803e08cf47b6</tests>
<depends/>
<polltime/>
</service>
<service uuid="f99ada79-ba1a-4ee1-81f1-ef570e8e5ea9">
<enabled>0</enabled>
<name>carp_status_change</name>
<description/>
<type>custom</type>
<pidfile/>
<match/>
<path>/usr/local/opnsense/scripts/OPNsense/Monit/carp_status</path>
<timeout>300</timeout>
<starttimeout>30</starttimeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>f2d734cb-2a0e-4375-9460-11bdd5b20503</tests>
<depends/>
<polltime/>
</service>
<service uuid="dca8a81f-d389-4baa-b477-8b348194fd25">
<enabled>0</enabled>
<name>gateway_alert</name>
<description/>
<type>custom</type>
<pidfile/>
<match/>
<path>/usr/local/opnsense/scripts/OPNsense/Monit/gateway_alert</path>
<timeout>300</timeout>
<starttimeout>30</starttimeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>865105a2-cbea-4a01-9979-c67818da9d99</tests>
<depends/>
<polltime/>
</service>
<test uuid="ea6b821c-4f30-455b-bd5b-23a6f0c20554">
<name>Ping</name>
<type>NetworkPing</type>
<condition>failed ping</condition>
<action>alert</action>
<path/>
</test>
<test uuid="16186b38-0e13-4cc3-ad18-ccc3fcc91837">
<name>NetworkLink</name>
<type>NetworkInterface</type>
<condition>failed link</condition>
<action>alert</action>
<path/>
</test>
<test uuid="69117d4d-8c41-4712-97c0-87b4fa7c9837">
<name>NetworkSaturation</name>
<type>NetworkInterface</type>
<condition>saturation is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="91b4e409-211b-49d5-9fa3-dc9054106646">
<name>MemoryUsage</name>
<type>SystemResource</type>
<condition>memory usage is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="cbe9cb72-e8c2-4740-990c-abcc486b0654">
<name>CPUUsage</name>
<type>SystemResource</type>
<condition>cpu usage is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="c0708923-88de-4178-abdd-819737440ce0">
<name>LoadAvg1</name>
<type>SystemResource</type>
<condition>loadavg (1min) is greater than 4</condition>
<action>alert</action>
<path/>
</test>
<test uuid="e887125d-c5d2-45e6-b40d-2c400d5449d1">
<name>LoadAvg5</name>
<type>SystemResource</type>
<condition>loadavg (5min) is greater than 3</condition>
<action>alert</action>
<path/>
</test>
<test uuid="c34aab30-9194-4667-b516-004b9c90c1c0">
<name>LoadAvg15</name>
<type>SystemResource</type>
<condition>loadavg (15min) is greater than 2</condition>
<action>alert</action>
<path/>
</test>
<test uuid="cc3684f2-701e-4de4-883d-803e08cf47b6">
<name>SpaceUsage</name>
<type>SpaceUsage</type>
<condition>space usage is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="f2d734cb-2a0e-4375-9460-11bdd5b20503">
<name>ChangedStatus</name>
<type>ProgramStatus</type>
<condition>changed status</condition>
<action>alert</action>
<path/>
</test>
<test uuid="865105a2-cbea-4a01-9979-c67818da9d99">
<name>NonZeroStatus</name>
<type>ProgramStatus</type>
<condition>status != 0</condition>
<action>alert</action>
<path/>
</test>
</monit>
<Gateways version="1.0.0">
<gateway_item uuid="a6ea102d-68bb-430f-af8b-269d52498fe1">
<disabled>0</disabled>
<name>WAN_GW</name>
<descr>Interface WAN Gateway</descr>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<gateway>172.17.0.1</gateway>
<defaultgw>1</defaultgw>
<fargw>0</fargw>
<monitor_disable>1</monitor_disable>
<monitor_noroute/>
<monitor/>
<force_down/>
<priority>255</priority>
<weight>1</weight>
<latencylow/>
<latencyhigh/>
<losslow/>
<losshigh/>
<interval/>
<time_period/>
<loss_interval/>
<data_length/>
</gateway_item>
</Gateways>
<Syslog version="1.0.2">
<general>
<enabled>1</enabled>
<loglocal>1</loglocal>
<maxpreserve>31</maxpreserve>
<maxfilesize/>
</general>
<destinations/>
</Syslog>
<TrafficShaper version="1.0.3">
<pipes/>
<queues/>
<rules/>
</TrafficShaper>
<unboundplus version="1.0.9">
<general>
<enabled>1</enabled>
<port>53</port>
<stats/>
<active_interface/>
<dns64/>
<dns64prefix/>
<noarecords/>
<regdhcp/>
<regdhcpdomain/>
<regdhcpstatic/>
<noreglladdr6/>
<noregrecords/>
<txtsupport/>
<cacheflush/>
<local_zone_type>transparent</local_zone_type>
<outgoing_interface/>
<enable_wpad/>
</general>
<advanced>
<hideidentity/>
<hideversion/>
<prefetch/>
<prefetchkey/>
<aggressivensec>1</aggressivensec>
<serveexpired/>
<serveexpiredreplyttl/>
<serveexpiredttl/>
<serveexpiredttlreset/>
<serveexpiredclienttimeout/>
<qnameminstrict/>
<extendedstatistics/>
<logqueries/>
<logreplies/>
<logtagqueryreply/>
<logservfail/>
<loglocalactions/>
<logverbosity>1</logverbosity>
<valloglevel>0</valloglevel>
<privatedomain/>
<privateaddress>0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10</privateaddress>
<insecuredomain/>
<msgcachesize/>
<rrsetcachesize/>
<outgoingnumtcp/>
<incomingnumtcp/>
<numqueriesperthread/>
<outgoingrange/>
<jostletimeout/>
<cachemaxttl/>
<cachemaxnegativettl/>
<cacheminttl/>
<infrahostttl/>
<infrakeepprobing/>
<infracachenumhosts/>
<unwantedreplythreshold/>
</advanced>
<acls>
<default_action>allow</default_action>
</acls>
<dnsbl>
<enabled>0</enabled>
<safesearch/>
<type/>
<lists/>
<whitelists/>
<blocklists/>
<wildcards/>
<address/>
<nxdomain/>
</dnsbl>
<forwarding>
<enabled/>
</forwarding>
<dots/>
<hosts/>
<aliases/>
<domains/>
</unboundplus>
</OPNsense>
<hasync version="1.0.0">
<disablepreempt>0</disablepreempt>
<disconnectppps>0</disconnectppps>
<pfsyncenabled>0</pfsyncenabled>
<pfsyncinterface>lan</pfsyncinterface>
<pfsyncpeerip/>
<pfsyncversion>1400</pfsyncversion>
<synchronizetoip/>
<username/>
<password/>
<syncitems/>
</hasync>
<openvpn/>
<ifgroups version="1.0.0"/>
<gifs version="1.0.0">
<gif/>
</gifs>
<gres version="1.0.0">
<gre/>
</gres>
<laggs version="1.0.0">
<lagg/>
</laggs>
<virtualip version="1.0.0">
<vip/>
</virtualip>
<vlans version="1.0.0">
<vlan/>
</vlans>
<staticroutes version="1.0.0">
<route/>
</staticroutes>
<bridges>
<bridged/>
</bridges>
<ppps>
<ppp/>
</ppps>
<wireless>
<clone/>
</wireless>
<ca/>
<dhcpdv6/>
<cert uuid="547102e9-23ba-48b8-8af8-64be61049e96">
<refid>6734d13fa9e4a</refid>
<descr>Web GUI TLS certificate</descr>
<caref/>
<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVSUhVRkpwc253VGtzYWRrZmRDNUp1SDhqWnZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5ERXhNVE14TmpFNE1EbGFGdzB5TlRFeU1UVXhOakU0TURsYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURKU1FlZ1RYckp5dDVWYmk0Rk9IeHJrOXhxQ21FRU54V2pINVVwNDBFK3hjUzZQU1NyCkNEclc3ZDlYcVJkOEpEZENtdGtLRGlMYWNaUzJMUm1abnd6VnRzZGtBR2pOYm5OM1hSNmlFajdGL0JnbVBlcDEKU2pJWnBTZzNkOS9YeHFPQTNZQllzTS9uUk9vWHlmTHcycFJOLzhHVjN3MHoxbVFZUitMZWI3UTFuc1c3dTJ5NworVHc5STZGU0J4bkdaR3RyUFl5NkVBb0NMdm1GQnFCYWxkWTQ2ejdlWjlIRkZXaE8ybWpaUzVPdTE3ZVozVHBxCnBRTVB1T2JxV3FyaE0xdjVjdmJodU5kREhNZ3ZVVFVnQ0RNK2FkS3dIc0dNNGw5ZGtOQTgxdGlJcXpzN1BqcjEKUm0wMlVuUXRneW8zY3hPRXVsYk9nU0hsdGhTMmtUMXE2UmhyemYvRGRJSEhta1RROGtwWVloWGc0VmpMQVdpSQpQbm9ncnZsRUlWMERhQ3ZEMjZiRkRDbVkxc29FbDV1NGtYanJScDRXK29NUVRHeG80NzFMQnNBMlh1Si82ZFJBCkJMVzh4dXBFODhEYmlrWW51NVdQaUp6ZXh4UVIyNU1FQVd6TCtKK0lubFExbmpMVWwyN3R0c1VQQ1VjL3c0NXoKcHBERHYwZnU0Nnp1S3EzY0VWRitiREsrQWdlT0Q2SXNzUjVRRTdFNVdkWjYrNWl6ZHB4eWdUeGh0L1k1RlBkSApHQjlCbDFrejR4bHRhczlvbmZrSDFkVHk3dzFNck43Z1l5WjgvS0pMWW9EY2NBOVFuNGt6bGtPeFVUMENuS1ExCmtWNk90aFRsVFgzK2duaUpJK3RXWUQ5bTRldXNzYWN1anpyWDl5TTNZcEloMnZqODJ0NHpPNjIrNFFJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRkJRZytucWI5QW9HSWtoTUxhNHFzWGRvY0JGcE1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVUlIVUYKSnBzbndUa3NhZGtmZEM1SnVIOGpadk13SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQUZqNlQ1MmRIUklVMHJuZDE0d2dob2tjUkdrK0hIQloyTGlDRHpUeUwKNHdCeTJ1ZXJXQWdvYUZzeUlNQzhwWTBhWlc4TFlSd1BtRVB0OXlUS09ZZzF0NWtOUnk2RkF5akszeis5TGZTQwoxRlFpb0pma3FHRnhoc1IxV1R5RjBGNmJmM2tZRDZ4OWw1dEdqMXF3SndrekZWZWcvZGNtUVhvRTBmUDRqSFFvCmgxWXdiZ3pTa084TzRLUVhuWXVRM3g0bWdoZnBvR0hQM2xINlcybDJlWHpqSzllRjJtUG1ZS0p1M3JpSnkvL3gKRzhQWXBYNlNTN3RoVnNNeHF3cGJHbURXQXRuSnNrSmVsNDI1WUdOYlZ4YTNPOHE3RWxLNGFoNXpmai8wRnVwTgo3SnlqMWQyZjZFck14WlFnUi9EdmlUVnhISytRY1lBRXBqU2ZmZzBrRStpS1BlN0VYTVk1VU1aZUFTK1ZteG1LCjBPOWxaQXNpWUlEMzkwVjNTaDZxYjhoL2xMZ0V2NCtSNUw1VEpFaldYc0dQSUpGaHJNSFJWR1lhV3JIYWx3eHYKNjE5NFlpSXBEaUlHSVVSWGN1U3dNcndIQzN0bms2QVo2OW5CczVXT1JYM0NxOVhRRnVrVlA5eUMxQnRuSmFwbQpubUMzK3NtTTErRjkxUXlkVXJtbUxPNUVwUmtTMitBcmRTSklUR1NRNWt4L3VLNjhzV0QzVVdNNVRibUxrcWdOCkt6djZjemVCbzJiVExDT0JKUWJ4STFCckRPTUFMSDlCdXdUamVXdUVtWE9TWE1lTDFsejdhL2JZKzJxa1BSOVAKTE5IekE2QXZlVmxucDNaeFdqMjZFK3dwYnU5cHBaY0QzRGVHRnRnZzVJbUJ2ZDNWbjJ6UVc4a1ZMT1ZBdllSawptdWc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
<csr/>
<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpSQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1M0d2dna3FBZ0VBQW9JQ0FRREpTUWVnVFhySnl0NVYKYmk0Rk9IeHJrOXhxQ21FRU54V2pINVVwNDBFK3hjUzZQU1NyQ0RyVzdkOVhxUmQ4SkRkQ210a0tEaUxhY1pTMgpMUm1abnd6VnRzZGtBR2pOYm5OM1hSNmlFajdGL0JnbVBlcDFTaklacFNnM2Q5L1h4cU9BM1lCWXNNL25ST29YCnlmTHcycFJOLzhHVjN3MHoxbVFZUitMZWI3UTFuc1c3dTJ5NytUdzlJNkZTQnhuR1pHdHJQWXk2RUFvQ0x2bUYKQnFCYWxkWTQ2ejdlWjlIRkZXaE8ybWpaUzVPdTE3ZVozVHBxcFFNUHVPYnFXcXJoTTF2NWN2Ymh1TmRESE1ndgpVVFVnQ0RNK2FkS3dIc0dNNGw5ZGtOQTgxdGlJcXpzN1BqcjFSbTAyVW5RdGd5bzNjeE9FdWxiT2dTSGx0aFMyCmtUMXE2UmhyemYvRGRJSEhta1RROGtwWVloWGc0VmpMQVdpSVBub2dydmxFSVYwRGFDdkQyNmJGRENtWTFzb0UKbDV1NGtYanJScDRXK29NUVRHeG80NzFMQnNBMlh1Si82ZFJBQkxXOHh1cEU4OERiaWtZbnU1V1BpSnpleHhRUgoyNU1FQVd6TCtKK0lubFExbmpMVWwyN3R0c1VQQ1VjL3c0NXpwcEREdjBmdTQ2enVLcTNjRVZGK2JESytBZ2VPCkQ2SXNzUjVRRTdFNVdkWjYrNWl6ZHB4eWdUeGh0L1k1RlBkSEdCOUJsMWt6NHhsdGFzOW9uZmtIMWRUeTd3MU0Kck43Z1l5WjgvS0pMWW9EY2NBOVFuNGt6bGtPeFVUMENuS1Exa1Y2T3RoVGxUWDMrZ25pSkkrdFdZRDltNGV1cwpzYWN1anpyWDl5TTNZcEloMnZqODJ0NHpPNjIrNFFJREFRQUJBb0lDQUNPNnZpc1BIY3pzb1NjK2dkWkU1dGNNCnZkc240UDFIenVRd0VzRUcrVG1zanVWMVBZbExrbkE4OU1DQmdDejEyOFpMcU51ZlUwSDkxK1Uzbjd2MGJ1bVAKd3BpR2R4UUNOMlpZaGZ2RWE5YW1qMTNZYjBJbks3b0FKbUdrT254NW91UFl6YlBRblBNRE9WK0VKa2JwTWRxZgptOHdmOWg2OXYzSk03bUZJS0UrOVVZR252UjhuMkhETTNwR3FONEhQS1A4MkE0RXlvQ2d2a1BTelRxc052bU5ICnBOY0RURW5rNlNsWUhUVDNOSzJjVnBldUhMUzUrazlqNWI5elhUSlE5TkpVZlN6bnEvUmFpMUZVNDY1K0xpUjEKMGVPWDdnajFWUExOcGgwcWtQQy9ubW0vZStVMmZXUGZZb2FDcWkrQ0VwU2twQXlQZ1FZZTJsSG0rYVU4MzZ2UQpuaHZuL0p5ZHJDL1NyTUFZaXpOZFYyZjlHTkNwcE1SbUZyOS9saVJiNEFpSzRLSDRETGdSRUxHaDJLNzJuOFRLCkxUSVhIV3RacisyMWU4c0Mxbm5MSENnK21wMHBvSWJsbEtoYk9VTmVxR09yWm95NFBXdDZMQndFYzN0MG1wVEMKODhiSUpqMzFCQngzTGE1SUE5b0FNRi9lbHJYdFhhVnl4bm5yTHdjYzFNVWpCV20rZDVqbC9WOEdIcEJRd3pXYwpPNWdNSXlQNUIvdzBacUcyZjV1akZkOHo4dElmcEFRRTJSbDNxRUFYNU1NY1JQaFlTNDJqTWl4czc3TmtOVldQCkpqUVoxVDVXQTVKOUxEL2FKRkplQ2MvbjhpNldOQ3FzdEQ5OVNPTCsrTTBFQTlka2lLNWtOcXFZeXZuRG9SZVcKSW84eXhvVnpObURsWjBkSU9UUzlBb0lCQVFEb2tvMWxPS05FNlBWWmRRU3lmS0JOTEZNcEl1V1VVZmp0ODU4awpJTTB0TnNyS0d2N3NmYkt0dlMvOWgwMGluU2FyWTJ4amVETG91WEI5VzdKY1B1NjRoNHYwek1lbXRhdDRyTUJnClA5bkQ3MW00dERqS2ZrZDAza2tUbk4ySTBxYkwzeFVoTjNEQlJZTU9veDFMa2M4MFFFMHhSUEM1YmRJaXcwemEKTWdtK1dOZVY1VEZoSkpQZ2dVRVo5U1A2aWV1VEY0OW9wRGNWdGUwQ0I0WnFUaTRWb3YvZFVDWGpNK0djRnNWdgpPWTZYTE9KTmRldHdnUVNkd1hlSzB1WlBpWnVKTGlsTEg4OFVKYWNoQThDZW1SclMxRUtxWElwK2dkQWV4MnhVCmY5amRMMGF2SlJEY0xqWlhETXBvWlJpc0JoWVArZzY3VHZza3FscDh4M2p2STlWVkFvSUJBUURkajZrdWNLM0MKYXprMzlqYllvM3RFZ0R5L2VGNnBjWFlpK21Ba1ZNRk9vSWJ5cmNyN3BqSnRMNFMyMEFDRmpBUGFQT042dWVVWQpQQm92dC9QODB1V1c5cGZCK29mRmdadzRqc3hLWFY4eEJmOVdLWVZndFBsOHhIL1RJcERTMjhVTlowNDlhUW4vCjlCRzNac0lyenk3RzFLRTZPLzBMMnVmMnFyaUxxRFQyV3dsdFVsbWs2Ym5NeThkR0sra1JLcFhvSm1RTlNHRHoKOXd4blU2ZmZ1NDdDLzRYMHRIVk1MVFVneFh4djdqN3BpSzI4dzBuZ1N5S3ozV0IzWTJwaFVsZEJIdEprQko1RQpoRm8zMXJCVDU5enhkb2crYXh1bkh4S3EySGFHRkt0ZUZ6RGpkTTFpQzE3bWNtWXBzR2tuenA0cjRjZm5FYTFSCko4Wmo5ZVFQaEVOZEFvSUJBUUN3d2hsbXNkb2MySFVJVFZDSm13QjJSdGJaYitWT2lkS0lmdDBYcHpwcFA3aDIKVEhndEl3ZDIxayt2LzNJWGVaclhMWlJHTVNkNEN1QTgxa0ZEckt6Z1lGeDFiR0hkQ1R2T1ZuVkxjWnUvTjUxWQpMTmp3eFhMbmxyMnhnMG8zMytuWERyQlBjNFJsejcvZ2t3WUQxa2pGckkwK2dlZjI5a2w4RkRUSHJMb05DaGFuCm5PNmZweDRneGZ2Rmo3T05pZDhhQnhEK2RiaEw3dDIzNmlJMWp6K2xRQ0g0Z1I2YWhHYldxOVBZU2NWZWprVmMKbTkrWnZPVFdSU0RteUkwMExDQ2k3UXVEUmlTcmFrYVFaL3F3VHlxOHk0ZnpWS3dKby8yYU52VFZiK2xSaWNuTgorWHpMNnU5dno0L1NNZXZEYWtqQVVjdDZmbmVQa1UxK2dsZ2VZSHlWQW9JQkFRRFJtYW0wVEZhbFdXaHMvNWtOClEwTkhINFhZb1JmMGRta0xXQStCNzBoY2lOS0JYRlp0ME9GZGw1bVdsSm9adk1hY1BBUDd3MGJ1c1ZVWWxZN1YKTy9LRTZVM1I3WjlxQWw1Mnh1aU81Vnc3ZFhBRDVBM1EyZ1EzdTNFdG5VS2lwOVA0QlNYb1JLbDRJVDV0WVdJSgpyZHVUciszQ3VLT0FCcHh4Snpxa3JBRkdtZ01HRCtUTWRXd1hTU1NBeHVPYklNMW1MSU4wYVdlSEJNMFFKdnptClZIb1BFVXA1b0FwamdWVUVacTk4K0VjK0NOWkxmL2d3bndQNllsQnpRWEtQRlNXRWJwTWNtWjNjTmRWZmc5T1YKM1FDUTBkQzhNL21hRlhSRWVibE95TmtCanpEcHpVTExJUFNyVDhoRVlpWm95VGVyVGRJZVVBUEZoYnBTTUhtTApFRlhsQW9JQkFRQ0VUdVJQRHZvMC9tdDhyTzhLNENsamtuU0gxZ1FBSjFha3U3UXg3NUJUTDB6OWRNY2lMK1JLCng1R1lFTW1wcUtNb2FPbWc0WFVRMVRlQ2Vic1R0NjMyWXp6cmNCU0d1RzVnN1o0UUVublUzRXU5QklIMUVSL2gKSEk0NWowU0xNRUpObkNiTkpnRVNRRUFCbzN3cHhrRTdiRGlNdTVPOXVqMlFRVTlTTm94QkFmbVFXRDJJaU1BRQpWYzV3QTNZajBMdElSYkJmdzNBTE9uNlRSc2xucy9JMnd2Z1RCQW9sU3NZbEtEK0NRY3hDZldlNmZwU21aYmlCClBGUE9DY1ZQTXhGeXBhZWFJMkRXNWRPNFNoNGQ0ZlZma2F3ck9LN1N2QnFZb0Y5L2VndThzQS9ZdklaRVltQUQKd0ZIOGs1QjJ4WXdiNkVmNmFFQ29ZTitsNWtlWmhNWTgKLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
</cert>
<cert uuid="cad18e13-92c5-48b6-9b44-ad2e5dcc799e">
<refid>6734d6c82dc59</refid>
<descr>Web GUI TLS certificate</descr>
<caref/>
<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVZkNETXpFclQ4dlVoenJaTVJta3JiT3dnSUdNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5ERXhNVE14TmpReE5EVmFGdzB5TlRFeU1UVXhOalF4TkRWYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURMc0xEbjRta1R4RXJYdHdqTXoxencyeHJhNTZ5bTYrYzlRNEM3UjMyMzVuWjVPM1ovCnczL2tNV2Y5L25GbGpnMkFXWERJSmNXZjk0NFJFblFMdmlha2NNTHR1Qm1KTVRYZnVQWnhsSWE4Wlc0S0ZuT20KVFM0WXFCVzhHQkpJd0xtQ2kxb2RoWXhmUEQ2TFdEZnZYMm1tWEIrUFNxL0l4WEhOSjdxZVB4YzVuSzUyMW1uNQpuQ0FtZFBDY2JmdmdXdUM2TnhWbXpkeXpta1QvNnVqRUJFYTZ6RkQyUUtDN1N6a2ptZUNpd2VDQjc5NjZqeEV5ClFrVlFqYlQ5MFlyeENvdE8rbTJIQU5QZHNjT3FvNldXMEhmSlNpa2k4K2NDWHlzbGRFSzFZbmxueTNFWlVqTEwKVmplRS9XQVU0Q1BZUmhYVFVGVTIxZFV2azNvYUVpeldVdmhKc1FHYnh2aFRUQlN3aVliOUQ3Ymx1MWl4UzJxNwo3Mzk5VWdRN3FTNUFhOElHbXA4NUNoUUlBWUVjSTd6RGVWTGtrOGpkWkFCaTdGbDl0M05OQTU3WlVZVzErWE45CitUZ3ljMTlTbGoxVW1RdkRvekxCQzk5TVJpLzREQTIxRFpIODY3ekFYenFqZWUrckorQkZvNzVEQjlqd2tMTmUKUGVpemxRenRIWmpSU0tnaWdSNU9KSmtSVHIvNjduaTBtbzVITGNkU3hBSDFmdXdXS0hWS2RHQlQrNjhhYkUrZwprUSsrVDhMenVhK1FtakxOUVFqMVJCSFYzSzVQL3dvbXJKZG02d1ZLbm85RXlNait4azFwS05wb0F4UnR1WllmCkNEVVVQWjR1cEJtbzBLN3dGNHdtV3VXYSttVndlb1ZTcDRXMEhOWVJGU1pyWWxrc1AzdWViSHcva1FJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRktidDd0QkRKN1daV1lMblQ5cEhTMklPdTg1TU1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVWZDRE0KekVyVDh2VWh6clpNUm1rcmJPd2dJR013SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQWNQbmllQ29FSmRjV25CVHdqRmE3bjZqTFMrZ1pUYUk2ZjAzWktQMFYKQ0pSaDUxWTNwb2dpcnJYcVNHQ1VGTVNHbGpsQ21mU2VhdW9GWFYwanZLejhnMGZ1NU9kYlhjd2FrZFBZSXgydQpVT0dMbllTaEdCNlpoMmhpWWdSVGFpemJoTVliQitzQkV4QU1CdHZRZElSZ3dBWkRNWE9jY0MwZnJaMFhRRlRFCnQ3by82VGYvZEprdnB0cmRYWW1INnFUWlA2MGxyTnlabVloTjc1NEluOFZLRVVSRWNZamg1ejlJanA1NTE1cU0Kb0VrSGNKbTBDNkh2VStETG1ybFpFYkV4bnVOMFQzWTBNZ0hiVFVhU2Y1L2FKVmlIM0dOMnMzbG1ZM0VXTS9Vcwo3azFyc2JTa2orZzJvQXlTcjU0Nlc4RkdaMjliZFlOYk1EaTQ4aXVRQWlzRlQrTGZXN3Y3RVl3WGJ3NUhSVkpNCjV2MlhnenJwN2Yxa08zckEzeXUyS1VSSktHdjJ1ZXhNSythb1VOZXhRT3ludmZGUTBCemRHQ1dlcmVvZTZ3bDMKbHc4Z2dCWDI1VGIxbzR3d1UzNXdtUUIrMC9rbjB0SXoveVBhY2JzbDAwZ0dJNFhTbWpRQmF0MUZYRHFEME1JMgp4S0RqMXZ2dkNTVnRKc09ESG95eDhLc3ptbno5UVFoV0ZNeC9LTXp1clh0OWtsWFRJc0t3d2NXMytZQWtQMzNaClgvOGJnZS8zK2RibTdNN3BndmFBNVFlU3VTbkwzNjdLT1g1NlNZNGFZWHhkc1haVDc0ZGxVRU1jbG9NU0NIOG4KR25QWlpyWTNHdnZaU2ovQWdqT2lDNHNBL2JSSmh4cCtUQndlRFByR0pFUEJFVW9sZEZHVXdraFJXMVVuRlc2YwpyTGM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
<csr/>
<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRRExzTERuNG1rVHhFclgKdHdqTXoxencyeHJhNTZ5bTYrYzlRNEM3UjMyMzVuWjVPM1ovdzMva01XZjkvbkZsamcyQVdYRElKY1dmOTQ0UgpFblFMdmlha2NNTHR1Qm1KTVRYZnVQWnhsSWE4Wlc0S0ZuT21UUzRZcUJXOEdCSkl3TG1DaTFvZGhZeGZQRDZMCldEZnZYMm1tWEIrUFNxL0l4WEhOSjdxZVB4YzVuSzUyMW1uNW5DQW1kUENjYmZ2Z1d1QzZOeFZtemR5em1rVC8KNnVqRUJFYTZ6RkQyUUtDN1N6a2ptZUNpd2VDQjc5NjZqeEV5UWtWUWpiVDkwWXJ4Q290TyttMkhBTlBkc2NPcQpvNldXMEhmSlNpa2k4K2NDWHlzbGRFSzFZbmxueTNFWlVqTExWamVFL1dBVTRDUFlSaFhUVUZVMjFkVXZrM29hCkVpeldVdmhKc1FHYnh2aFRUQlN3aVliOUQ3Ymx1MWl4UzJxNzczOTlVZ1E3cVM1QWE4SUdtcDg1Q2hRSUFZRWMKSTd6RGVWTGtrOGpkWkFCaTdGbDl0M05OQTU3WlVZVzErWE45K1RneWMxOVNsajFVbVF2RG96TEJDOTlNUmkvNApEQTIxRFpIODY3ekFYenFqZWUrckorQkZvNzVEQjlqd2tMTmVQZWl6bFF6dEhaalJTS2dpZ1I1T0pKa1JUci82CjduaTBtbzVITGNkU3hBSDFmdXdXS0hWS2RHQlQrNjhhYkUrZ2tRKytUOEx6dWErUW1qTE5RUWoxUkJIVjNLNVAKL3dvbXJKZG02d1ZLbm85RXlNait4azFwS05wb0F4UnR1WllmQ0RVVVBaNHVwQm1vMEs3d0Y0d21XdVdhK21Wdwplb1ZTcDRXMEhOWVJGU1pyWWxrc1AzdWViSHcva1FJREFRQUJBb0lDQUFzc3hPL2IzSTd3a0hpWU9wdmQ3b2ZxClJXVm9HM0ZHOVBkSCtrcU1DQW9zVXlpZ2lnWkZhQUZSY3BhZFBJUnBVRFZQOHQrUUx2RHhTSEtJVkNTR3lLRHgKN01mVTkxV3ZCUGtpc1NhWEV2TklEMHJ2WTJYbXl4WWdOcDBNcHdnbHhxZXlWSDNWSTFmZ09zQXpWVkpGSmtzeAp0NnVKV2U2R1lwRnlVZ3MzZytNdHhPYVJLZHcvWkFZb0dVRkR5WE5NR1JNdVRYYkg2WWxTOStFZ2RxZTJZbGtDCk41amkvODUydUlwSytXZUVnbmd1ZkVZNDdpVVhQSzFJTVB0UjRURUxOb3hkTWVBYnZBUG9La2QwMWZOWnVaQ3EKQ0dxNS9kMEQ4cDZKNjlUK3M1RnR1R1UrdkxtcUg3NmtsZjVmTTZnOFpCc2xSNStNQ0xlay9DaHRBZGU2VXBQRApXQ2EwazU3dmdneUdQdGVlVXY2RVJBMEp6SjlJd2VHZGdVWHhNdW5LK3ZSNWYydWJKWFJoMVJpNTNFSTNvVUxYClFvWm9hOTY3VzNUajQ3UzR2RlQyK2dLb0g2OXlNckdVNVkwcjJrSTFXMVVhWEJ1aVVrMi94amdyWVdTblUzUUQKZkM3ZXllTlNlN3c4UW9MMVBEYXJwVXdaK2xGZ0w3NFVScldLQU12WVhxa3NTMHVtb0tTSWo4cjZMM0hVSUVaUgpZRzhBTU91dFhrQk5lMkNpTXRKM2NYUXNIOWloQU9QL3AvaE9BTTBGNkM3Ymt1Vm85d1pRdDVESWxRWUl4TlArClFRZ2doRnhBNTlTWmpwRk00QkN5L0hEOENJY3VuSURZOVNlbXNSYXdyUVY1eGk1akFScVdOYTdBSVMvVlArdUUKQkpmS0dDNFlZVmxqS1VLeEgxVUJBb0lCQVFEcnZOWXNrd3ZhQ2Z6MlcvbkIrRjNjVE1RbjM2RENSYnZwQ0s1dApldm96TjJGbjBJdWFnN2RrYzN2NTFxTVNEd0h1cVNkVTRHUHZMcm83alpJaFNEZ1AwLzBLWmc0VmxtZE5HbEovCk1lcXhmOGRkOFdTQjZiUksrK2FRcEhaeDd2SUFTWkE4eHkvZ3F2NGJpSmlqVDhUQ2lSeXdYSTQ0ZlRYM0xLZTIKVG1Uc29XNk9yQmErSWJRYjBpTEh4WE4rZ3JDM0cxWWxIUlNvTEpKUkU0eFVLMGsvM1JLNU16RjRIYUNZb1BWOQpDOFpQellMR253SE9ERU8zbHRtSGJvQUNFa0VrT2dFV3U4RFo2YlYrMXJBcVh6WnN0L3hNZnJ5KzlMRVdYQUwvCkRnOEdkall0YzdyUTFZd1BIY1h6cFo2clVIdXh2K0p6VEE1ZzNCS1p6aWhwNFdHaEFvSUJBUURkTXE3N0dRWGMKYW5hYlMxanlFT3VzNFp5ZlJ4cW10NEVFaHZjY0dRVVVrV0IrWk11bnpyaENxb3ZwQ1dhVU9zWVhuNG45Y3BQSAo3bm1mOUJHbFI4NVhCVHNLM2d4bE5NMUhjSGFTNXZSem9WQVBNd3o2VVV0ZFNLWXRLR0Q3Wkxmbm9ISXN1SlEzCnJ6WWIyTFhpVmx6MWlNNUVmT0VrL1J5UjBwMGtleXVwa0F0OXBRV0hzaURYb0pibDE2d1ZLc2NDNGUzNjdRRWsKcFdoeXcyS3A4bXdtOGxqQllxZWtHdUREeGVZSDMzMVlGa2FMUEJCT2xPQnlveFlOUDdBVVREUlV3KzB1T01jNwozb0N1VE9jWnAxVWMwQURBOXRTRVRINklWdlFEUXZlYzR6MWRTVGRmUEkxRzVUTCt4Mzlvam5OcGVoYng0bEwvCmRxTTBmcFlPL2ZmeEFvSUJBRmwzOU8wNzdjNlY1ZHoyY1djTnhVbThGT0p4UEVrZlFEOGtYVmNOeW5HdnZoY3gKamhwWmpUdmhuSmJvd0VFMVV1MXFZNVFTQ2J1WVIzUWN1ZTVKdzRVMlZwNGd0NDIzNUlMZHo1dVlyVk1xaE5jQgpxN3ltbnhlcVhRcGVjTm15NzBQdXA0QjV0SkVYTkpQc2xzbThsNWVoaERMbkhjOFFybStlRWhUZDBlNEJJcjJoClVJeGVyRVcyemg1MXNPeTkyeVhUaVRGU3hTbENxVkYrRXM5TEVtVGJtYVNTYWw4RkY1TjEyMVhYSnkvWWRwNjkKY0dqc1BMTXIzR2xMSmVnalYzZlJUK0o1NWFxT3lhUlhCTXRBRVo3WGdUampETzJJWHNGMnNHaHV4SU1XVUYrVgp3YnhLbi9xSXVUMU1pVmpKbGZpVE0vWEFVdUN1QlowOEloaDFRcUVDZ2dFQUZwdzJySzRMSGxPM21mb2l0bU9xClkzcVFVdXVtdXNIcEt6aE1qQSsycURxUC9YdDZJY1lNcWF2YkwwL3ByMTh1bm4yTlVsM2k0ejNxS3NKOUIwTUcKd1hoa1o2RDQ3V052VkUwWG9iNS80RTN0N0EvUTFNbDRoYW1HYXZsRXFJM01DcDRvN1k5VWZ6aW10RVA3bTQ0dQpaRjYranR1ZysvSHZlS3hwcWEvNWI1U3N5QVFWUTZDZW9Ndm1nTW9CNmd2OFdid1VZbURWakJSb1Q4clBEQVllCnJnQjV1QkxJaGdyRlROMnV2TUZJZzdlTE1ISk1UR3dGWVZKd1Q1eGgrRUV0M0RoR3gwSEFnOHNqcGkxd05md1gKeENFeTRvYVloSWw1S2FDUndyK1dwZS9JZHYrajdGVTVMN1QvK0hFV0FlOEZ0eE5td3dUYWJRaUllRFkwU29ZRgpVUUtDQVFFQXRiclZqbTFsaDQ1REhIWnVsem4xNllIQzJrMUYwWG9FZFVSQ3o0QTFsMHBEK3ljL2srdmJ0Qmg0Cm1RRDV1a3FicHFFZy9GNUhDZmdOaHlieHNNdVV6NzFaU24zN2dwczNDWUdiUyt4RkhjZTJBakNTbUlYQWIxQjgKR0Z2WnV4UlB5QXU0YVBvT1J3RzM3NVBOM0VNNk83bzdxbjlYeExTZWRIMHExM2U0YkhYYm4rc2xOa1RIM2xmcwpLVnBOUUhVSUNDSW5vQ0llV1dwdnAwQnFoYjlKclRsbXd2c25zOHpZVDNiY3F5QXZHZGRnNUs3Y0MwRVJaem9ECnFJTkI3S05FVjQ1NmF0eDZVT3VYUlpKREMvaHNJUTZNaVBveUJacHRsK1ZIMEtQbEFIWGExb0FXZmNuL0U3MFYKK0RaeVBiMWxkQUdpb1hqditGd2h5VzZlWEVrQlBnPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
</cert>
<syslog/>
</opnsense>

987
opnsense-config/src/tests/data/config-vm-test_cheat_descr.xml Normal file
View File

@@ -0,0 +1,987 @@
<?xml version="1.0"?>
<opnsense>
<theme>opnsense</theme>
<sysctl>
<item>
<descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
<tunable>vfs.read_max</tunable>
<value>default</value>
</item>
<item>
<descr>Set the ephemeral port range to be lower.</descr>
<tunable>net.inet.ip.portrange.first</tunable>
<value>default</value>
</item>
<item>
<descr>Drop packets to closed TCP ports without returning a RST</descr>
<tunable>net.inet.tcp.blackhole</tunable>
<value>default</value>
</item>
<item>
<descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
<tunable>net.inet.udp.blackhole</tunable>
<value>default</value>
</item>
<item>
<descr>Randomize the ID field in IP packets</descr>
<tunable>net.inet.ip.random_id</tunable>
<value>default</value>
</item>
<item>
<descr>Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.</descr>
<tunable>net.inet.ip.sourceroute</tunable>
<value>default</value>
</item>
<item>
<descr>Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.</descr>
<tunable>net.inet.ip.accept_sourceroute</tunable>
<value>default</value>
</item>
<item>
<descr>This option turns off the logging of redirect packets because there is no limit and this could fill
up your logs consuming your whole hard drive.</descr>
<tunable>net.inet.icmp.log_redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
<tunable>net.inet.tcp.drop_synfin</tunable>
<value>default</value>
</item>
<item>
<descr>Enable sending IPv6 redirects</descr>
<tunable>net.inet6.ip6.redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
<tunable>net.inet6.ip6.use_tempaddr</tunable>
<value>default</value>
</item>
<item>
<descr>Prefer privacy addresses and use them over the normal addresses</descr>
<tunable>net.inet6.ip6.prefer_tempaddr</tunable>
<value>default</value>
</item>
<item>
<descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
<tunable>net.inet.tcp.syncookies</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
<tunable>net.inet.tcp.recvspace</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
<tunable>net.inet.tcp.sendspace</tunable>
<value>default</value>
</item>
<item>
<descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
<tunable>net.inet.tcp.delayed_ack</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum outgoing UDP datagram size</descr>
<tunable>net.inet.udp.maxdgram</tunable>
<value>default</value>
</item>
<item>
<descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
<tunable>net.link.bridge.pfil_onlyip</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
<tunable>net.link.bridge.pfil_local_phys</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
<tunable>net.link.bridge.pfil_member</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 1 to enable filtering on the bridge interface</descr>
<tunable>net.link.bridge.pfil_bridge</tunable>
<value>default</value>
</item>
<item>
<descr>Allow unprivileged access to tap(4) device nodes</descr>
<tunable>net.link.tap.user_open</tunable>
<value>default</value>
</item>
<item>
<descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
<tunable>kern.randompid</tunable>
<value>default</value>
</item>
<item>
<descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
<tunable>hw.syscons.kbd_reboot</tunable>
<value>default</value>
</item>
<item>
<descr>Enable TCP extended debugging</descr>
<tunable>net.inet.tcp.log_debug</tunable>
<value>default</value>
</item>
<item>
<descr>Set ICMP Limits</descr>
<tunable>net.inet.icmp.icmplim</tunable>
<value>default</value>
</item>
<item>
<descr>TCP Offload Engine</descr>
<tunable>net.inet.tcp.tso</tunable>
<value>default</value>
</item>
<item>
<descr>UDP Checksums</descr>
<tunable>net.inet.udp.checksum</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum socket buffer size</descr>
<tunable>kern.ipc.maxsockbuf</tunable>
<value>default</value>
</item>
<item>
<descr>Page Table Isolation (Meltdown mitigation, requires reboot.)</descr>
<tunable>vm.pmap.pti</tunable>
<value>default</value>
</item>
<item>
<descr>Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)</descr>
<tunable>hw.ibrs_disable</tunable>
<value>default</value>
</item>
<item>
<descr>Hide processes running as other groups</descr>
<tunable>security.bsd.see_other_gids</tunable>
<value>default</value>
</item>
<item>
<descr>Hide processes running as other users</descr>
<tunable>security.bsd.see_other_uids</tunable>
<value>default</value>
</item>
<item>
<descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
and for the sender directly reachable, route and next hop is known.</descr>
<tunable>net.inet.ip.redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum outgoing UDP datagram size</descr>
<tunable>net.local.dgram.maxdgram</tunable>
<value>default</value>
</item>
</sysctl>
<system>
<optimization>normal</optimization>
<hostname>OPNsense</hostname>
<domain>localdomain</domain>
<dnsallowoverride>1</dnsallowoverride>
<group>
<name>admins</name>
<description>System Administrators</description>
<scope>system</scope>
<gid>1999</gid>
<member>0</member>
<priv>page-all</priv>
</group>
<user>
<name>root</name>
<descr>System Administrator</descr>
<scope>system</scope>
<groupname>admins</groupname>
<password>$2y$10$YRVoF4SgskIsrXOvOQjGieB9XqHPRra9R7d80B3BZdbY/j21TwBfS</password>
<uid>0</uid>
</user>
<nextuid>2000</nextuid>
<nextgid>2000</nextgid>
<timezone>Etc/UTC</timezone>
<timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
<webgui>
<protocol>https</protocol>
<ssl-certref>6734d6c82dc59</ssl-certref>
<port/>
<ssl-ciphers/>
<interfaces/>
<compression/>
</webgui>
<disablenatreflection>yes</disablenatreflection>
<usevirtualterminal>1</usevirtualterminal>
<disableconsolemenu>1</disableconsolemenu>
<disablevlanhwfilter>1</disablevlanhwfilter>
<disablechecksumoffloading>1</disablechecksumoffloading>
<disablesegmentationoffloading>1</disablesegmentationoffloading>
<disablelargereceiveoffloading>1</disablelargereceiveoffloading>
<ipv6allow>1</ipv6allow>
<powerd_ac_mode>hadp</powerd_ac_mode>
<powerd_battery_mode>hadp</powerd_battery_mode>
<powerd_normal_mode>hadp</powerd_normal_mode>
<bogons>
<interval>monthly</interval>
</bogons>
<pf_share_forward>1</pf_share_forward>
<lb_use_sticky>1</lb_use_sticky>
<ssh>
<group>admins</group>
<noauto>1</noauto>
<interfaces/>
<kex/>
<ciphers/>
<macs/>
<keys/>
<keysig/>
<enabled>enabled</enabled>
<passwordauth>1</passwordauth>
<permitrootlogin>1</permitrootlogin>
</ssh>
<rrdbackup>-1</rrdbackup>
<netflowbackup>-1</netflowbackup>
<firmware version="1.0.1">
<mirror/>
<flavour/>
<plugins/>
<type/>
<subscription/>
<reboot/>
</firmware>
<dnsserver>192.168.5.1</dnsserver>
<language>en_US</language>
<serialspeed>115200</serialspeed>
<primaryconsole>video</primaryconsole>
<secondaryconsole>serial</secondaryconsole>
</system>
<interfaces>
<lan>
<enable>1</enable>
<if>le1</if>
<ipaddr>10.100.8.1</ipaddr>
<subnet>24</subnet>
<ipaddrv6>track6</ipaddrv6>
<subnetv6>64</subnetv6>
<media/>
<mediaopt/>
<track6-interface>wan</track6-interface>
<track6-prefix-id>0</track6-prefix-id>
</lan>
<lo0>
<internal_dynamic>1</internal_dynamic>
<descr>Loopback</descr>
<enable>1</enable>
<if>lo0</if>
<ipaddr>127.0.0.1</ipaddr>
<ipaddrv6>::1</ipaddrv6>
<subnet>8</subnet>
<subnetv6>128</subnetv6>
<type>none</type>
<virtual>1</virtual>
</lo0>
<wan>
<if>le0</if>
<descr/>
<enable>1</enable>
<spoofmac/>
<ipaddr>dhcp</ipaddr>
<dhcphostname/>
<alias-address/>
<alias-subnet>32</alias-subnet>
<dhcprejectfrom/>
<adv_dhcp_pt_timeout/>
<adv_dhcp_pt_retry/>
<adv_dhcp_pt_select_timeout/>
<adv_dhcp_pt_reboot/>
<adv_dhcp_pt_backoff_cutoff/>
<adv_dhcp_pt_initial_interval/>
<adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
<adv_dhcp_send_options/>
<adv_dhcp_request_options/>
<adv_dhcp_required_options/>
<adv_dhcp_option_modifiers/>
<adv_dhcp_config_advanced/>
<adv_dhcp_config_file_override/>
<adv_dhcp_config_file_override_path/>
</wan>
</interfaces>
<dhcpd>
<lan>
<enable/>
<range>
<from>10.100.8.10</from>
<to>10.100.8.245</to>
</range>
<staticmap>
<mac>d8:5e:d3:e7:2c:8c</mac>
<ipaddr>10.100.8.15</ipaddr>
<hostname>rtx4090</hostname>
<winsserver/>
<dnsserver/>
<ntpserver/>
</staticmap>
</lan>
</dhcpd>
<snmpd>
<syslocation/>
<syscontact/>
<rocommunity>public</rocommunity>
</snmpd>
<nat>
<outbound>
<mode>automatic</mode>
</outbound>
</nat>
<filter>
<rule uuid="f79eded0-3c11-4f57-9aaa-55d4888589fa">
<type>pass</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<direction>in</direction>
<quick>1</quick>
<protocol>tcp</protocol>
<source>
<any>1</any>
</source>
<destination>
<network>wanip</network>
<port>80</port>
</destination>
<updated>
<username>root@192.168.5.204</username>
<time>1731518072.7612</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@192.168.5.204</username>
<time>1731518072.7612</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="4a5e7b65-0d7f-4452-8a29-2ec61a47ec19">
<type>pass</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<direction>in</direction>
<quick>1</quick>
<protocol>tcp</protocol>
<source>
<any>1</any>
</source>
<destination>
<network>wanip</network>
<port>443</port>
</destination>
<updated>
<username>root@192.168.5.204</username>
<time>1731518084.0639</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@192.168.5.204</username>
<time>1731518084.0639</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="0465308d-8605-466c-bcb4-95eeb989251a">
<type>pass</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<direction>in</direction>
<quick>1</quick>
<protocol>tcp/udp</protocol>
<source>
<any>1</any>
</source>
<destination>
<any>1</any>
<port>22</port>
</destination>
<updated>
<username>root@192.168.5.204</username>
<time>1731518114.2801</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@192.168.5.204</username>
<time>1731518114.2801</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="2df05591-13e7-4d91-a1b8-d25e338ada5f">
<type>pass</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<descr>Allow ping</descr>
<direction>in</direction>
<quick>1</quick>
<protocol>icmp</protocol>
<source>
<any>1</any>
</source>
<destination>
<network>(self)</network>
</destination>
<updated>
<username>root@192.168.5.204</username>
<time>1731518356.7559</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@192.168.5.204</username>
<time>1731518311.7033</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="f2ee612c-c290-4445-8045-df82a86db0e5">
<type>pass</type>
<ipprotocol>inet</ipprotocol>
<descr>Default allow LAN to any rule</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
<rule uuid="b21f808a-6a4a-4cd6-9a83-1660cc8ea58b">
<type>pass</type>
<ipprotocol>inet6</ipprotocol>
<descr>Default allow LAN IPv6 to any rule</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
</filter>
<rrd>
<enable/>
</rrd>
<ntpd>
<prefer>0.opnsense.pool.ntp.org</prefer>
</ntpd>
<widgets>
<sequence>system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show</sequence>
<column_count>2</column_count>
</widgets>
<revision>
<username>root@192.168.5.204</username>
<time>1731534516.7156</time>
<description>/interfaces.php made changes</description>
</revision>
<OPNsense>
<DHCRelay version="1.0.1"/>
<wireguard>
<client version="1.0.0">
<clients/>
</client>
<general version="0.0.1">
<enabled>0</enabled>
</general>
<server version="1.0.0">
<servers/>
</server>
</wireguard>
<IPsec version="1.0.1">
<general>
<enabled/>
</general>
<keyPairs/>
<preSharedKeys/>
</IPsec>
<Swanctl version="1.0.0">
<Connections/>
<locals/>
<remotes/>
<children/>
<Pools/>
<VTIs/>
<SPDs/>
</Swanctl>
<OpenVPNExport version="0.0.1">
<servers/>
</OpenVPNExport>
<OpenVPN version="1.0.0">
<Overwrites/>
<Instances/>
<StaticKeys/>
</OpenVPN>
<captiveportal version="1.0.2">
<zones/>
<templates/>
</captiveportal>
<cron version="1.0.4">
<jobs/>
</cron>
<Firewall>
<Lvtemplate version="0.0.1">
<templates/>
</Lvtemplate>
<Alias version="1.0.1">
<geoip>
<url/>
</geoip>
<aliases/>
</Alias>
<Category version="1.0.0">
<categories/>
</Category>
<Filter version="1.0.4">
<rules/>
<snatrules/>
<npt/>
<onetoone/>
</Filter>
</Firewall>
<Netflow version="1.0.1">
<capture>
<interfaces/>
<egress_only/>
<version>v9</version>
<targets/>
</capture>
<collect>
<enable>0</enable>
</collect>
<activeTimeout>1800</activeTimeout>
<inactiveTimeout>15</inactiveTimeout>
</Netflow>
<IDS version="1.0.9">
<rules/>
<policies/>
<userDefinedRules/>
<files/>
<fileTags/>
<general>
<enabled>0</enabled>
<ips>0</ips>
<promisc>0</promisc>
<interfaces>wan</interfaces>
<homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
<defaultPacketSize/>
<UpdateCron/>
<AlertLogrotate>W0D23</AlertLogrotate>
<AlertSaveLogs>4</AlertSaveLogs>
<MPMAlgo/>
<detect>
<Profile/>
<toclient_groups/>
<toserver_groups/>
</detect>
<syslog>0</syslog>
<syslog_eve>0</syslog_eve>
<LogPayload>0</LogPayload>
<verbosity/>
</general>
</IDS>
<Interfaces>
<loopbacks version="1.0.0"/>
<neighbors version="1.0.0"/>
<vxlans version="1.0.2"/>
</Interfaces>
<Kea>
<ctrl_agent version="0.0.1">
<general>
<enabled>0</enabled>
<http_host>127.0.0.1</http_host>
<http_port>8000</http_port>
</general>
</ctrl_agent>
<dhcp4 version="1.0.0">
<general>
<enabled>0</enabled>
<interfaces/>
<valid_lifetime>4000</valid_lifetime>
<fwrules>1</fwrules>
</general>
<ha>
<enabled>0</enabled>
<this_server_name/>
</ha>
<subnets/>
<reservations/>
<ha_peers/>
</dhcp4>
</Kea>
<monit version="1.0.13">
<general>
<enabled>0</enabled>
<interval>120</interval>
<startdelay>120</startdelay>
<mailserver>127.0.0.1</mailserver>
<port>25</port>
<username/>
<password/>
<ssl>0</ssl>
<sslversion>auto</sslversion>
<sslverify>1</sslverify>
<logfile/>
<statefile/>
<eventqueuePath/>
<eventqueueSlots/>
<httpdEnabled>0</httpdEnabled>
<httpdUsername>root</httpdUsername>
<httpdPassword/>
<httpdPort>2812</httpdPort>
<httpdAllow/>
<mmonitUrl/>
<mmonitTimeout>5</mmonitTimeout>
<mmonitRegisterCredentials>1</mmonitRegisterCredentials>
</general>
<alert uuid="15f1e9ca-5dd5-4b20-b595-b6b4f82245d0">
<enabled>0</enabled>
<recipient>root@localhost.local</recipient>
<noton>0</noton>
<events/>
<format/>
<reminder/>
<description/>
</alert>
<service uuid="c1e99556-91f5-4dbf-81d7-7915a3213de9">
<enabled>1</enabled>
<name>$HOST</name>
<description/>
<type>system</type>
<pidfile/>
<match/>
<path/>
<timeout>300</timeout>
<starttimeout>30</starttimeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>91b4e409-211b-49d5-9fa3-dc9054106646,cbe9cb72-e8c2-4740-990c-abcc486b0654,c0708923-88de-4178-abdd-819737440ce0,e887125d-c5d2-45e6-b40d-2c400d5449d1</tests>
<depends/>
<polltime/>
</service>
<service uuid="7513f341-7d21-4f11-903f-30d07b3aa41e">
<enabled>1</enabled>
<name>RootFs</name>
<description/>
<type>filesystem</type>
<pidfile/>
<match/>
<path>/</path>
<timeout>300</timeout>
<starttimeout>30</starttimeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>cc3684f2-701e-4de4-883d-803e08cf47b6</tests>
<depends/>
<polltime/>
</service>
<service uuid="f99ada79-ba1a-4ee1-81f1-ef570e8e5ea9">
<enabled>0</enabled>
<name>carp_status_change</name>
<description/>
<type>custom</type>
<pidfile/>
<match/>
<path>/usr/local/opnsense/scripts/OPNsense/Monit/carp_status</path>
<timeout>300</timeout>
<starttimeout>30</starttimeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>f2d734cb-2a0e-4375-9460-11bdd5b20503</tests>
<depends/>
<polltime/>
</service>
<service uuid="dca8a81f-d389-4baa-b477-8b348194fd25">
<enabled>0</enabled>
<name>gateway_alert</name>
<description/>
<type>custom</type>
<pidfile/>
<match/>
<path>/usr/local/opnsense/scripts/OPNsense/Monit/gateway_alert</path>
<timeout>300</timeout>
<starttimeout>30</starttimeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>865105a2-cbea-4a01-9979-c67818da9d99</tests>
<depends/>
<polltime/>
</service>
<test uuid="ea6b821c-4f30-455b-bd5b-23a6f0c20554">
<name>Ping</name>
<type>NetworkPing</type>
<condition>failed ping</condition>
<action>alert</action>
<path/>
</test>
<test uuid="16186b38-0e13-4cc3-ad18-ccc3fcc91837">
<name>NetworkLink</name>
<type>NetworkInterface</type>
<condition>failed link</condition>
<action>alert</action>
<path/>
</test>
<test uuid="69117d4d-8c41-4712-97c0-87b4fa7c9837">
<name>NetworkSaturation</name>
<type>NetworkInterface</type>
<condition>saturation is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="91b4e409-211b-49d5-9fa3-dc9054106646">
<name>MemoryUsage</name>
<type>SystemResource</type>
<condition>memory usage is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="cbe9cb72-e8c2-4740-990c-abcc486b0654">
<name>CPUUsage</name>
<type>SystemResource</type>
<condition>cpu usage is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="c0708923-88de-4178-abdd-819737440ce0">
<name>LoadAvg1</name>
<type>SystemResource</type>
<condition>loadavg (1min) is greater than 4</condition>
<action>alert</action>
<path/>
</test>
<test uuid="e887125d-c5d2-45e6-b40d-2c400d5449d1">
<name>LoadAvg5</name>
<type>SystemResource</type>
<condition>loadavg (5min) is greater than 3</condition>
<action>alert</action>
<path/>
</test>
<test uuid="c34aab30-9194-4667-b516-004b9c90c1c0">
<name>LoadAvg15</name>
<type>SystemResource</type>
<condition>loadavg (15min) is greater than 2</condition>
<action>alert</action>
<path/>
</test>
<test uuid="cc3684f2-701e-4de4-883d-803e08cf47b6">
<name>SpaceUsage</name>
<type>SpaceUsage</type>
<condition>space usage is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="f2d734cb-2a0e-4375-9460-11bdd5b20503">
<name>ChangedStatus</name>
<type>ProgramStatus</type>
<condition>changed status</condition>
<action>alert</action>
<path/>
</test>
<test uuid="865105a2-cbea-4a01-9979-c67818da9d99">
<name>NonZeroStatus</name>
<type>ProgramStatus</type>
<condition>status != 0</condition>
<action>alert</action>
<path/>
</test>
</monit>
<Gateways version="1.0.0">
<gateway_item uuid="a6ea102d-68bb-430f-af8b-269d52498fe1">
<disabled>0</disabled>
<name>WAN_GW</name>
<descr>Interface WAN Gateway</descr>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<gateway>172.17.0.1</gateway>
<defaultgw>1</defaultgw>
<fargw>0</fargw>
<monitor_disable>1</monitor_disable>
<monitor_noroute/>
<monitor/>
<force_down/>
<priority>255</priority>
<weight>1</weight>
<latencylow/>
<latencyhigh/>
<losslow/>
<losshigh/>
<interval/>
<time_period/>
<loss_interval/>
<data_length/>
</gateway_item>
</Gateways>
<Syslog version="1.0.2">
<general>
<enabled>1</enabled>
<loglocal>1</loglocal>
<maxpreserve>31</maxpreserve>
<maxfilesize/>
</general>
<destinations/>
</Syslog>
<TrafficShaper version="1.0.3">
<pipes/>
<queues/>
<rules/>
</TrafficShaper>
<unboundplus version="1.0.9">
<general>
<enabled>1</enabled>
<port>53</port>
<stats/>
<active_interface/>
<dns64/>
<dns64prefix/>
<noarecords/>
<regdhcp/>
<regdhcpdomain/>
<regdhcpstatic/>
<noreglladdr6/>
<noregrecords/>
<txtsupport/>
<cacheflush/>
<local_zone_type>transparent</local_zone_type>
<outgoing_interface/>
<enable_wpad/>
</general>
<advanced>
<hideidentity/>
<hideversion/>
<prefetch/>
<prefetchkey/>
<aggressivensec>1</aggressivensec>
<serveexpired/>
<serveexpiredreplyttl/>
<serveexpiredttl/>
<serveexpiredttlreset/>
<serveexpiredclienttimeout/>
<qnameminstrict/>
<extendedstatistics/>
<logqueries/>
<logreplies/>
<logtagqueryreply/>
<logservfail/>
<loglocalactions/>
<logverbosity>1</logverbosity>
<valloglevel>0</valloglevel>
<privatedomain/>
<privateaddress>0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10</privateaddress>
<insecuredomain/>
<msgcachesize/>
<rrsetcachesize/>
<outgoingnumtcp/>
<incomingnumtcp/>
<numqueriesperthread/>
<outgoingrange/>
<jostletimeout/>
<cachemaxttl/>
<cachemaxnegativettl/>
<cacheminttl/>
<infrahostttl/>
<infrakeepprobing/>
<infracachenumhosts/>
<unwantedreplythreshold/>
</advanced>
<acls>
<default_action>allow</default_action>
</acls>
<dnsbl>
<enabled>0</enabled>
<safesearch/>
<type/>
<lists/>
<whitelists/>
<blocklists/>
<wildcards/>
<address/>
<nxdomain/>
</dnsbl>
<forwarding>
<enabled/>
</forwarding>
<dots/>
<hosts/>
<aliases/>
<domains/>
</unboundplus>
</OPNsense>
<hasync version="1.0.0">
<disablepreempt>0</disablepreempt>
<disconnectppps>0</disconnectppps>
<pfsyncenabled>0</pfsyncenabled>
<pfsyncinterface>lan</pfsyncinterface>
<pfsyncpeerip/>
<pfsyncversion>1400</pfsyncversion>
<synchronizetoip/>
<username/>
<password/>
<syncitems/>
</hasync>
<openvpn/>
<ifgroups version="1.0.0"/>
<gifs version="1.0.0">
<gif/>
</gifs>
<gres version="1.0.0">
<gre/>
</gres>
<laggs version="1.0.0">
<lagg/>
</laggs>
<virtualip version="1.0.0">
<vip/>
</virtualip>
<vlans version="1.0.0">
<vlan/>
</vlans>
<staticroutes version="1.0.0">
<route/>
</staticroutes>
<bridges>
<bridged/>
</bridges>
<ppps>
<ppp/>
</ppps>
<wireless>
<clone/>
</wireless>
<ca/>
<dhcpdv6/>
<cert uuid="547102e9-23ba-48b8-8af8-64be61049e96">
<refid>6734d13fa9e4a</refid>
<descr>Web GUI TLS certificate</descr>
<caref/>
<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVSUhVRkpwc253VGtzYWRrZmRDNUp1SDhqWnZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5ERXhNVE14TmpFNE1EbGFGdzB5TlRFeU1UVXhOakU0TURsYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURKU1FlZ1RYckp5dDVWYmk0Rk9IeHJrOXhxQ21FRU54V2pINVVwNDBFK3hjUzZQU1NyCkNEclc3ZDlYcVJkOEpEZENtdGtLRGlMYWNaUzJMUm1abnd6VnRzZGtBR2pOYm5OM1hSNmlFajdGL0JnbVBlcDEKU2pJWnBTZzNkOS9YeHFPQTNZQllzTS9uUk9vWHlmTHcycFJOLzhHVjN3MHoxbVFZUitMZWI3UTFuc1c3dTJ5NworVHc5STZGU0J4bkdaR3RyUFl5NkVBb0NMdm1GQnFCYWxkWTQ2ejdlWjlIRkZXaE8ybWpaUzVPdTE3ZVozVHBxCnBRTVB1T2JxV3FyaE0xdjVjdmJodU5kREhNZ3ZVVFVnQ0RNK2FkS3dIc0dNNGw5ZGtOQTgxdGlJcXpzN1BqcjEKUm0wMlVuUXRneW8zY3hPRXVsYk9nU0hsdGhTMmtUMXE2UmhyemYvRGRJSEhta1RROGtwWVloWGc0VmpMQVdpSQpQbm9ncnZsRUlWMERhQ3ZEMjZiRkRDbVkxc29FbDV1NGtYanJScDRXK29NUVRHeG80NzFMQnNBMlh1Si82ZFJBCkJMVzh4dXBFODhEYmlrWW51NVdQaUp6ZXh4UVIyNU1FQVd6TCtKK0lubFExbmpMVWwyN3R0c1VQQ1VjL3c0NXoKcHBERHYwZnU0Nnp1S3EzY0VWRitiREsrQWdlT0Q2SXNzUjVRRTdFNVdkWjYrNWl6ZHB4eWdUeGh0L1k1RlBkSApHQjlCbDFrejR4bHRhczlvbmZrSDFkVHk3dzFNck43Z1l5WjgvS0pMWW9EY2NBOVFuNGt6bGtPeFVUMENuS1ExCmtWNk90aFRsVFgzK2duaUpJK3RXWUQ5bTRldXNzYWN1anpyWDl5TTNZcEloMnZqODJ0NHpPNjIrNFFJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRkJRZytucWI5QW9HSWtoTUxhNHFzWGRvY0JGcE1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVUlIVUYKSnBzbndUa3NhZGtmZEM1SnVIOGpadk13SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQUZqNlQ1MmRIUklVMHJuZDE0d2dob2tjUkdrK0hIQloyTGlDRHpUeUwKNHdCeTJ1ZXJXQWdvYUZzeUlNQzhwWTBhWlc4TFlSd1BtRVB0OXlUS09ZZzF0NWtOUnk2RkF5akszeis5TGZTQwoxRlFpb0pma3FHRnhoc1IxV1R5RjBGNmJmM2tZRDZ4OWw1dEdqMXF3SndrekZWZWcvZGNtUVhvRTBmUDRqSFFvCmgxWXdiZ3pTa084TzRLUVhuWXVRM3g0bWdoZnBvR0hQM2xINlcybDJlWHpqSzllRjJtUG1ZS0p1M3JpSnkvL3gKRzhQWXBYNlNTN3RoVnNNeHF3cGJHbURXQXRuSnNrSmVsNDI1WUdOYlZ4YTNPOHE3RWxLNGFoNXpmai8wRnVwTgo3SnlqMWQyZjZFck14WlFnUi9EdmlUVnhISytRY1lBRXBqU2ZmZzBrRStpS1BlN0VYTVk1VU1aZUFTK1ZteG1LCjBPOWxaQXNpWUlEMzkwVjNTaDZxYjhoL2xMZ0V2NCtSNUw1VEpFaldYc0dQSUpGaHJNSFJWR1lhV3JIYWx3eHYKNjE5NFlpSXBEaUlHSVVSWGN1U3dNcndIQzN0bms2QVo2OW5CczVXT1JYM0NxOVhRRnVrVlA5eUMxQnRuSmFwbQpubUMzK3NtTTErRjkxUXlkVXJtbUxPNUVwUmtTMitBcmRTSklUR1NRNWt4L3VLNjhzV0QzVVdNNVRibUxrcWdOCkt6djZjemVCbzJiVExDT0JKUWJ4STFCckRPTUFMSDlCdXdUamVXdUVtWE9TWE1lTDFsejdhL2JZKzJxa1BSOVAKTE5IekE2QXZlVmxucDNaeFdqMjZFK3dwYnU5cHBaY0QzRGVHRnRnZzVJbUJ2ZDNWbjJ6UVc4a1ZMT1ZBdllSawptdWc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
<csr/>
<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpSQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1M0d2dna3FBZ0VBQW9JQ0FRREpTUWVnVFhySnl0NVYKYmk0Rk9IeHJrOXhxQ21FRU54V2pINVVwNDBFK3hjUzZQU1NyQ0RyVzdkOVhxUmQ4SkRkQ210a0tEaUxhY1pTMgpMUm1abnd6VnRzZGtBR2pOYm5OM1hSNmlFajdGL0JnbVBlcDFTaklacFNnM2Q5L1h4cU9BM1lCWXNNL25ST29YCnlmTHcycFJOLzhHVjN3MHoxbVFZUitMZWI3UTFuc1c3dTJ5NytUdzlJNkZTQnhuR1pHdHJQWXk2RUFvQ0x2bUYKQnFCYWxkWTQ2ejdlWjlIRkZXaE8ybWpaUzVPdTE3ZVozVHBxcFFNUHVPYnFXcXJoTTF2NWN2Ymh1TmRESE1ndgpVVFVnQ0RNK2FkS3dIc0dNNGw5ZGtOQTgxdGlJcXpzN1BqcjFSbTAyVW5RdGd5bzNjeE9FdWxiT2dTSGx0aFMyCmtUMXE2UmhyemYvRGRJSEhta1RROGtwWVloWGc0VmpMQVdpSVBub2dydmxFSVYwRGFDdkQyNmJGRENtWTFzb0UKbDV1NGtYanJScDRXK29NUVRHeG80NzFMQnNBMlh1Si82ZFJBQkxXOHh1cEU4OERiaWtZbnU1V1BpSnpleHhRUgoyNU1FQVd6TCtKK0lubFExbmpMVWwyN3R0c1VQQ1VjL3c0NXpwcEREdjBmdTQ2enVLcTNjRVZGK2JESytBZ2VPCkQ2SXNzUjVRRTdFNVdkWjYrNWl6ZHB4eWdUeGh0L1k1RlBkSEdCOUJsMWt6NHhsdGFzOW9uZmtIMWRUeTd3MU0Kck43Z1l5WjgvS0pMWW9EY2NBOVFuNGt6bGtPeFVUMENuS1Exa1Y2T3RoVGxUWDMrZ25pSkkrdFdZRDltNGV1cwpzYWN1anpyWDl5TTNZcEloMnZqODJ0NHpPNjIrNFFJREFRQUJBb0lDQUNPNnZpc1BIY3pzb1NjK2dkWkU1dGNNCnZkc240UDFIenVRd0VzRUcrVG1zanVWMVBZbExrbkE4OU1DQmdDejEyOFpMcU51ZlUwSDkxK1Uzbjd2MGJ1bVAKd3BpR2R4UUNOMlpZaGZ2RWE5YW1qMTNZYjBJbks3b0FKbUdrT254NW91UFl6YlBRblBNRE9WK0VKa2JwTWRxZgptOHdmOWg2OXYzSk03bUZJS0UrOVVZR252UjhuMkhETTNwR3FONEhQS1A4MkE0RXlvQ2d2a1BTelRxc052bU5ICnBOY0RURW5rNlNsWUhUVDNOSzJjVnBldUhMUzUrazlqNWI5elhUSlE5TkpVZlN6bnEvUmFpMUZVNDY1K0xpUjEKMGVPWDdnajFWUExOcGgwcWtQQy9ubW0vZStVMmZXUGZZb2FDcWkrQ0VwU2twQXlQZ1FZZTJsSG0rYVU4MzZ2UQpuaHZuL0p5ZHJDL1NyTUFZaXpOZFYyZjlHTkNwcE1SbUZyOS9saVJiNEFpSzRLSDRETGdSRUxHaDJLNzJuOFRLCkxUSVhIV3RacisyMWU4c0Mxbm5MSENnK21wMHBvSWJsbEtoYk9VTmVxR09yWm95NFBXdDZMQndFYzN0MG1wVEMKODhiSUpqMzFCQngzTGE1SUE5b0FNRi9lbHJYdFhhVnl4bm5yTHdjYzFNVWpCV20rZDVqbC9WOEdIcEJRd3pXYwpPNWdNSXlQNUIvdzBacUcyZjV1akZkOHo4dElmcEFRRTJSbDNxRUFYNU1NY1JQaFlTNDJqTWl4czc3TmtOVldQCkpqUVoxVDVXQTVKOUxEL2FKRkplQ2MvbjhpNldOQ3FzdEQ5OVNPTCsrTTBFQTlka2lLNWtOcXFZeXZuRG9SZVcKSW84eXhvVnpObURsWjBkSU9UUzlBb0lCQVFEb2tvMWxPS05FNlBWWmRRU3lmS0JOTEZNcEl1V1VVZmp0ODU4awpJTTB0TnNyS0d2N3NmYkt0dlMvOWgwMGluU2FyWTJ4amVETG91WEI5VzdKY1B1NjRoNHYwek1lbXRhdDRyTUJnClA5bkQ3MW00dERqS2ZrZDAza2tUbk4ySTBxYkwzeFVoTjNEQlJZTU9veDFMa2M4MFFFMHhSUEM1YmRJaXcwemEKTWdtK1dOZVY1VEZoSkpQZ2dVRVo5U1A2aWV1VEY0OW9wRGNWdGUwQ0I0WnFUaTRWb3YvZFVDWGpNK0djRnNWdgpPWTZYTE9KTmRldHdnUVNkd1hlSzB1WlBpWnVKTGlsTEg4OFVKYWNoQThDZW1SclMxRUtxWElwK2dkQWV4MnhVCmY5amRMMGF2SlJEY0xqWlhETXBvWlJpc0JoWVArZzY3VHZza3FscDh4M2p2STlWVkFvSUJBUURkajZrdWNLM0MKYXprMzlqYllvM3RFZ0R5L2VGNnBjWFlpK21Ba1ZNRk9vSWJ5cmNyN3BqSnRMNFMyMEFDRmpBUGFQT042dWVVWQpQQm92dC9QODB1V1c5cGZCK29mRmdadzRqc3hLWFY4eEJmOVdLWVZndFBsOHhIL1RJcERTMjhVTlowNDlhUW4vCjlCRzNac0lyenk3RzFLRTZPLzBMMnVmMnFyaUxxRFQyV3dsdFVsbWs2Ym5NeThkR0sra1JLcFhvSm1RTlNHRHoKOXd4blU2ZmZ1NDdDLzRYMHRIVk1MVFVneFh4djdqN3BpSzI4dzBuZ1N5S3ozV0IzWTJwaFVsZEJIdEprQko1RQpoRm8zMXJCVDU5enhkb2crYXh1bkh4S3EySGFHRkt0ZUZ6RGpkTTFpQzE3bWNtWXBzR2tuenA0cjRjZm5FYTFSCko4Wmo5ZVFQaEVOZEFvSUJBUUN3d2hsbXNkb2MySFVJVFZDSm13QjJSdGJaYitWT2lkS0lmdDBYcHpwcFA3aDIKVEhndEl3ZDIxayt2LzNJWGVaclhMWlJHTVNkNEN1QTgxa0ZEckt6Z1lGeDFiR0hkQ1R2T1ZuVkxjWnUvTjUxWQpMTmp3eFhMbmxyMnhnMG8zMytuWERyQlBjNFJsejcvZ2t3WUQxa2pGckkwK2dlZjI5a2w4RkRUSHJMb05DaGFuCm5PNmZweDRneGZ2Rmo3T05pZDhhQnhEK2RiaEw3dDIzNmlJMWp6K2xRQ0g0Z1I2YWhHYldxOVBZU2NWZWprVmMKbTkrWnZPVFdSU0RteUkwMExDQ2k3UXVEUmlTcmFrYVFaL3F3VHlxOHk0ZnpWS3dKby8yYU52VFZiK2xSaWNuTgorWHpMNnU5dno0L1NNZXZEYWtqQVVjdDZmbmVQa1UxK2dsZ2VZSHlWQW9JQkFRRFJtYW0wVEZhbFdXaHMvNWtOClEwTkhINFhZb1JmMGRta0xXQStCNzBoY2lOS0JYRlp0ME9GZGw1bVdsSm9adk1hY1BBUDd3MGJ1c1ZVWWxZN1YKTy9LRTZVM1I3WjlxQWw1Mnh1aU81Vnc3ZFhBRDVBM1EyZ1EzdTNFdG5VS2lwOVA0QlNYb1JLbDRJVDV0WVdJSgpyZHVUciszQ3VLT0FCcHh4Snpxa3JBRkdtZ01HRCtUTWRXd1hTU1NBeHVPYklNMW1MSU4wYVdlSEJNMFFKdnptClZIb1BFVXA1b0FwamdWVUVacTk4K0VjK0NOWkxmL2d3bndQNllsQnpRWEtQRlNXRWJwTWNtWjNjTmRWZmc5T1YKM1FDUTBkQzhNL21hRlhSRWVibE95TmtCanpEcHpVTExJUFNyVDhoRVlpWm95VGVyVGRJZVVBUEZoYnBTTUhtTApFRlhsQW9JQkFRQ0VUdVJQRHZvMC9tdDhyTzhLNENsamtuU0gxZ1FBSjFha3U3UXg3NUJUTDB6OWRNY2lMK1JLCng1R1lFTW1wcUtNb2FPbWc0WFVRMVRlQ2Vic1R0NjMyWXp6cmNCU0d1RzVnN1o0UUVublUzRXU5QklIMUVSL2gKSEk0NWowU0xNRUpObkNiTkpnRVNRRUFCbzN3cHhrRTdiRGlNdTVPOXVqMlFRVTlTTm94QkFmbVFXRDJJaU1BRQpWYzV3QTNZajBMdElSYkJmdzNBTE9uNlRSc2xucy9JMnd2Z1RCQW9sU3NZbEtEK0NRY3hDZldlNmZwU21aYmlCClBGUE9DY1ZQTXhGeXBhZWFJMkRXNWRPNFNoNGQ0ZlZma2F3ck9LN1N2QnFZb0Y5L2VndThzQS9ZdklaRVltQUQKd0ZIOGs1QjJ4WXdiNkVmNmFFQ29ZTitsNWtlWmhNWTgKLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
</cert>
<cert uuid="cad18e13-92c5-48b6-9b44-ad2e5dcc799e">
<refid>6734d6c82dc59</refid>
<descr>Web GUI TLS certificate</descr>
<caref/>
<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVZkNETXpFclQ4dlVoenJaTVJta3JiT3dnSUdNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5ERXhNVE14TmpReE5EVmFGdzB5TlRFeU1UVXhOalF4TkRWYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURMc0xEbjRta1R4RXJYdHdqTXoxencyeHJhNTZ5bTYrYzlRNEM3UjMyMzVuWjVPM1ovCnczL2tNV2Y5L25GbGpnMkFXWERJSmNXZjk0NFJFblFMdmlha2NNTHR1Qm1KTVRYZnVQWnhsSWE4Wlc0S0ZuT20KVFM0WXFCVzhHQkpJd0xtQ2kxb2RoWXhmUEQ2TFdEZnZYMm1tWEIrUFNxL0l4WEhOSjdxZVB4YzVuSzUyMW1uNQpuQ0FtZFBDY2JmdmdXdUM2TnhWbXpkeXpta1QvNnVqRUJFYTZ6RkQyUUtDN1N6a2ptZUNpd2VDQjc5NjZqeEV5ClFrVlFqYlQ5MFlyeENvdE8rbTJIQU5QZHNjT3FvNldXMEhmSlNpa2k4K2NDWHlzbGRFSzFZbmxueTNFWlVqTEwKVmplRS9XQVU0Q1BZUmhYVFVGVTIxZFV2azNvYUVpeldVdmhKc1FHYnh2aFRUQlN3aVliOUQ3Ymx1MWl4UzJxNwo3Mzk5VWdRN3FTNUFhOElHbXA4NUNoUUlBWUVjSTd6RGVWTGtrOGpkWkFCaTdGbDl0M05OQTU3WlVZVzErWE45CitUZ3ljMTlTbGoxVW1RdkRvekxCQzk5TVJpLzREQTIxRFpIODY3ekFYenFqZWUrckorQkZvNzVEQjlqd2tMTmUKUGVpemxRenRIWmpSU0tnaWdSNU9KSmtSVHIvNjduaTBtbzVITGNkU3hBSDFmdXdXS0hWS2RHQlQrNjhhYkUrZwprUSsrVDhMenVhK1FtakxOUVFqMVJCSFYzSzVQL3dvbXJKZG02d1ZLbm85RXlNait4azFwS05wb0F4UnR1WllmCkNEVVVQWjR1cEJtbzBLN3dGNHdtV3VXYSttVndlb1ZTcDRXMEhOWVJGU1pyWWxrc1AzdWViSHcva1FJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRktidDd0QkRKN1daV1lMblQ5cEhTMklPdTg1TU1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVWZDRE0KekVyVDh2VWh6clpNUm1rcmJPd2dJR013SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQWNQbmllQ29FSmRjV25CVHdqRmE3bjZqTFMrZ1pUYUk2ZjAzWktQMFYKQ0pSaDUxWTNwb2dpcnJYcVNHQ1VGTVNHbGpsQ21mU2VhdW9GWFYwanZLejhnMGZ1NU9kYlhjd2FrZFBZSXgydQpVT0dMbllTaEdCNlpoMmhpWWdSVGFpemJoTVliQitzQkV4QU1CdHZRZElSZ3dBWkRNWE9jY0MwZnJaMFhRRlRFCnQ3by82VGYvZEprdnB0cmRYWW1INnFUWlA2MGxyTnlabVloTjc1NEluOFZLRVVSRWNZamg1ejlJanA1NTE1cU0Kb0VrSGNKbTBDNkh2VStETG1ybFpFYkV4bnVOMFQzWTBNZ0hiVFVhU2Y1L2FKVmlIM0dOMnMzbG1ZM0VXTS9Vcwo3azFyc2JTa2orZzJvQXlTcjU0Nlc4RkdaMjliZFlOYk1EaTQ4aXVRQWlzRlQrTGZXN3Y3RVl3WGJ3NUhSVkpNCjV2MlhnenJwN2Yxa08zckEzeXUyS1VSSktHdjJ1ZXhNSythb1VOZXhRT3ludmZGUTBCemRHQ1dlcmVvZTZ3bDMKbHc4Z2dCWDI1VGIxbzR3d1UzNXdtUUIrMC9rbjB0SXoveVBhY2JzbDAwZ0dJNFhTbWpRQmF0MUZYRHFEME1JMgp4S0RqMXZ2dkNTVnRKc09ESG95eDhLc3ptbno5UVFoV0ZNeC9LTXp1clh0OWtsWFRJc0t3d2NXMytZQWtQMzNaClgvOGJnZS8zK2RibTdNN3BndmFBNVFlU3VTbkwzNjdLT1g1NlNZNGFZWHhkc1haVDc0ZGxVRU1jbG9NU0NIOG4KR25QWlpyWTNHdnZaU2ovQWdqT2lDNHNBL2JSSmh4cCtUQndlRFByR0pFUEJFVW9sZEZHVXdraFJXMVVuRlc2YwpyTGM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
<csr/>
<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRRExzTERuNG1rVHhFclgKdHdqTXoxencyeHJhNTZ5bTYrYzlRNEM3UjMyMzVuWjVPM1ovdzMva01XZjkvbkZsamcyQVdYRElKY1dmOTQ0UgpFblFMdmlha2NNTHR1Qm1KTVRYZnVQWnhsSWE4Wlc0S0ZuT21UUzRZcUJXOEdCSkl3TG1DaTFvZGhZeGZQRDZMCldEZnZYMm1tWEIrUFNxL0l4WEhOSjdxZVB4YzVuSzUyMW1uNW5DQW1kUENjYmZ2Z1d1QzZOeFZtemR5em1rVC8KNnVqRUJFYTZ6RkQyUUtDN1N6a2ptZUNpd2VDQjc5NjZqeEV5UWtWUWpiVDkwWXJ4Q290TyttMkhBTlBkc2NPcQpvNldXMEhmSlNpa2k4K2NDWHlzbGRFSzFZbmxueTNFWlVqTExWamVFL1dBVTRDUFlSaFhUVUZVMjFkVXZrM29hCkVpeldVdmhKc1FHYnh2aFRUQlN3aVliOUQ3Ymx1MWl4UzJxNzczOTlVZ1E3cVM1QWE4SUdtcDg1Q2hRSUFZRWMKSTd6RGVWTGtrOGpkWkFCaTdGbDl0M05OQTU3WlVZVzErWE45K1RneWMxOVNsajFVbVF2RG96TEJDOTlNUmkvNApEQTIxRFpIODY3ekFYenFqZWUrckorQkZvNzVEQjlqd2tMTmVQZWl6bFF6dEhaalJTS2dpZ1I1T0pKa1JUci82CjduaTBtbzVITGNkU3hBSDFmdXdXS0hWS2RHQlQrNjhhYkUrZ2tRKytUOEx6dWErUW1qTE5RUWoxUkJIVjNLNVAKL3dvbXJKZG02d1ZLbm85RXlNait4azFwS05wb0F4UnR1WllmQ0RVVVBaNHVwQm1vMEs3d0Y0d21XdVdhK21Wdwplb1ZTcDRXMEhOWVJGU1pyWWxrc1AzdWViSHcva1FJREFRQUJBb0lDQUFzc3hPL2IzSTd3a0hpWU9wdmQ3b2ZxClJXVm9HM0ZHOVBkSCtrcU1DQW9zVXlpZ2lnWkZhQUZSY3BhZFBJUnBVRFZQOHQrUUx2RHhTSEtJVkNTR3lLRHgKN01mVTkxV3ZCUGtpc1NhWEV2TklEMHJ2WTJYbXl4WWdOcDBNcHdnbHhxZXlWSDNWSTFmZ09zQXpWVkpGSmtzeAp0NnVKV2U2R1lwRnlVZ3MzZytNdHhPYVJLZHcvWkFZb0dVRkR5WE5NR1JNdVRYYkg2WWxTOStFZ2RxZTJZbGtDCk41amkvODUydUlwSytXZUVnbmd1ZkVZNDdpVVhQSzFJTVB0UjRURUxOb3hkTWVBYnZBUG9La2QwMWZOWnVaQ3EKQ0dxNS9kMEQ4cDZKNjlUK3M1RnR1R1UrdkxtcUg3NmtsZjVmTTZnOFpCc2xSNStNQ0xlay9DaHRBZGU2VXBQRApXQ2EwazU3dmdneUdQdGVlVXY2RVJBMEp6SjlJd2VHZGdVWHhNdW5LK3ZSNWYydWJKWFJoMVJpNTNFSTNvVUxYClFvWm9hOTY3VzNUajQ3UzR2RlQyK2dLb0g2OXlNckdVNVkwcjJrSTFXMVVhWEJ1aVVrMi94amdyWVdTblUzUUQKZkM3ZXllTlNlN3c4UW9MMVBEYXJwVXdaK2xGZ0w3NFVScldLQU12WVhxa3NTMHVtb0tTSWo4cjZMM0hVSUVaUgpZRzhBTU91dFhrQk5lMkNpTXRKM2NYUXNIOWloQU9QL3AvaE9BTTBGNkM3Ymt1Vm85d1pRdDVESWxRWUl4TlArClFRZ2doRnhBNTlTWmpwRk00QkN5L0hEOENJY3VuSURZOVNlbXNSYXdyUVY1eGk1akFScVdOYTdBSVMvVlArdUUKQkpmS0dDNFlZVmxqS1VLeEgxVUJBb0lCQVFEcnZOWXNrd3ZhQ2Z6MlcvbkIrRjNjVE1RbjM2RENSYnZwQ0s1dApldm96TjJGbjBJdWFnN2RrYzN2NTFxTVNEd0h1cVNkVTRHUHZMcm83alpJaFNEZ1AwLzBLWmc0VmxtZE5HbEovCk1lcXhmOGRkOFdTQjZiUksrK2FRcEhaeDd2SUFTWkE4eHkvZ3F2NGJpSmlqVDhUQ2lSeXdYSTQ0ZlRYM0xLZTIKVG1Uc29XNk9yQmErSWJRYjBpTEh4WE4rZ3JDM0cxWWxIUlNvTEpKUkU0eFVLMGsvM1JLNU16RjRIYUNZb1BWOQpDOFpQellMR253SE9ERU8zbHRtSGJvQUNFa0VrT2dFV3U4RFo2YlYrMXJBcVh6WnN0L3hNZnJ5KzlMRVdYQUwvCkRnOEdkall0YzdyUTFZd1BIY1h6cFo2clVIdXh2K0p6VEE1ZzNCS1p6aWhwNFdHaEFvSUJBUURkTXE3N0dRWGMKYW5hYlMxanlFT3VzNFp5ZlJ4cW10NEVFaHZjY0dRVVVrV0IrWk11bnpyaENxb3ZwQ1dhVU9zWVhuNG45Y3BQSAo3bm1mOUJHbFI4NVhCVHNLM2d4bE5NMUhjSGFTNXZSem9WQVBNd3o2VVV0ZFNLWXRLR0Q3Wkxmbm9ISXN1SlEzCnJ6WWIyTFhpVmx6MWlNNUVmT0VrL1J5UjBwMGtleXVwa0F0OXBRV0hzaURYb0pibDE2d1ZLc2NDNGUzNjdRRWsKcFdoeXcyS3A4bXdtOGxqQllxZWtHdUREeGVZSDMzMVlGa2FMUEJCT2xPQnlveFlOUDdBVVREUlV3KzB1T01jNwozb0N1VE9jWnAxVWMwQURBOXRTRVRINklWdlFEUXZlYzR6MWRTVGRmUEkxRzVUTCt4Mzlvam5OcGVoYng0bEwvCmRxTTBmcFlPL2ZmeEFvSUJBRmwzOU8wNzdjNlY1ZHoyY1djTnhVbThGT0p4UEVrZlFEOGtYVmNOeW5HdnZoY3gKamhwWmpUdmhuSmJvd0VFMVV1MXFZNVFTQ2J1WVIzUWN1ZTVKdzRVMlZwNGd0NDIzNUlMZHo1dVlyVk1xaE5jQgpxN3ltbnhlcVhRcGVjTm15NzBQdXA0QjV0SkVYTkpQc2xzbThsNWVoaERMbkhjOFFybStlRWhUZDBlNEJJcjJoClVJeGVyRVcyemg1MXNPeTkyeVhUaVRGU3hTbENxVkYrRXM5TEVtVGJtYVNTYWw4RkY1TjEyMVhYSnkvWWRwNjkKY0dqc1BMTXIzR2xMSmVnalYzZlJUK0o1NWFxT3lhUlhCTXRBRVo3WGdUampETzJJWHNGMnNHaHV4SU1XVUYrVgp3YnhLbi9xSXVUMU1pVmpKbGZpVE0vWEFVdUN1QlowOEloaDFRcUVDZ2dFQUZwdzJySzRMSGxPM21mb2l0bU9xClkzcVFVdXVtdXNIcEt6aE1qQSsycURxUC9YdDZJY1lNcWF2YkwwL3ByMTh1bm4yTlVsM2k0ejNxS3NKOUIwTUcKd1hoa1o2RDQ3V052VkUwWG9iNS80RTN0N0EvUTFNbDRoYW1HYXZsRXFJM01DcDRvN1k5VWZ6aW10RVA3bTQ0dQpaRjYranR1ZysvSHZlS3hwcWEvNWI1U3N5QVFWUTZDZW9Ndm1nTW9CNmd2OFdid1VZbURWakJSb1Q4clBEQVllCnJnQjV1QkxJaGdyRlROMnV2TUZJZzdlTE1ISk1UR3dGWVZKd1Q1eGgrRUV0M0RoR3gwSEFnOHNqcGkxd05md1gKeENFeTRvYVloSWw1S2FDUndyK1dwZS9JZHYrajdGVTVMN1QvK0hFV0FlOEZ0eE5td3dUYWJRaUllRFkwU29ZRgpVUUtDQVFFQXRiclZqbTFsaDQ1REhIWnVsem4xNllIQzJrMUYwWG9FZFVSQ3o0QTFsMHBEK3ljL2srdmJ0Qmg0Cm1RRDV1a3FicHFFZy9GNUhDZmdOaHlieHNNdVV6NzFaU24zN2dwczNDWUdiUyt4RkhjZTJBakNTbUlYQWIxQjgKR0Z2WnV4UlB5QXU0YVBvT1J3RzM3NVBOM0VNNk83bzdxbjlYeExTZWRIMHExM2U0YkhYYm4rc2xOa1RIM2xmcwpLVnBOUUhVSUNDSW5vQ0llV1dwdnAwQnFoYjlKclRsbXd2c25zOHpZVDNiY3F5QXZHZGRnNUs3Y0MwRVJaem9ECnFJTkI3S05FVjQ1NmF0eDZVT3VYUlpKREMvaHNJUTZNaVBveUJacHRsK1ZIMEtQbEFIWGExb0FXZmNuL0U3MFYKK0RaeVBiMWxkQUdpb1hqditGd2h5VzZlWEVrQlBnPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
</cert>
<syslog/>
</opnsense>

994
opnsense-config/src/tests/data/config-vm-test_linted.xml Normal file
View File

@@ -0,0 +1,994 @@
<?xml version="1.0"?>
<opnsense>
<theme>opnsense</theme>
<sysctl>
<item>
<descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
<tunable>vfs.read_max</tunable>
<value>default</value>
</item>
<item>
<descr>Set the ephemeral port range to be lower.</descr>
<tunable>net.inet.ip.portrange.first</tunable>
<value>default</value>
</item>
<item>
<descr>Drop packets to closed TCP ports without returning a RST</descr>
<tunable>net.inet.tcp.blackhole</tunable>
<value>default</value>
</item>
<item>
<descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
<tunable>net.inet.udp.blackhole</tunable>
<value>default</value>
</item>
<item>
<descr>Randomize the ID field in IP packets</descr>
<tunable>net.inet.ip.random_id</tunable>
<value>default</value>
</item>
<item>
<descr>
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.
</descr>
<tunable>net.inet.ip.sourceroute</tunable>
<value>default</value>
</item>
<item>
<descr>
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.
</descr>
<tunable>net.inet.ip.accept_sourceroute</tunable>
<value>default</value>
</item>
<item>
<descr>
This option turns off the logging of redirect packets because there is no limit and this could fill
up your logs consuming your whole hard drive.
</descr>
<tunable>net.inet.icmp.log_redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
<tunable>net.inet.tcp.drop_synfin</tunable>
<value>default</value>
</item>
<item>
<descr>Enable sending IPv6 redirects</descr>
<tunable>net.inet6.ip6.redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
<tunable>net.inet6.ip6.use_tempaddr</tunable>
<value>default</value>
</item>
<item>
<descr>Prefer privacy addresses and use them over the normal addresses</descr>
<tunable>net.inet6.ip6.prefer_tempaddr</tunable>
<value>default</value>
</item>
<item>
<descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
<tunable>net.inet.tcp.syncookies</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
<tunable>net.inet.tcp.recvspace</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
<tunable>net.inet.tcp.sendspace</tunable>
<value>default</value>
</item>
<item>
<descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
<tunable>net.inet.tcp.delayed_ack</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum outgoing UDP datagram size</descr>
<tunable>net.inet.udp.maxdgram</tunable>
<value>default</value>
</item>
<item>
<descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
<tunable>net.link.bridge.pfil_onlyip</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
<tunable>net.link.bridge.pfil_local_phys</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
<tunable>net.link.bridge.pfil_member</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 1 to enable filtering on the bridge interface</descr>
<tunable>net.link.bridge.pfil_bridge</tunable>
<value>default</value>
</item>
<item>
<descr>Allow unprivileged access to tap(4) device nodes</descr>
<tunable>net.link.tap.user_open</tunable>
<value>default</value>
</item>
<item>
<descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
<tunable>kern.randompid</tunable>
<value>default</value>
</item>
<item>
<descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
<tunable>hw.syscons.kbd_reboot</tunable>
<value>default</value>
</item>
<item>
<descr>Enable TCP extended debugging</descr>
<tunable>net.inet.tcp.log_debug</tunable>
<value>default</value>
</item>
<item>
<descr>Set ICMP Limits</descr>
<tunable>net.inet.icmp.icmplim</tunable>
<value>default</value>
</item>
<item>
<descr>TCP Offload Engine</descr>
<tunable>net.inet.tcp.tso</tunable>
<value>default</value>
</item>
<item>
<descr>UDP Checksums</descr>
<tunable>net.inet.udp.checksum</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum socket buffer size</descr>
<tunable>kern.ipc.maxsockbuf</tunable>
<value>default</value>
</item>
<item>
<descr>Page Table Isolation (Meltdown mitigation, requires reboot.)</descr>
<tunable>vm.pmap.pti</tunable>
<value>default</value>
</item>
<item>
<descr>Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)</descr>
<tunable>hw.ibrs_disable</tunable>
<value>default</value>
</item>
<item>
<descr>Hide processes running as other groups</descr>
<tunable>security.bsd.see_other_gids</tunable>
<value>default</value>
</item>
<item>
<descr>Hide processes running as other users</descr>
<tunable>security.bsd.see_other_uids</tunable>
<value>default</value>
</item>
<item>
<descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
and for the sender directly reachable, route and next hop is known.
</descr>
<tunable>net.inet.ip.redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum outgoing UDP datagram size</descr>
<tunable>net.local.dgram.maxdgram</tunable>
<value>default</value>
</item>
</sysctl>
<system>
<optimization>normal</optimization>
<hostname>OPNsense</hostname>
<domain>localdomain</domain>
<dnsallowoverride>1</dnsallowoverride>
<group>
<name>admins</name>
<description>System Administrators</description>
<scope>system</scope>
<gid>1999</gid>
<member>0</member>
<priv>page-all</priv>
</group>
<user>
<name>root</name>
<descr>System Administrator</descr>
<scope>system</scope>
<groupname>admins</groupname>
<password>$2y$10$YRVoF4SgskIsrXOvOQjGieB9XqHPRra9R7d80B3BZdbY/j21TwBfS</password>
<uid>0</uid>
</user>
<nextuid>2000</nextuid>
<nextgid>2000</nextgid>
<timezone>Etc/UTC</timezone>
<timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
<webgui>
<protocol>https</protocol>
<ssl-certref>6734d6c82dc59</ssl-certref>
<port/>
<ssl-ciphers/>
<interfaces/>
<compression/>
</webgui>
<disablenatreflection>yes</disablenatreflection>
<usevirtualterminal>1</usevirtualterminal>
<disableconsolemenu>1</disableconsolemenu>
<disablevlanhwfilter>1</disablevlanhwfilter>
<disablechecksumoffloading>1</disablechecksumoffloading>
<disablesegmentationoffloading>1</disablesegmentationoffloading>
<disablelargereceiveoffloading>1</disablelargereceiveoffloading>
<ipv6allow>1</ipv6allow>
<powerd_ac_mode>hadp</powerd_ac_mode>
<powerd_battery_mode>hadp</powerd_battery_mode>
<powerd_normal_mode>hadp</powerd_normal_mode>
<bogons>
<interval>monthly</interval>
</bogons>
<pf_share_forward>1</pf_share_forward>
<lb_use_sticky>1</lb_use_sticky>
<ssh>
<group>admins</group>
<noauto>1</noauto>
<interfaces/>
<kex/>
<ciphers/>
<macs/>
<keys/>
<keysig/>
<enabled>enabled</enabled>
<passwordauth>1</passwordauth>
<permitrootlogin>1</permitrootlogin>
</ssh>
<rrdbackup>-1</rrdbackup>
<netflowbackup>-1</netflowbackup>
<firmware version="1.0.1">
<mirror/>
<flavour/>
<plugins/>
<type/>
<subscription/>
<reboot/>
</firmware>
<dnsserver>192.168.5.1</dnsserver>
<language>en_US</language>
<serialspeed>115200</serialspeed>
<primaryconsole>video</primaryconsole>
<secondaryconsole>serial</secondaryconsole>
</system>
<interfaces>
<lan>
<enable>1</enable>
<if>le1</if>
<ipaddr>10.100.8.1</ipaddr>
<subnet>24</subnet>
<ipaddrv6>track6</ipaddrv6>
<subnetv6>64</subnetv6>
<media/>
<mediaopt/>
<track6-interface>wan</track6-interface>
<track6-prefix-id>0</track6-prefix-id>
</lan>
<lo0>
<internal_dynamic>1</internal_dynamic>
<descr>Loopback</descr>
<enable>1</enable>
<if>lo0</if>
<ipaddr>127.0.0.1</ipaddr>
<ipaddrv6>::1</ipaddrv6>
<subnet>8</subnet>
<subnetv6>128</subnetv6>
<type>none</type>
<virtual>1</virtual>
</lo0>
<wan>
<if>le0</if>
<descr/>
<enable>1</enable>
<spoofmac/>
<ipaddr>dhcp</ipaddr>
<dhcphostname/>
<alias-address/>
<alias-subnet>32</alias-subnet>
<dhcprejectfrom/>
<adv_dhcp_pt_timeout/>
<adv_dhcp_pt_retry/>
<adv_dhcp_pt_select_timeout/>
<adv_dhcp_pt_reboot/>
<adv_dhcp_pt_backoff_cutoff/>
<adv_dhcp_pt_initial_interval/>
<adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
<adv_dhcp_send_options/>
<adv_dhcp_request_options/>
<adv_dhcp_required_options/>
<adv_dhcp_option_modifiers/>
<adv_dhcp_config_advanced/>
<adv_dhcp_config_file_override/>
<adv_dhcp_config_file_override_path/>
</wan>
</interfaces>
<dhcpd>
<lan>
<enable/>
<range>
<from>10.100.8.10</from>
<to>10.100.8.245</to>
</range>
<staticmap>
<mac>d8:5e:d3:e7:2c:8c</mac>
<ipaddr>10.100.8.15</ipaddr>
<hostname>rtx4090</hostname>
<winsserver/>
<dnsserver/>
<ntpserver/>
</staticmap>
</lan>
</dhcpd>
<snmpd>
<syslocation/>
<syscontact/>
<rocommunity>public</rocommunity>
</snmpd>
<nat>
<outbound>
<mode>automatic</mode>
</outbound>
</nat>
<filter>
<rule uuid="f79eded0-3c11-4f57-9aaa-55d4888589fa">
<type>pass</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<direction>in</direction>
<quick>1</quick>
<protocol>tcp</protocol>
<source>
<any>1</any>
</source>
<destination>
<network>wanip</network>
<port>80</port>
</destination>
<updated>
<username>root@192.168.5.204</username>
<time>1731518072.7612</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@192.168.5.204</username>
<time>1731518072.7612</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="4a5e7b65-0d7f-4452-8a29-2ec61a47ec19">
<type>pass</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<direction>in</direction>
<quick>1</quick>
<protocol>tcp</protocol>
<source>
<any>1</any>
</source>
<destination>
<network>wanip</network>
<port>443</port>
</destination>
<updated>
<username>root@192.168.5.204</username>
<time>1731518084.0639</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@192.168.5.204</username>
<time>1731518084.0639</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="0465308d-8605-466c-bcb4-95eeb989251a">
<type>pass</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<direction>in</direction>
<quick>1</quick>
<protocol>tcp/udp</protocol>
<source>
<any>1</any>
</source>
<destination>
<any>1</any>
<port>22</port>
</destination>
<updated>
<username>root@192.168.5.204</username>
<time>1731518114.2801</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@192.168.5.204</username>
<time>1731518114.2801</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="2df05591-13e7-4d91-a1b8-d25e338ada5f">
<type>pass</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<descr>Allow ping</descr>
<direction>in</direction>
<quick>1</quick>
<protocol>icmp</protocol>
<source>
<any>1</any>
</source>
<destination>
<network>(self)</network>
</destination>
<updated>
<username>root@192.168.5.204</username>
<time>1731518356.7559</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@192.168.5.204</username>
<time>1731518311.7033</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule uuid="f2ee612c-c290-4445-8045-df82a86db0e5">
<type>pass</type>
<ipprotocol>inet</ipprotocol>
<descr>Default allow LAN to any rule</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
<rule uuid="b21f808a-6a4a-4cd6-9a83-1660cc8ea58b">
<type>pass</type>
<ipprotocol>inet6</ipprotocol>
<descr>Default allow LAN IPv6 to any rule</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
</filter>
<rrd>
<enable/>
</rrd>
<ntpd>
<prefer>0.opnsense.pool.ntp.org</prefer>
</ntpd>
<widgets>
<sequence>system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show</sequence>
<column_count>2</column_count>
</widgets>
<revision>
<username>root@192.168.5.204</username>
<time>1731534516.7156</time>
<description>/interfaces.php made changes</description>
</revision>
<OPNsense>
<DHCRelay version="1.0.1"/>
<wireguard>
<client version="1.0.0">
<clients/>
</client>
<general version="0.0.1">
<enabled>0</enabled>
</general>
<server version="1.0.0">
<servers/>
</server>
</wireguard>
<IPsec version="1.0.1">
<general>
<enabled/>
</general>
<keyPairs/>
<preSharedKeys/>
</IPsec>
<Swanctl version="1.0.0">
<Connections/>
<locals/>
<remotes/>
<children/>
<Pools/>
<VTIs/>
<SPDs/>
</Swanctl>
<OpenVPNExport version="0.0.1">
<servers/>
</OpenVPNExport>
<OpenVPN version="1.0.0">
<Overwrites/>
<Instances/>
<StaticKeys/>
</OpenVPN>
<captiveportal version="1.0.2">
<zones/>
<templates/>
</captiveportal>
<cron version="1.0.4">
<jobs/>
</cron>
<Firewall>
<Lvtemplate version="0.0.1">
<templates/>
</Lvtemplate>
<Alias version="1.0.1">
<geoip>
<url/>
</geoip>
<aliases/>
</Alias>
<Category version="1.0.0">
<categories/>
</Category>
<Filter version="1.0.4">
<rules/>
<snatrules/>
<npt/>
<onetoone/>
</Filter>
</Firewall>
<Netflow version="1.0.1">
<capture>
<interfaces/>
<egress_only/>
<version>v9</version>
<targets/>
</capture>
<collect>
<enable>0</enable>
</collect>
<activeTimeout>1800</activeTimeout>
<inactiveTimeout>15</inactiveTimeout>
</Netflow>
<IDS version="1.0.9">
<rules/>
<policies/>
<userDefinedRules/>
<files/>
<fileTags/>
<general>
<enabled>0</enabled>
<ips>0</ips>
<promisc>0</promisc>
<interfaces>wan</interfaces>
<homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
<defaultPacketSize/>
<UpdateCron/>
<AlertLogrotate>W0D23</AlertLogrotate>
<AlertSaveLogs>4</AlertSaveLogs>
<MPMAlgo/>
<detect>
<Profile/>
<toclient_groups/>
<toserver_groups/>
</detect>
<syslog>0</syslog>
<syslog_eve>0</syslog_eve>
<LogPayload>0</LogPayload>
<verbosity/>
</general>
</IDS>
<Interfaces>
<loopbacks version="1.0.0"/>
<neighbors version="1.0.0"/>
<vxlans version="1.0.2"/>
</Interfaces>
<Kea>
<ctrl_agent version="0.0.1">
<general>
<enabled>0</enabled>
<http_host>127.0.0.1</http_host>
<http_port>8000</http_port>
</general>
</ctrl_agent>
<dhcp4 version="1.0.0">
<general>
<enabled>0</enabled>
<interfaces/>
<valid_lifetime>4000</valid_lifetime>
<fwrules>1</fwrules>
</general>
<ha>
<enabled>0</enabled>
<this_server_name/>
</ha>
<subnets/>
<reservations/>
<ha_peers/>
</dhcp4>
</Kea>
<monit version="1.0.13">
<general>
<enabled>0</enabled>
<interval>120</interval>
<startdelay>120</startdelay>
<mailserver>127.0.0.1</mailserver>
<port>25</port>
<username/>
<password/>
<ssl>0</ssl>
<sslversion>auto</sslversion>
<sslverify>1</sslverify>
<logfile/>
<statefile/>
<eventqueuePath/>
<eventqueueSlots/>
<httpdEnabled>0</httpdEnabled>
<httpdUsername>root</httpdUsername>
<httpdPassword/>
<httpdPort>2812</httpdPort>
<httpdAllow/>
<mmonitUrl/>
<mmonitTimeout>5</mmonitTimeout>
<mmonitRegisterCredentials>1</mmonitRegisterCredentials>
</general>
<alert uuid="15f1e9ca-5dd5-4b20-b595-b6b4f82245d0">
<enabled>0</enabled>
<recipient>root@localhost.local</recipient>
<noton>0</noton>
<events/>
<format/>
<reminder/>
<description/>
</alert>
<service uuid="c1e99556-91f5-4dbf-81d7-7915a3213de9">
<enabled>1</enabled>
<name>$HOST</name>
<description/>
<type>system</type>
<pidfile/>
<match/>
<path/>
<timeout>300</timeout>
<starttimeout>30</starttimeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>91b4e409-211b-49d5-9fa3-dc9054106646,cbe9cb72-e8c2-4740-990c-abcc486b0654,c0708923-88de-4178-abdd-819737440ce0,e887125d-c5d2-45e6-b40d-2c400d5449d1</tests>
<depends/>
<polltime/>
</service>
<service uuid="7513f341-7d21-4f11-903f-30d07b3aa41e">
<enabled>1</enabled>
<name>RootFs</name>
<description/>
<type>filesystem</type>
<pidfile/>
<match/>
<path>/</path>
<timeout>300</timeout>
<starttimeout>30</starttimeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>cc3684f2-701e-4de4-883d-803e08cf47b6</tests>
<depends/>
<polltime/>
</service>
<service uuid="f99ada79-ba1a-4ee1-81f1-ef570e8e5ea9">
<enabled>0</enabled>
<name>carp_status_change</name>
<description/>
<type>custom</type>
<pidfile/>
<match/>
<path>/usr/local/opnsense/scripts/OPNsense/Monit/carp_status</path>
<timeout>300</timeout>
<starttimeout>30</starttimeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>f2d734cb-2a0e-4375-9460-11bdd5b20503</tests>
<depends/>
<polltime/>
</service>
<service uuid="dca8a81f-d389-4baa-b477-8b348194fd25">
<enabled>0</enabled>
<name>gateway_alert</name>
<description/>
<type>custom</type>
<pidfile/>
<match/>
<path>/usr/local/opnsense/scripts/OPNsense/Monit/gateway_alert</path>
<timeout>300</timeout>
<starttimeout>30</starttimeout>
<address/>
<interface/>
<start/>
<stop/>
<tests>865105a2-cbea-4a01-9979-c67818da9d99</tests>
<depends/>
<polltime/>
</service>
<test uuid="ea6b821c-4f30-455b-bd5b-23a6f0c20554">
<name>Ping</name>
<type>NetworkPing</type>
<condition>failed ping</condition>
<action>alert</action>
<path/>
</test>
<test uuid="16186b38-0e13-4cc3-ad18-ccc3fcc91837">
<name>NetworkLink</name>
<type>NetworkInterface</type>
<condition>failed link</condition>
<action>alert</action>
<path/>
</test>
<test uuid="69117d4d-8c41-4712-97c0-87b4fa7c9837">
<name>NetworkSaturation</name>
<type>NetworkInterface</type>
<condition>saturation is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="91b4e409-211b-49d5-9fa3-dc9054106646">
<name>MemoryUsage</name>
<type>SystemResource</type>
<condition>memory usage is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="cbe9cb72-e8c2-4740-990c-abcc486b0654">
<name>CPUUsage</name>
<type>SystemResource</type>
<condition>cpu usage is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="c0708923-88de-4178-abdd-819737440ce0">
<name>LoadAvg1</name>
<type>SystemResource</type>
<condition>loadavg (1min) is greater than 4</condition>
<action>alert</action>
<path/>
</test>
<test uuid="e887125d-c5d2-45e6-b40d-2c400d5449d1">
<name>LoadAvg5</name>
<type>SystemResource</type>
<condition>loadavg (5min) is greater than 3</condition>
<action>alert</action>
<path/>
</test>
<test uuid="c34aab30-9194-4667-b516-004b9c90c1c0">
<name>LoadAvg15</name>
<type>SystemResource</type>
<condition>loadavg (15min) is greater than 2</condition>
<action>alert</action>
<path/>
</test>
<test uuid="cc3684f2-701e-4de4-883d-803e08cf47b6">
<name>SpaceUsage</name>
<type>SpaceUsage</type>
<condition>space usage is greater than 75%</condition>
<action>alert</action>
<path/>
</test>
<test uuid="f2d734cb-2a0e-4375-9460-11bdd5b20503">
<name>ChangedStatus</name>
<type>ProgramStatus</type>
<condition>changed status</condition>
<action>alert</action>
<path/>
</test>
<test uuid="865105a2-cbea-4a01-9979-c67818da9d99">
<name>NonZeroStatus</name>
<type>ProgramStatus</type>
<condition>status != 0</condition>
<action>alert</action>
<path/>
</test>
</monit>
<Gateways version="1.0.0">
<gateway_item uuid="a6ea102d-68bb-430f-af8b-269d52498fe1">
<disabled>0</disabled>
<name>WAN_GW</name>
<descr>Interface WAN Gateway</descr>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<gateway>172.17.0.1</gateway>
<defaultgw>1</defaultgw>
<fargw>0</fargw>
<monitor_disable>1</monitor_disable>
<monitor_noroute/>
<monitor/>
<force_down/>
<priority>255</priority>
<weight>1</weight>
<latencylow/>
<latencyhigh/>
<losslow/>
<losshigh/>
<interval/>
<time_period/>
<loss_interval/>
<data_length/>
</gateway_item>
</Gateways>
<Syslog version="1.0.2">
<general>
<enabled>1</enabled>
<loglocal>1</loglocal>
<maxpreserve>31</maxpreserve>
<maxfilesize/>
</general>
<destinations/>
</Syslog>
<TrafficShaper version="1.0.3">
<pipes/>
<queues/>
<rules/>
</TrafficShaper>
<unboundplus version="1.0.9">
<general>
<enabled>1</enabled>
<port>53</port>
<stats/>
<active_interface/>
<dns64/>
<dns64prefix/>
<noarecords/>
<regdhcp/>
<regdhcpdomain/>
<regdhcpstatic/>
<noreglladdr6/>
<noregrecords/>
<txtsupport/>
<cacheflush/>
<local_zone_type>transparent</local_zone_type>
<outgoing_interface/>
<enable_wpad/>
</general>
<advanced>
<hideidentity/>
<hideversion/>
<prefetch/>
<prefetchkey/>
<aggressivensec>1</aggressivensec>
<serveexpired/>
<serveexpiredreplyttl/>
<serveexpiredttl/>
<serveexpiredttlreset/>
<serveexpiredclienttimeout/>
<qnameminstrict/>
<extendedstatistics/>
<logqueries/>
<logreplies/>
<logtagqueryreply/>
<logservfail/>
<loglocalactions/>
<logverbosity>1</logverbosity>
<valloglevel>0</valloglevel>
<privatedomain/>
<privateaddress>0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10</privateaddress>
<insecuredomain/>
<msgcachesize/>
<rrsetcachesize/>
<outgoingnumtcp/>
<incomingnumtcp/>
<numqueriesperthread/>
<outgoingrange/>
<jostletimeout/>
<cachemaxttl/>
<cachemaxnegativettl/>
<cacheminttl/>
<infrahostttl/>
<infrakeepprobing/>
<infracachenumhosts/>
<unwantedreplythreshold/>
</advanced>
<acls>
<default_action>allow</default_action>
</acls>
<dnsbl>
<enabled>0</enabled>
<safesearch/>
<type/>
<lists/>
<whitelists/>
<blocklists/>
<wildcards/>
<address/>
<nxdomain/>
</dnsbl>
<forwarding>
<enabled/>
</forwarding>
<dots/>
<hosts/>
<aliases/>
<domains/>
</unboundplus>
</OPNsense>
<hasync version="1.0.0">
<disablepreempt>0</disablepreempt>
<disconnectppps>0</disconnectppps>
<pfsyncenabled>0</pfsyncenabled>
<pfsyncinterface>lan</pfsyncinterface>
<pfsyncpeerip/>
<pfsyncversion>1400</pfsyncversion>
<synchronizetoip/>
<username/>
<password/>
<syncitems/>
</hasync>
<openvpn/>
<ifgroups version="1.0.0"/>
<gifs version="1.0.0">
<gif/>
</gifs>
<gres version="1.0.0">
<gre/>
</gres>
<laggs version="1.0.0">
<lagg/>
</laggs>
<virtualip version="1.0.0">
<vip/>
</virtualip>
<vlans version="1.0.0">
<vlan/>
</vlans>
<staticroutes version="1.0.0">
<route/>
</staticroutes>
<bridges>
<bridged/>
</bridges>
<ppps>
<ppp/>
</ppps>
<wireless>
<clone/>
</wireless>
<ca/>
<dhcpdv6/>
<cert uuid="547102e9-23ba-48b8-8af8-64be61049e96">
<refid>6734d13fa9e4a</refid>
<descr>Web GUI TLS certificate</descr>
<caref/>
<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVSUhVRkpwc253VGtzYWRrZmRDNUp1SDhqWnZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5ERXhNVE14TmpFNE1EbGFGdzB5TlRFeU1UVXhOakU0TURsYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURKU1FlZ1RYckp5dDVWYmk0Rk9IeHJrOXhxQ21FRU54V2pINVVwNDBFK3hjUzZQU1NyCkNEclc3ZDlYcVJkOEpEZENtdGtLRGlMYWNaUzJMUm1abnd6VnRzZGtBR2pOYm5OM1hSNmlFajdGL0JnbVBlcDEKU2pJWnBTZzNkOS9YeHFPQTNZQllzTS9uUk9vWHlmTHcycFJOLzhHVjN3MHoxbVFZUitMZWI3UTFuc1c3dTJ5NworVHc5STZGU0J4bkdaR3RyUFl5NkVBb0NMdm1GQnFCYWxkWTQ2ejdlWjlIRkZXaE8ybWpaUzVPdTE3ZVozVHBxCnBRTVB1T2JxV3FyaE0xdjVjdmJodU5kREhNZ3ZVVFVnQ0RNK2FkS3dIc0dNNGw5ZGtOQTgxdGlJcXpzN1BqcjEKUm0wMlVuUXRneW8zY3hPRXVsYk9nU0hsdGhTMmtUMXE2UmhyemYvRGRJSEhta1RROGtwWVloWGc0VmpMQVdpSQpQbm9ncnZsRUlWMERhQ3ZEMjZiRkRDbVkxc29FbDV1NGtYanJScDRXK29NUVRHeG80NzFMQnNBMlh1Si82ZFJBCkJMVzh4dXBFODhEYmlrWW51NVdQaUp6ZXh4UVIyNU1FQVd6TCtKK0lubFExbmpMVWwyN3R0c1VQQ1VjL3c0NXoKcHBERHYwZnU0Nnp1S3EzY0VWRitiREsrQWdlT0Q2SXNzUjVRRTdFNVdkWjYrNWl6ZHB4eWdUeGh0L1k1RlBkSApHQjlCbDFrejR4bHRhczlvbmZrSDFkVHk3dzFNck43Z1l5WjgvS0pMWW9EY2NBOVFuNGt6bGtPeFVUMENuS1ExCmtWNk90aFRsVFgzK2duaUpJK3RXWUQ5bTRldXNzYWN1anpyWDl5TTNZcEloMnZqODJ0NHpPNjIrNFFJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRkJRZytucWI5QW9HSWtoTUxhNHFzWGRvY0JGcE1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVUlIVUYKSnBzbndUa3NhZGtmZEM1SnVIOGpadk13SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQUZqNlQ1MmRIUklVMHJuZDE0d2dob2tjUkdrK0hIQloyTGlDRHpUeUwKNHdCeTJ1ZXJXQWdvYUZzeUlNQzhwWTBhWlc4TFlSd1BtRVB0OXlUS09ZZzF0NWtOUnk2RkF5akszeis5TGZTQwoxRlFpb0pma3FHRnhoc1IxV1R5RjBGNmJmM2tZRDZ4OWw1dEdqMXF3SndrekZWZWcvZGNtUVhvRTBmUDRqSFFvCmgxWXdiZ3pTa084TzRLUVhuWXVRM3g0bWdoZnBvR0hQM2xINlcybDJlWHpqSzllRjJtUG1ZS0p1M3JpSnkvL3gKRzhQWXBYNlNTN3RoVnNNeHF3cGJHbURXQXRuSnNrSmVsNDI1WUdOYlZ4YTNPOHE3RWxLNGFoNXpmai8wRnVwTgo3SnlqMWQyZjZFck14WlFnUi9EdmlUVnhISytRY1lBRXBqU2ZmZzBrRStpS1BlN0VYTVk1VU1aZUFTK1ZteG1LCjBPOWxaQXNpWUlEMzkwVjNTaDZxYjhoL2xMZ0V2NCtSNUw1VEpFaldYc0dQSUpGaHJNSFJWR1lhV3JIYWx3eHYKNjE5NFlpSXBEaUlHSVVSWGN1U3dNcndIQzN0bms2QVo2OW5CczVXT1JYM0NxOVhRRnVrVlA5eUMxQnRuSmFwbQpubUMzK3NtTTErRjkxUXlkVXJtbUxPNUVwUmtTMitBcmRTSklUR1NRNWt4L3VLNjhzV0QzVVdNNVRibUxrcWdOCkt6djZjemVCbzJiVExDT0JKUWJ4STFCckRPTUFMSDlCdXdUamVXdUVtWE9TWE1lTDFsejdhL2JZKzJxa1BSOVAKTE5IekE2QXZlVmxucDNaeFdqMjZFK3dwYnU5cHBaY0QzRGVHRnRnZzVJbUJ2ZDNWbjJ6UVc4a1ZMT1ZBdllSawptdWc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
<csr/>
<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpSQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1M0d2dna3FBZ0VBQW9JQ0FRREpTUWVnVFhySnl0NVYKYmk0Rk9IeHJrOXhxQ21FRU54V2pINVVwNDBFK3hjUzZQU1NyQ0RyVzdkOVhxUmQ4SkRkQ210a0tEaUxhY1pTMgpMUm1abnd6VnRzZGtBR2pOYm5OM1hSNmlFajdGL0JnbVBlcDFTaklacFNnM2Q5L1h4cU9BM1lCWXNNL25ST29YCnlmTHcycFJOLzhHVjN3MHoxbVFZUitMZWI3UTFuc1c3dTJ5NytUdzlJNkZTQnhuR1pHdHJQWXk2RUFvQ0x2bUYKQnFCYWxkWTQ2ejdlWjlIRkZXaE8ybWpaUzVPdTE3ZVozVHBxcFFNUHVPYnFXcXJoTTF2NWN2Ymh1TmRESE1ndgpVVFVnQ0RNK2FkS3dIc0dNNGw5ZGtOQTgxdGlJcXpzN1BqcjFSbTAyVW5RdGd5bzNjeE9FdWxiT2dTSGx0aFMyCmtUMXE2UmhyemYvRGRJSEhta1RROGtwWVloWGc0VmpMQVdpSVBub2dydmxFSVYwRGFDdkQyNmJGRENtWTFzb0UKbDV1NGtYanJScDRXK29NUVRHeG80NzFMQnNBMlh1Si82ZFJBQkxXOHh1cEU4OERiaWtZbnU1V1BpSnpleHhRUgoyNU1FQVd6TCtKK0lubFExbmpMVWwyN3R0c1VQQ1VjL3c0NXpwcEREdjBmdTQ2enVLcTNjRVZGK2JESytBZ2VPCkQ2SXNzUjVRRTdFNVdkWjYrNWl6ZHB4eWdUeGh0L1k1RlBkSEdCOUJsMWt6NHhsdGFzOW9uZmtIMWRUeTd3MU0Kck43Z1l5WjgvS0pMWW9EY2NBOVFuNGt6bGtPeFVUMENuS1Exa1Y2T3RoVGxUWDMrZ25pSkkrdFdZRDltNGV1cwpzYWN1anpyWDl5TTNZcEloMnZqODJ0NHpPNjIrNFFJREFRQUJBb0lDQUNPNnZpc1BIY3pzb1NjK2dkWkU1dGNNCnZkc240UDFIenVRd0VzRUcrVG1zanVWMVBZbExrbkE4OU1DQmdDejEyOFpMcU51ZlUwSDkxK1Uzbjd2MGJ1bVAKd3BpR2R4UUNOMlpZaGZ2RWE5YW1qMTNZYjBJbks3b0FKbUdrT254NW91UFl6YlBRblBNRE9WK0VKa2JwTWRxZgptOHdmOWg2OXYzSk03bUZJS0UrOVVZR252UjhuMkhETTNwR3FONEhQS1A4MkE0RXlvQ2d2a1BTelRxc052bU5ICnBOY0RURW5rNlNsWUhUVDNOSzJjVnBldUhMUzUrazlqNWI5elhUSlE5TkpVZlN6bnEvUmFpMUZVNDY1K0xpUjEKMGVPWDdnajFWUExOcGgwcWtQQy9ubW0vZStVMmZXUGZZb2FDcWkrQ0VwU2twQXlQZ1FZZTJsSG0rYVU4MzZ2UQpuaHZuL0p5ZHJDL1NyTUFZaXpOZFYyZjlHTkNwcE1SbUZyOS9saVJiNEFpSzRLSDRETGdSRUxHaDJLNzJuOFRLCkxUSVhIV3RacisyMWU4c0Mxbm5MSENnK21wMHBvSWJsbEtoYk9VTmVxR09yWm95NFBXdDZMQndFYzN0MG1wVEMKODhiSUpqMzFCQngzTGE1SUE5b0FNRi9lbHJYdFhhVnl4bm5yTHdjYzFNVWpCV20rZDVqbC9WOEdIcEJRd3pXYwpPNWdNSXlQNUIvdzBacUcyZjV1akZkOHo4dElmcEFRRTJSbDNxRUFYNU1NY1JQaFlTNDJqTWl4czc3TmtOVldQCkpqUVoxVDVXQTVKOUxEL2FKRkplQ2MvbjhpNldOQ3FzdEQ5OVNPTCsrTTBFQTlka2lLNWtOcXFZeXZuRG9SZVcKSW84eXhvVnpObURsWjBkSU9UUzlBb0lCQVFEb2tvMWxPS05FNlBWWmRRU3lmS0JOTEZNcEl1V1VVZmp0ODU4awpJTTB0TnNyS0d2N3NmYkt0dlMvOWgwMGluU2FyWTJ4amVETG91WEI5VzdKY1B1NjRoNHYwek1lbXRhdDRyTUJnClA5bkQ3MW00dERqS2ZrZDAza2tUbk4ySTBxYkwzeFVoTjNEQlJZTU9veDFMa2M4MFFFMHhSUEM1YmRJaXcwemEKTWdtK1dOZVY1VEZoSkpQZ2dVRVo5U1A2aWV1VEY0OW9wRGNWdGUwQ0I0WnFUaTRWb3YvZFVDWGpNK0djRnNWdgpPWTZYTE9KTmRldHdnUVNkd1hlSzB1WlBpWnVKTGlsTEg4OFVKYWNoQThDZW1SclMxRUtxWElwK2dkQWV4MnhVCmY5amRMMGF2SlJEY0xqWlhETXBvWlJpc0JoWVArZzY3VHZza3FscDh4M2p2STlWVkFvSUJBUURkajZrdWNLM0MKYXprMzlqYllvM3RFZ0R5L2VGNnBjWFlpK21Ba1ZNRk9vSWJ5cmNyN3BqSnRMNFMyMEFDRmpBUGFQT042dWVVWQpQQm92dC9QODB1V1c5cGZCK29mRmdadzRqc3hLWFY4eEJmOVdLWVZndFBsOHhIL1RJcERTMjhVTlowNDlhUW4vCjlCRzNac0lyenk3RzFLRTZPLzBMMnVmMnFyaUxxRFQyV3dsdFVsbWs2Ym5NeThkR0sra1JLcFhvSm1RTlNHRHoKOXd4blU2ZmZ1NDdDLzRYMHRIVk1MVFVneFh4djdqN3BpSzI4dzBuZ1N5S3ozV0IzWTJwaFVsZEJIdEprQko1RQpoRm8zMXJCVDU5enhkb2crYXh1bkh4S3EySGFHRkt0ZUZ6RGpkTTFpQzE3bWNtWXBzR2tuenA0cjRjZm5FYTFSCko4Wmo5ZVFQaEVOZEFvSUJBUUN3d2hsbXNkb2MySFVJVFZDSm13QjJSdGJaYitWT2lkS0lmdDBYcHpwcFA3aDIKVEhndEl3ZDIxayt2LzNJWGVaclhMWlJHTVNkNEN1QTgxa0ZEckt6Z1lGeDFiR0hkQ1R2T1ZuVkxjWnUvTjUxWQpMTmp3eFhMbmxyMnhnMG8zMytuWERyQlBjNFJsejcvZ2t3WUQxa2pGckkwK2dlZjI5a2w4RkRUSHJMb05DaGFuCm5PNmZweDRneGZ2Rmo3T05pZDhhQnhEK2RiaEw3dDIzNmlJMWp6K2xRQ0g0Z1I2YWhHYldxOVBZU2NWZWprVmMKbTkrWnZPVFdSU0RteUkwMExDQ2k3UXVEUmlTcmFrYVFaL3F3VHlxOHk0ZnpWS3dKby8yYU52VFZiK2xSaWNuTgorWHpMNnU5dno0L1NNZXZEYWtqQVVjdDZmbmVQa1UxK2dsZ2VZSHlWQW9JQkFRRFJtYW0wVEZhbFdXaHMvNWtOClEwTkhINFhZb1JmMGRta0xXQStCNzBoY2lOS0JYRlp0ME9GZGw1bVdsSm9adk1hY1BBUDd3MGJ1c1ZVWWxZN1YKTy9LRTZVM1I3WjlxQWw1Mnh1aU81Vnc3ZFhBRDVBM1EyZ1EzdTNFdG5VS2lwOVA0QlNYb1JLbDRJVDV0WVdJSgpyZHVUciszQ3VLT0FCcHh4Snpxa3JBRkdtZ01HRCtUTWRXd1hTU1NBeHVPYklNMW1MSU4wYVdlSEJNMFFKdnptClZIb1BFVXA1b0FwamdWVUVacTk4K0VjK0NOWkxmL2d3bndQNllsQnpRWEtQRlNXRWJwTWNtWjNjTmRWZmc5T1YKM1FDUTBkQzhNL21hRlhSRWVibE95TmtCanpEcHpVTExJUFNyVDhoRVlpWm95VGVyVGRJZVVBUEZoYnBTTUhtTApFRlhsQW9JQkFRQ0VUdVJQRHZvMC9tdDhyTzhLNENsamtuU0gxZ1FBSjFha3U3UXg3NUJUTDB6OWRNY2lMK1JLCng1R1lFTW1wcUtNb2FPbWc0WFVRMVRlQ2Vic1R0NjMyWXp6cmNCU0d1RzVnN1o0UUVublUzRXU5QklIMUVSL2gKSEk0NWowU0xNRUpObkNiTkpnRVNRRUFCbzN3cHhrRTdiRGlNdTVPOXVqMlFRVTlTTm94QkFmbVFXRDJJaU1BRQpWYzV3QTNZajBMdElSYkJmdzNBTE9uNlRSc2xucy9JMnd2Z1RCQW9sU3NZbEtEK0NRY3hDZldlNmZwU21aYmlCClBGUE9DY1ZQTXhGeXBhZWFJMkRXNWRPNFNoNGQ0ZlZma2F3ck9LN1N2QnFZb0Y5L2VndThzQS9ZdklaRVltQUQKd0ZIOGs1QjJ4WXdiNkVmNmFFQ29ZTitsNWtlWmhNWTgKLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
</cert>
<cert uuid="cad18e13-92c5-48b6-9b44-ad2e5dcc799e">
<refid>6734d6c82dc59</refid>
<descr>Web GUI TLS certificate</descr>
<caref/>
<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVZkNETXpFclQ4dlVoenJaTVJta3JiT3dnSUdNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5ERXhNVE14TmpReE5EVmFGdzB5TlRFeU1UVXhOalF4TkRWYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURMc0xEbjRta1R4RXJYdHdqTXoxencyeHJhNTZ5bTYrYzlRNEM3UjMyMzVuWjVPM1ovCnczL2tNV2Y5L25GbGpnMkFXWERJSmNXZjk0NFJFblFMdmlha2NNTHR1Qm1KTVRYZnVQWnhsSWE4Wlc0S0ZuT20KVFM0WXFCVzhHQkpJd0xtQ2kxb2RoWXhmUEQ2TFdEZnZYMm1tWEIrUFNxL0l4WEhOSjdxZVB4YzVuSzUyMW1uNQpuQ0FtZFBDY2JmdmdXdUM2TnhWbXpkeXpta1QvNnVqRUJFYTZ6RkQyUUtDN1N6a2ptZUNpd2VDQjc5NjZqeEV5ClFrVlFqYlQ5MFlyeENvdE8rbTJIQU5QZHNjT3FvNldXMEhmSlNpa2k4K2NDWHlzbGRFSzFZbmxueTNFWlVqTEwKVmplRS9XQVU0Q1BZUmhYVFVGVTIxZFV2azNvYUVpeldVdmhKc1FHYnh2aFRUQlN3aVliOUQ3Ymx1MWl4UzJxNwo3Mzk5VWdRN3FTNUFhOElHbXA4NUNoUUlBWUVjSTd6RGVWTGtrOGpkWkFCaTdGbDl0M05OQTU3WlVZVzErWE45CitUZ3ljMTlTbGoxVW1RdkRvekxCQzk5TVJpLzREQTIxRFpIODY3ekFYenFqZWUrckorQkZvNzVEQjlqd2tMTmUKUGVpemxRenRIWmpSU0tnaWdSNU9KSmtSVHIvNjduaTBtbzVITGNkU3hBSDFmdXdXS0hWS2RHQlQrNjhhYkUrZwprUSsrVDhMenVhK1FtakxOUVFqMVJCSFYzSzVQL3dvbXJKZG02d1ZLbm85RXlNait4azFwS05wb0F4UnR1WllmCkNEVVVQWjR1cEJtbzBLN3dGNHdtV3VXYSttVndlb1ZTcDRXMEhOWVJGU1pyWWxrc1AzdWViSHcva1FJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRktidDd0QkRKN1daV1lMblQ5cEhTMklPdTg1TU1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVWZDRE0KekVyVDh2VWh6clpNUm1rcmJPd2dJR013SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQWNQbmllQ29FSmRjV25CVHdqRmE3bjZqTFMrZ1pUYUk2ZjAzWktQMFYKQ0pSaDUxWTNwb2dpcnJYcVNHQ1VGTVNHbGpsQ21mU2VhdW9GWFYwanZLejhnMGZ1NU9kYlhjd2FrZFBZSXgydQpVT0dMbllTaEdCNlpoMmhpWWdSVGFpemJoTVliQitzQkV4QU1CdHZRZElSZ3dBWkRNWE9jY0MwZnJaMFhRRlRFCnQ3by82VGYvZEprdnB0cmRYWW1INnFUWlA2MGxyTnlabVloTjc1NEluOFZLRVVSRWNZamg1ejlJanA1NTE1cU0Kb0VrSGNKbTBDNkh2VStETG1ybFpFYkV4bnVOMFQzWTBNZ0hiVFVhU2Y1L2FKVmlIM0dOMnMzbG1ZM0VXTS9Vcwo3azFyc2JTa2orZzJvQXlTcjU0Nlc4RkdaMjliZFlOYk1EaTQ4aXVRQWlzRlQrTGZXN3Y3RVl3WGJ3NUhSVkpNCjV2MlhnenJwN2Yxa08zckEzeXUyS1VSSktHdjJ1ZXhNSythb1VOZXhRT3ludmZGUTBCemRHQ1dlcmVvZTZ3bDMKbHc4Z2dCWDI1VGIxbzR3d1UzNXdtUUIrMC9rbjB0SXoveVBhY2JzbDAwZ0dJNFhTbWpRQmF0MUZYRHFEME1JMgp4S0RqMXZ2dkNTVnRKc09ESG95eDhLc3ptbno5UVFoV0ZNeC9LTXp1clh0OWtsWFRJc0t3d2NXMytZQWtQMzNaClgvOGJnZS8zK2RibTdNN3BndmFBNVFlU3VTbkwzNjdLT1g1NlNZNGFZWHhkc1haVDc0ZGxVRU1jbG9NU0NIOG4KR25QWlpyWTNHdnZaU2ovQWdqT2lDNHNBL2JSSmh4cCtUQndlRFByR0pFUEJFVW9sZEZHVXdraFJXMVVuRlc2YwpyTGM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
<csr/>
<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRRExzTERuNG1rVHhFclgKdHdqTXoxencyeHJhNTZ5bTYrYzlRNEM3UjMyMzVuWjVPM1ovdzMva01XZjkvbkZsamcyQVdYRElKY1dmOTQ0UgpFblFMdmlha2NNTHR1Qm1KTVRYZnVQWnhsSWE4Wlc0S0ZuT21UUzRZcUJXOEdCSkl3TG1DaTFvZGhZeGZQRDZMCldEZnZYMm1tWEIrUFNxL0l4WEhOSjdxZVB4YzVuSzUyMW1uNW5DQW1kUENjYmZ2Z1d1QzZOeFZtemR5em1rVC8KNnVqRUJFYTZ6RkQyUUtDN1N6a2ptZUNpd2VDQjc5NjZqeEV5UWtWUWpiVDkwWXJ4Q290TyttMkhBTlBkc2NPcQpvNldXMEhmSlNpa2k4K2NDWHlzbGRFSzFZbmxueTNFWlVqTExWamVFL1dBVTRDUFlSaFhUVUZVMjFkVXZrM29hCkVpeldVdmhKc1FHYnh2aFRUQlN3aVliOUQ3Ymx1MWl4UzJxNzczOTlVZ1E3cVM1QWE4SUdtcDg1Q2hRSUFZRWMKSTd6RGVWTGtrOGpkWkFCaTdGbDl0M05OQTU3WlVZVzErWE45K1RneWMxOVNsajFVbVF2RG96TEJDOTlNUmkvNApEQTIxRFpIODY3ekFYenFqZWUrckorQkZvNzVEQjlqd2tMTmVQZWl6bFF6dEhaalJTS2dpZ1I1T0pKa1JUci82CjduaTBtbzVITGNkU3hBSDFmdXdXS0hWS2RHQlQrNjhhYkUrZ2tRKytUOEx6dWErUW1qTE5RUWoxUkJIVjNLNVAKL3dvbXJKZG02d1ZLbm85RXlNait4azFwS05wb0F4UnR1WllmQ0RVVVBaNHVwQm1vMEs3d0Y0d21XdVdhK21Wdwplb1ZTcDRXMEhOWVJGU1pyWWxrc1AzdWViSHcva1FJREFRQUJBb0lDQUFzc3hPL2IzSTd3a0hpWU9wdmQ3b2ZxClJXVm9HM0ZHOVBkSCtrcU1DQW9zVXlpZ2lnWkZhQUZSY3BhZFBJUnBVRFZQOHQrUUx2RHhTSEtJVkNTR3lLRHgKN01mVTkxV3ZCUGtpc1NhWEV2TklEMHJ2WTJYbXl4WWdOcDBNcHdnbHhxZXlWSDNWSTFmZ09zQXpWVkpGSmtzeAp0NnVKV2U2R1lwRnlVZ3MzZytNdHhPYVJLZHcvWkFZb0dVRkR5WE5NR1JNdVRYYkg2WWxTOStFZ2RxZTJZbGtDCk41amkvODUydUlwSytXZUVnbmd1ZkVZNDdpVVhQSzFJTVB0UjRURUxOb3hkTWVBYnZBUG9La2QwMWZOWnVaQ3EKQ0dxNS9kMEQ4cDZKNjlUK3M1RnR1R1UrdkxtcUg3NmtsZjVmTTZnOFpCc2xSNStNQ0xlay9DaHRBZGU2VXBQRApXQ2EwazU3dmdneUdQdGVlVXY2RVJBMEp6SjlJd2VHZGdVWHhNdW5LK3ZSNWYydWJKWFJoMVJpNTNFSTNvVUxYClFvWm9hOTY3VzNUajQ3UzR2RlQyK2dLb0g2OXlNckdVNVkwcjJrSTFXMVVhWEJ1aVVrMi94amdyWVdTblUzUUQKZkM3ZXllTlNlN3c4UW9MMVBEYXJwVXdaK2xGZ0w3NFVScldLQU12WVhxa3NTMHVtb0tTSWo4cjZMM0hVSUVaUgpZRzhBTU91dFhrQk5lMkNpTXRKM2NYUXNIOWloQU9QL3AvaE9BTTBGNkM3Ymt1Vm85d1pRdDVESWxRWUl4TlArClFRZ2doRnhBNTlTWmpwRk00QkN5L0hEOENJY3VuSURZOVNlbXNSYXdyUVY1eGk1akFScVdOYTdBSVMvVlArdUUKQkpmS0dDNFlZVmxqS1VLeEgxVUJBb0lCQVFEcnZOWXNrd3ZhQ2Z6MlcvbkIrRjNjVE1RbjM2RENSYnZwQ0s1dApldm96TjJGbjBJdWFnN2RrYzN2NTFxTVNEd0h1cVNkVTRHUHZMcm83alpJaFNEZ1AwLzBLWmc0VmxtZE5HbEovCk1lcXhmOGRkOFdTQjZiUksrK2FRcEhaeDd2SUFTWkE4eHkvZ3F2NGJpSmlqVDhUQ2lSeXdYSTQ0ZlRYM0xLZTIKVG1Uc29XNk9yQmErSWJRYjBpTEh4WE4rZ3JDM0cxWWxIUlNvTEpKUkU0eFVLMGsvM1JLNU16RjRIYUNZb1BWOQpDOFpQellMR253SE9ERU8zbHRtSGJvQUNFa0VrT2dFV3U4RFo2YlYrMXJBcVh6WnN0L3hNZnJ5KzlMRVdYQUwvCkRnOEdkall0YzdyUTFZd1BIY1h6cFo2clVIdXh2K0p6VEE1ZzNCS1p6aWhwNFdHaEFvSUJBUURkTXE3N0dRWGMKYW5hYlMxanlFT3VzNFp5ZlJ4cW10NEVFaHZjY0dRVVVrV0IrWk11bnpyaENxb3ZwQ1dhVU9zWVhuNG45Y3BQSAo3bm1mOUJHbFI4NVhCVHNLM2d4bE5NMUhjSGFTNXZSem9WQVBNd3o2VVV0ZFNLWXRLR0Q3Wkxmbm9ISXN1SlEzCnJ6WWIyTFhpVmx6MWlNNUVmT0VrL1J5UjBwMGtleXVwa0F0OXBRV0hzaURYb0pibDE2d1ZLc2NDNGUzNjdRRWsKcFdoeXcyS3A4bXdtOGxqQllxZWtHdUREeGVZSDMzMVlGa2FMUEJCT2xPQnlveFlOUDdBVVREUlV3KzB1T01jNwozb0N1VE9jWnAxVWMwQURBOXRTRVRINklWdlFEUXZlYzR6MWRTVGRmUEkxRzVUTCt4Mzlvam5OcGVoYng0bEwvCmRxTTBmcFlPL2ZmeEFvSUJBRmwzOU8wNzdjNlY1ZHoyY1djTnhVbThGT0p4UEVrZlFEOGtYVmNOeW5HdnZoY3gKamhwWmpUdmhuSmJvd0VFMVV1MXFZNVFTQ2J1WVIzUWN1ZTVKdzRVMlZwNGd0NDIzNUlMZHo1dVlyVk1xaE5jQgpxN3ltbnhlcVhRcGVjTm15NzBQdXA0QjV0SkVYTkpQc2xzbThsNWVoaERMbkhjOFFybStlRWhUZDBlNEJJcjJoClVJeGVyRVcyemg1MXNPeTkyeVhUaVRGU3hTbENxVkYrRXM5TEVtVGJtYVNTYWw4RkY1TjEyMVhYSnkvWWRwNjkKY0dqc1BMTXIzR2xMSmVnalYzZlJUK0o1NWFxT3lhUlhCTXRBRVo3WGdUampETzJJWHNGMnNHaHV4SU1XVUYrVgp3YnhLbi9xSXVUMU1pVmpKbGZpVE0vWEFVdUN1QlowOEloaDFRcUVDZ2dFQUZwdzJySzRMSGxPM21mb2l0bU9xClkzcVFVdXVtdXNIcEt6aE1qQSsycURxUC9YdDZJY1lNcWF2YkwwL3ByMTh1bm4yTlVsM2k0ejNxS3NKOUIwTUcKd1hoa1o2RDQ3V052VkUwWG9iNS80RTN0N0EvUTFNbDRoYW1HYXZsRXFJM01DcDRvN1k5VWZ6aW10RVA3bTQ0dQpaRjYranR1ZysvSHZlS3hwcWEvNWI1U3N5QVFWUTZDZW9Ndm1nTW9CNmd2OFdid1VZbURWakJSb1Q4clBEQVllCnJnQjV1QkxJaGdyRlROMnV2TUZJZzdlTE1ISk1UR3dGWVZKd1Q1eGgrRUV0M0RoR3gwSEFnOHNqcGkxd05md1gKeENFeTRvYVloSWw1S2FDUndyK1dwZS9JZHYrajdGVTVMN1QvK0hFV0FlOEZ0eE5td3dUYWJRaUllRFkwU29ZRgpVUUtDQVFFQXRiclZqbTFsaDQ1REhIWnVsem4xNllIQzJrMUYwWG9FZFVSQ3o0QTFsMHBEK3ljL2srdmJ0Qmg0Cm1RRDV1a3FicHFFZy9GNUhDZmdOaHlieHNNdVV6NzFaU24zN2dwczNDWUdiUyt4RkhjZTJBakNTbUlYQWIxQjgKR0Z2WnV4UlB5QXU0YVBvT1J3RzM3NVBOM0VNNk83bzdxbjlYeExTZWRIMHExM2U0YkhYYm4rc2xOa1RIM2xmcwpLVnBOUUhVSUNDSW5vQ0llV1dwdnAwQnFoYjlKclRsbXd2c25zOHpZVDNiY3F5QXZHZGRnNUs3Y0MwRVJaem9ECnFJTkI3S05FVjQ1NmF0eDZVT3VYUlpKREMvaHNJUTZNaVBveUJacHRsK1ZIMEtQbEFIWGExb0FXZmNuL0U3MFYKK0RaeVBiMWxkQUdpb1hqditGd2h5VzZlWEVrQlBnPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
</cert>
<syslog/>
</opnsense>

987
opnsense-config/src/tests/data/config-vm-test_sorted.xml Normal file
View File

@@ -0,0 +1,987 @@
</acls>
<acls>
<action>alert</action>
<action>alert</action>
<action>alert</action>
<action>alert</action>
<action>alert</action>
<action>alert</action>
<action>alert</action>
<action>alert</action>
<action>alert</action>
<action>alert</action>
<action>alert</action>
<active_interface/>
<activeTimeout>1800</activeTimeout>
<address/>
<address/>
<address/>
<address/>
<address/>
</advanced>
<advanced>
<adv_dhcp_config_advanced/>
<adv_dhcp_config_file_override/>
<adv_dhcp_config_file_override_path/>
<adv_dhcp_option_modifiers/>
<adv_dhcp_pt_backoff_cutoff/>
<adv_dhcp_pt_initial_interval/>
<adv_dhcp_pt_reboot/>
<adv_dhcp_pt_retry/>
<adv_dhcp_pt_select_timeout/>
<adv_dhcp_pt_timeout/>
<adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
<adv_dhcp_request_options/>
<adv_dhcp_required_options/>
<adv_dhcp_send_options/>
<aggressivensec>1</aggressivensec>
</alert>
<AlertLogrotate>W0D23</AlertLogrotate>
<AlertSaveLogs>4</AlertSaveLogs>
<alert uuid="15f1e9ca-5dd5-4b20-b595-b6b4f82245d0">
</Alias>
<alias-address/>
<aliases/>
<aliases/>
<alias-subnet>32</alias-subnet>
<Alias version="1.0.1">
and for the sender directly reachable, route and next hop is known.</descr>
<any/>
<any/>
<any>1</any>
<any>1</any>
<any>1</any>
<any>1</any>
<any>1</any>
as part of the standard FreeBSD core system.</descr>
as part of the standard FreeBSD core system.</descr>
<blocklists/>
</bogons>
<bogons>
<bridged/>
</bridges>
<bridges>
<ca/>
<cacheflush/>
<cachemaxnegativettl/>
<cachemaxttl/>
<cacheminttl/>
</captiveportal>
<captiveportal version="1.0.2">
</capture>
<capture>
<caref/>
<caref/>
<categories/>
</Category>
<Category version="1.0.0">
</cert>
</cert>
<cert uuid="547102e9-23ba-48b8-8af8-64be61049e96">
<cert uuid="cad18e13-92c5-48b6-9b44-ad2e5dcc799e">
<children/>
<ciphers/>
</client>
<clients/>
<client version="1.0.0">
<clone/>
</collect>
<collect>
<column_count>2</column_count>
<compression/>
<condition>changed status</condition>
<condition>cpu usage is greater than 75%</condition>
<condition>failed link</condition>
<condition>failed ping</condition>
<condition>loadavg (15min) is greater than 2</condition>
<condition>loadavg (1min) is greater than 4</condition>
<condition>loadavg (5min) is greater than 3</condition>
<condition>memory usage is greater than 75%</condition>
<condition>saturation is greater than 75%</condition>
<condition>space usage is greater than 75%</condition>
<condition>status != 0</condition>
<Connections/>
</created>
</created>
</created>
</created>
<created>
<created>
<created>
<created>
</cron>
<cron version="1.0.4">
<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVSUhVRkpwc253VGtzYWRrZmRDNUp1SDhqWnZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5ERXhNVE14TmpFNE1EbGFGdzB5TlRFeU1UVXhOakU0TURsYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURKU1FlZ1RYckp5dDVWYmk0Rk9IeHJrOXhxQ21FRU54V2pINVVwNDBFK3hjUzZQU1NyCkNEclc3ZDlYcVJkOEpEZENtdGtLRGlMYWNaUzJMUm1abnd6VnRzZGtBR2pOYm5OM1hSNmlFajdGL0JnbVBlcDEKU2pJWnBTZzNkOS9YeHFPQTNZQllzTS9uUk9vWHlmTHcycFJOLzhHVjN3MHoxbVFZUitMZWI3UTFuc1c3dTJ5NworVHc5STZGU0J4bkdaR3RyUFl5NkVBb0NMdm1GQnFCYWxkWTQ2ejdlWjlIRkZXaE8ybWpaUzVPdTE3ZVozVHBxCnBRTVB1T2JxV3FyaE0xdjVjdmJodU5kREhNZ3ZVVFVnQ0RNK2FkS3dIc0dNNGw5ZGtOQTgxdGlJcXpzN1BqcjEKUm0wMlVuUXRneW8zY3hPRXVsYk9nU0hsdGhTMmtUMXE2UmhyemYvRGRJSEhta1RROGtwWVloWGc0VmpMQVdpSQpQbm9ncnZsRUlWMERhQ3ZEMjZiRkRDbVkxc29FbDV1NGtYanJScDRXK29NUVRHeG80NzFMQnNBMlh1Si82ZFJBCkJMVzh4dXBFODhEYmlrWW51NVdQaUp6ZXh4UVIyNU1FQVd6TCtKK0lubFExbmpMVWwyN3R0c1VQQ1VjL3c0NXoKcHBERHYwZnU0Nnp1S3EzY0VWRitiREsrQWdlT0Q2SXNzUjVRRTdFNVdkWjYrNWl6ZHB4eWdUeGh0L1k1RlBkSApHQjlCbDFrejR4bHRhczlvbmZrSDFkVHk3dzFNck43Z1l5WjgvS0pMWW9EY2NBOVFuNGt6bGtPeFVUMENuS1ExCmtWNk90aFRsVFgzK2duaUpJK3RXWUQ5bTRldXNzYWN1anpyWDl5TTNZcEloMnZqODJ0NHpPNjIrNFFJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRkJRZytucWI5QW9HSWtoTUxhNHFzWGRvY0JGcE1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVUlIVUYKSnBzbndUa3NhZGtmZEM1SnVIOGpadk13SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQUZqNlQ1MmRIUklVMHJuZDE0d2dob2tjUkdrK0hIQloyTGlDRHpUeUwKNHdCeTJ1ZXJXQWdvYUZzeUlNQzhwWTBhWlc4TFlSd1BtRVB0OXlUS09ZZzF0NWtOUnk2RkF5akszeis5TGZTQwoxRlFpb0pma3FHRnhoc1IxV1R5RjBGNmJmM2tZRDZ4OWw1dEdqMXF3SndrekZWZWcvZGNtUVhvRTBmUDRqSFFvCmgxWXdiZ3pTa084TzRLUVhuWXVRM3g0bWdoZnBvR0hQM2xINlcybDJlWHpqSzllRjJtUG1ZS0p1M3JpSnkvL3gKRzhQWXBYNlNTN3RoVnNNeHF3cGJHbURXQXRuSnNrSmVsNDI1WUdOYlZ4YTNPOHE3RWxLNGFoNXpmai8wRnVwTgo3SnlqMWQyZjZFck14WlFnUi9EdmlUVnhISytRY1lBRXBqU2ZmZzBrRStpS1BlN0VYTVk1VU1aZUFTK1ZteG1LCjBPOWxaQXNpWUlEMzkwVjNTaDZxYjhoL2xMZ0V2NCtSNUw1VEpFaldYc0dQSUpGaHJNSFJWR1lhV3JIYWx3eHYKNjE5NFlpSXBEaUlHSVVSWGN1U3dNcndIQzN0bms2QVo2OW5CczVXT1JYM0NxOVhRRnVrVlA5eUMxQnRuSmFwbQpubUMzK3NtTTErRjkxUXlkVXJtbUxPNUVwUmtTMitBcmRTSklUR1NRNWt4L3VLNjhzV0QzVVdNNVRibUxrcWdOCkt6djZjemVCbzJiVExDT0JKUWJ4STFCckRPTUFMSDlCdXdUamVXdUVtWE9TWE1lTDFsejdhL2JZKzJxa1BSOVAKTE5IekE2QXZlVmxucDNaeFdqMjZFK3dwYnU5cHBaY0QzRGVHRnRnZzVJbUJ2ZDNWbjJ6UVc4a1ZMT1ZBdllSawptdWc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVZkNETXpFclQ4dlVoenJaTVJta3JiT3dnSUdNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5ERXhNVE14TmpReE5EVmFGdzB5TlRFeU1UVXhOalF4TkRWYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURMc0xEbjRta1R4RXJYdHdqTXoxencyeHJhNTZ5bTYrYzlRNEM3UjMyMzVuWjVPM1ovCnczL2tNV2Y5L25GbGpnMkFXWERJSmNXZjk0NFJFblFMdmlha2NNTHR1Qm1KTVRYZnVQWnhsSWE4Wlc0S0ZuT20KVFM0WXFCVzhHQkpJd0xtQ2kxb2RoWXhmUEQ2TFdEZnZYMm1tWEIrUFNxL0l4WEhOSjdxZVB4YzVuSzUyMW1uNQpuQ0FtZFBDY2JmdmdXdUM2TnhWbXpkeXpta1QvNnVqRUJFYTZ6RkQyUUtDN1N6a2ptZUNpd2VDQjc5NjZqeEV5ClFrVlFqYlQ5MFlyeENvdE8rbTJIQU5QZHNjT3FvNldXMEhmSlNpa2k4K2NDWHlzbGRFSzFZbmxueTNFWlVqTEwKVmplRS9XQVU0Q1BZUmhYVFVGVTIxZFV2azNvYUVpeldVdmhKc1FHYnh2aFRUQlN3aVliOUQ3Ymx1MWl4UzJxNwo3Mzk5VWdRN3FTNUFhOElHbXA4NUNoUUlBWUVjSTd6RGVWTGtrOGpkWkFCaTdGbDl0M05OQTU3WlVZVzErWE45CitUZ3ljMTlTbGoxVW1RdkRvekxCQzk5TVJpLzREQTIxRFpIODY3ekFYenFqZWUrckorQkZvNzVEQjlqd2tMTmUKUGVpemxRenRIWmpSU0tnaWdSNU9KSmtSVHIvNjduaTBtbzVITGNkU3hBSDFmdXdXS0hWS2RHQlQrNjhhYkUrZwprUSsrVDhMenVhK1FtakxOUVFqMVJCSFYzSzVQL3dvbXJKZG02d1ZLbm85RXlNait4azFwS05wb0F4UnR1WllmCkNEVVVQWjR1cEJtbzBLN3dGNHdtV3VXYSttVndlb1ZTcDRXMEhOWVJGU1pyWWxrc1AzdWViSHcva1FJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRktidDd0QkRKN1daV1lMblQ5cEhTMklPdTg1TU1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVWZDRE0KekVyVDh2VWh6clpNUm1rcmJPd2dJR013SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQWNQbmllQ29FSmRjV25CVHdqRmE3bjZqTFMrZ1pUYUk2ZjAzWktQMFYKQ0pSaDUxWTNwb2dpcnJYcVNHQ1VGTVNHbGpsQ21mU2VhdW9GWFYwanZLejhnMGZ1NU9kYlhjd2FrZFBZSXgydQpVT0dMbllTaEdCNlpoMmhpWWdSVGFpemJoTVliQitzQkV4QU1CdHZRZElSZ3dBWkRNWE9jY0MwZnJaMFhRRlRFCnQ3by82VGYvZEprdnB0cmRYWW1INnFUWlA2MGxyTnlabVloTjc1NEluOFZLRVVSRWNZamg1ejlJanA1NTE1cU0Kb0VrSGNKbTBDNkh2VStETG1ybFpFYkV4bnVOMFQzWTBNZ0hiVFVhU2Y1L2FKVmlIM0dOMnMzbG1ZM0VXTS9Vcwo3azFyc2JTa2orZzJvQXlTcjU0Nlc4RkdaMjliZFlOYk1EaTQ4aXVRQWlzRlQrTGZXN3Y3RVl3WGJ3NUhSVkpNCjV2MlhnenJwN2Yxa08zckEzeXUyS1VSSktHdjJ1ZXhNSythb1VOZXhRT3ludmZGUTBCemRHQ1dlcmVvZTZ3bDMKbHc4Z2dCWDI1VGIxbzR3d1UzNXdtUUIrMC9rbjB0SXoveVBhY2JzbDAwZ0dJNFhTbWpRQmF0MUZYRHFEME1JMgp4S0RqMXZ2dkNTVnRKc09ESG95eDhLc3ptbno5UVFoV0ZNeC9LTXp1clh0OWtsWFRJc0t3d2NXMytZQWtQMzNaClgvOGJnZS8zK2RibTdNN3BndmFBNVFlU3VTbkwzNjdLT1g1NlNZNGFZWHhkc1haVDc0ZGxVRU1jbG9NU0NIOG4KR25QWlpyWTNHdnZaU2ovQWdqT2lDNHNBL2JSSmh4cCtUQndlRFByR0pFUEJFVW9sZEZHVXdraFJXMVVuRlc2YwpyTGM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
<csr/>
<csr/>
</ctrl_agent>
<ctrl_agent version="0.0.1">
<data_length/>
<default_action>allow</default_action>
<defaultgw>1</defaultgw>
<defaultPacketSize/>
<depends/>
<depends/>
<depends/>
<depends/>
<descr/>
<descr>Allow ping</descr>
<descr>Allow unprivileged access to tap(4) device nodes</descr>
<descr>Default allow LAN IPv6 to any rule</descr>
<descr>Default allow LAN to any rule</descr>
<descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
<descr>Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)</descr>
<descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
<descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
<descr>Drop packets to closed TCP ports without returning a RST</descr>
<descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
<descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
<descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
<descr>Enable sending IPv6 redirects</descr>
<descr>Enable TCP extended debugging</descr>
<descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
<descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
<descr>Hide processes running as other groups</descr>
<descr>Hide processes running as other users</descr>
<descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
<descr>Interface WAN Gateway</descr>
<description/>
<description/>
<description/>
<description/>
<description/>
<description>/firewall_rules_edit.php made changes</description>
<description>/firewall_rules_edit.php made changes</description>
<description>/firewall_rules_edit.php made changes</description>
<description>/firewall_rules_edit.php made changes</description>
<description>/firewall_rules_edit.php made changes</description>
<description>/firewall_rules_edit.php made changes</description>
<description>/firewall_rules_edit.php made changes</description>
<description>/firewall_rules_edit.php made changes</description>
<description>/interfaces.php made changes</description>
<description>System Administrators</description>
<descr>Loopback</descr>
<descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
<descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
<descr>Maximum outgoing UDP datagram size</descr>
<descr>Maximum outgoing UDP datagram size</descr>
<descr>Maximum socket buffer size</descr>
<descr>Page Table Isolation (Meltdown mitigation, requires reboot.)</descr>
<descr>Prefer privacy addresses and use them over the normal addresses</descr>
<descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
<descr>Randomize the ID field in IP packets</descr>
<descr>Set ICMP Limits</descr>
<descr>Set the ephemeral port range to be lower.</descr>
<descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
<descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
<descr>Set to 1 to enable filtering on the bridge interface</descr>
<descr>Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
<descr>Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
<descr>System Administrator</descr>
<descr>TCP Offload Engine</descr>
<descr>This option turns off the logging of redirect packets because there is no limit and this could fill
<descr>UDP Checksums</descr>
<descr>Web GUI TLS certificate</descr>
<descr>Web GUI TLS certificate</descr>
</destination>
</destination>
</destination>
</destination>
</destination>
</destination>
<destination>
<destination>
<destination>
<destination>
<destination>
<destination>
<destinations/>
</detect>
<detect>
</dhcp4>
<dhcp4 version="1.0.0">
</dhcpd>
<dhcpd>
<dhcpdv6/>
<dhcphostname/>
<dhcprejectfrom/>
<DHCRelay version="1.0.1"/>
<direction>in</direction>
<direction>in</direction>
<direction>in</direction>
<direction>in</direction>
<disablechecksumoffloading>1</disablechecksumoffloading>
<disableconsolemenu>1</disableconsolemenu>
<disabled>0</disabled>
<disablelargereceiveoffloading>1</disablelargereceiveoffloading>
<disablenatreflection>yes</disablenatreflection>
<disablepreempt>0</disablepreempt>
<disablesegmentationoffloading>1</disablesegmentationoffloading>
<disablevlanhwfilter>1</disablevlanhwfilter>
<disconnectppps>0</disconnectppps>
<dns64/>
<dns64prefix/>
<dnsallowoverride>1</dnsallowoverride>
</dnsbl>
<dnsbl>
<dnsserver/>
<dnsserver>192.168.5.1</dnsserver>
<domain>localdomain</domain>
<domains/>
<dots/>
<egress_only/>
<enable/>
<enable/>
<enable>0</enable>
<enable>1</enable>
<enable>1</enable>
<enable>1</enable>
<enabled/>
<enabled/>
<enabled>0</enabled>
<enabled>0</enabled>
<enabled>0</enabled>
<enabled>0</enabled>
<enabled>0</enabled>
<enabled>0</enabled>
<enabled>0</enabled>
<enabled>0</enabled>
<enabled>0</enabled>
<enabled>0</enabled>
<enabled>1</enabled>
<enabled>1</enabled>
<enabled>1</enabled>
<enabled>1</enabled>
<enabled>enabled</enabled>
<enable_wpad/>
<eventqueuePath/>
<eventqueueSlots/>
<events/>
<extendedstatistics/>
<fargw>0</fargw>
<files/>
<fileTags/>
</filter>
<filter>
</Filter>
<Filter version="1.0.4">
</Firewall>
<Firewall>
</firmware>
<firmware version="1.0.1">
<flavour/>
<force_down/>
<format/>
</forwarding>
<forwarding>
<from>10.100.8.10</from>
<fwrules>1</fwrules>
<gateway>172.17.0.1</gateway>
</gateway_item>
<gateway_item uuid="a6ea102d-68bb-430f-af8b-269d52498fe1">
</Gateways>
<Gateways version="1.0.0">
</general>
</general>
<general>
<general>
</general>
</general>
</general>
</general>
</general>
</general>
<general>
<general>
<general>
<general>
<general>
<general version="0.0.1">
</geoip>
<geoip>
<gid>1999</gid>
<gif/>
</gifs>
<gifs version="1.0.0">
<gre/>
</gres>
<gres version="1.0.0">
</group>
<group>
<group>admins</group>
<groupname>admins</groupname>
</ha>
<ha>
<ha_peers/>
</hasync>
<hasync version="1.0.0">
<hideidentity/>
<hideversion/>
<homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
<hostname>OPNsense</hostname>
<hostname>rtx4090</hostname>
<hosts/>
<httpdAllow/>
<httpdEnabled>0</httpdEnabled>
<httpdPassword/>
<httpdPort>2812</httpdPort>
<httpdUsername>root</httpdUsername>
<http_host>127.0.0.1</http_host>
<http_port>8000</http_port>
</IDS>
<IDS version="1.0.9">
<ifgroups version="1.0.0"/>
<if>le0</if>
<if>le1</if>
<if>lo0</if>
<inactiveTimeout>15</inactiveTimeout>
<incomingnumtcp/>
<infracachenumhosts/>
<infrahostttl/>
<infrakeepprobing/>
<insecuredomain/>
<Instances/>
<interface/>
<interface/>
<interface/>
<interface/>
<interface>lan</interface>
<interface>lan</interface>
<interfaces/>
<interfaces/>
<interfaces/>
<interfaces/>
</interfaces>
<interfaces>
</Interfaces>
<Interfaces>
<interfaces>wan</interfaces>
<interface>wan</interface>
<interface>wan</interface>
<interface>wan</interface>
<interface>wan</interface>
<interface>wan</interface>
<internal_dynamic>1</internal_dynamic>
<interval/>
<interval>120</interval>
<interval>monthly</interval>
<ipaddr>10.100.8.15</ipaddr>
<ipaddr>10.100.8.1</ipaddr>
<ipaddr>127.0.0.1</ipaddr>
<ipaddr>dhcp</ipaddr>
<ipaddrv6>::1</ipaddrv6>
<ipaddrv6>track6</ipaddrv6>
<ipprotocol>inet6</ipprotocol>
<ipprotocol>inet</ipprotocol>
<ipprotocol>inet</ipprotocol>
<ipprotocol>inet</ipprotocol>
<ipprotocol>inet</ipprotocol>
<ipprotocol>inet</ipprotocol>
<ipprotocol>inet</ipprotocol>
<ips>0</ips>
</IPsec>
<IPsec version="1.0.1">
<ipv6allow>1</ipv6allow>
It can also be used to probe for information about your internal networks. These functions come enabled
It can also be used to probe for information about your internal networks. These functions come enabled
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
</item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<item>
<jobs/>
<jostletimeout/>
</Kea>
<Kea>
<kex/>
<keyPairs/>
<keys/>
<keysig/>
<lagg/>
</laggs>
<laggs version="1.0.0">
</lan>
</lan>
<lan>
<lan>
<language>en_US</language>
<latencyhigh/>
<latencylow/>
<lb_use_sticky>1</lb_use_sticky>
<lists/>
</lo0>
<lo0>
<locals/>
<local_zone_type>transparent</local_zone_type>
<logfile/>
<loglocal>1</loglocal>
<loglocalactions/>
<LogPayload>0</LogPayload>
<logqueries/>
<logreplies/>
<logservfail/>
<logtagqueryreply/>
<logverbosity>1</logverbosity>
<loopbacks version="1.0.0"/>
<losshigh/>
<loss_interval/>
<losslow/>
</Lvtemplate>
<Lvtemplate version="0.0.1">
<mac>d8:5e:d3:e7:2c:8c</mac>
<macs/>
<mailserver>127.0.0.1</mailserver>
<match/>
<match/>
<match/>
<match/>
<maxfilesize/>
<maxpreserve>31</maxpreserve>
<media/>
<mediaopt/>
<member>0</member>
<mirror/>
<mmonitRegisterCredentials>1</mmonitRegisterCredentials>
<mmonitTimeout>5</mmonitTimeout>
<mmonitUrl/>
<mode>automatic</mode>
</monit>
<monitor/>
<monitor_disable>1</monitor_disable>
<monitor_noroute/>
<monit version="1.0.13">
<MPMAlgo/>
<msgcachesize/>
<name>$HOST</name>
<name>admins</name>
<name>carp_status_change</name>
<name>ChangedStatus</name>
<name>CPUUsage</name>
<name>gateway_alert</name>
<name>LoadAvg15</name>
<name>LoadAvg1</name>
<name>LoadAvg5</name>
<name>MemoryUsage</name>
<name>NetworkLink</name>
<name>NetworkSaturation</name>
<name>NonZeroStatus</name>
<name>Ping</name>
<name>RootFs</name>
<name>root</name>
<name>SpaceUsage</name>
<name>WAN_GW</name>
</nat>
<nat>
<neighbors version="1.0.0"/>
</Netflow>
<netflowbackup>-1</netflowbackup>
<Netflow version="1.0.1">
<network>lan</network>
<network>lan</network>
<network>(self)</network>
<network>wanip</network>
<network>wanip</network>
<nextgid>2000</nextgid>
<nextuid>2000</nextuid>
<noarecords/>
<noauto>1</noauto>
<noreglladdr6/>
<noregrecords/>
<noton>0</noton>
<npt/>
</ntpd>
<ntpd>
<ntpserver/>
<numqueriesperthread/>
<nxdomain/>
<onetoone/>
<openvpn/>
</OpenVPN>
</OpenVPNExport>
<OpenVPNExport version="0.0.1">
<OpenVPN version="1.0.0">
</opnsense>
<opnsense>
</OPNsense>
<OPNsense>
<optimization>normal</optimization>
</outbound>
<outbound>
<outgoing_interface/>
<outgoingnumtcp/>
<outgoingrange/>
<Overwrites/>
<password/>
<password/>
<password>$2y$10$YRVoF4SgskIsrXOvOQjGieB9XqHPRra9R7d80B3BZdbY/j21TwBfS</password>
<passwordauth>1</passwordauth>
<path/>
<path/>
<path/>
<path/>
<path/>
<path/>
<path/>
<path/>
<path/>
<path/>
<path/>
<path/>
<path>/</path>
<path>/usr/local/opnsense/scripts/OPNsense/Monit/carp_status</path>
<path>/usr/local/opnsense/scripts/OPNsense/Monit/gateway_alert</path>
<permitrootlogin>1</permitrootlogin>
<pf_share_forward>1</pf_share_forward>
<pfsyncenabled>0</pfsyncenabled>
<pfsyncinterface>lan</pfsyncinterface>
<pfsyncpeerip/>
<pfsyncversion>1400</pfsyncversion>
<pidfile/>
<pidfile/>
<pidfile/>
<pidfile/>
<pipes/>
<plugins/>
<policies/>
<polltime/>
<polltime/>
<polltime/>
<polltime/>
<Pools/>
<port/>
<port>22</port>
<port>25</port>
<port>443</port>
<port>53</port>
<port>80</port>
<powerd_ac_mode>hadp</powerd_ac_mode>
<powerd_battery_mode>hadp</powerd_battery_mode>
<powerd_normal_mode>hadp</powerd_normal_mode>
<ppp/>
</ppps>
<ppps>
<prefer>0.opnsense.pool.ntp.org</prefer>
<prefetch/>
<prefetchkey/>
<preSharedKeys/>
<primaryconsole>video</primaryconsole>
<priority>255</priority>
<privateaddress>0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10</privateaddress>
<privatedomain/>
<priv>page-all</priv>
<Profile/>
<promisc>0</promisc>
<protocol>https</protocol>
<protocol>icmp</protocol>
<protocol>tcp</protocol>
<protocol>tcp</protocol>
<protocol>tcp/udp</protocol>
<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRRExzTERuNG1rVHhFclgKdHdqTXoxencyeHJhNTZ5bTYrYzlRNEM3UjMyMzVuWjVPM1ovdzMva01XZjkvbkZsamcyQVdYRElKY1dmOTQ0UgpFblFMdmlha2NNTHR1Qm1KTVRYZnVQWnhsSWE4Wlc0S0ZuT21UUzRZcUJXOEdCSkl3TG1DaTFvZGhZeGZQRDZMCldEZnZYMm1tWEIrUFNxL0l4WEhOSjdxZVB4YzVuSzUyMW1uNW5DQW1kUENjYmZ2Z1d1QzZOeFZtemR5em1rVC8KNnVqRUJFYTZ6RkQyUUtDN1N6a2ptZUNpd2VDQjc5NjZqeEV5UWtWUWpiVDkwWXJ4Q290TyttMkhBTlBkc2NPcQpvNldXMEhmSlNpa2k4K2NDWHlzbGRFSzFZbmxueTNFWlVqTExWamVFL1dBVTRDUFlSaFhUVUZVMjFkVXZrM29hCkVpeldVdmhKc1FHYnh2aFRUQlN3aVliOUQ3Ymx1MWl4UzJxNzczOTlVZ1E3cVM1QWE4SUdtcDg1Q2hRSUFZRWMKSTd6RGVWTGtrOGpkWkFCaTdGbDl0M05OQTU3WlVZVzErWE45K1RneWMxOVNsajFVbVF2RG96TEJDOTlNUmkvNApEQTIxRFpIODY3ekFYenFqZWUrckorQkZvNzVEQjlqd2tMTmVQZWl6bFF6dEhaalJTS2dpZ1I1T0pKa1JUci82CjduaTBtbzVITGNkU3hBSDFmdXdXS0hWS2RHQlQrNjhhYkUrZ2tRKytUOEx6dWErUW1qTE5RUWoxUkJIVjNLNVAKL3dvbXJKZG02d1ZLbm85RXlNait4azFwS05wb0F4UnR1WllmQ0RVVVBaNHVwQm1vMEs3d0Y0d21XdVdhK21Wdwplb1ZTcDRXMEhOWVJGU1pyWWxrc1AzdWViSHcva1FJREFRQUJBb0lDQUFzc3hPL2IzSTd3a0hpWU9wdmQ3b2ZxClJXVm9HM0ZHOVBkSCtrcU1DQW9zVXlpZ2lnWkZhQUZSY3BhZFBJUnBVRFZQOHQrUUx2RHhTSEtJVkNTR3lLRHgKN01mVTkxV3ZCUGtpc1NhWEV2TklEMHJ2WTJYbXl4WWdOcDBNcHdnbHhxZXlWSDNWSTFmZ09zQXpWVkpGSmtzeAp0NnVKV2U2R1lwRnlVZ3MzZytNdHhPYVJLZHcvWkFZb0dVRkR5WE5NR1JNdVRYYkg2WWxTOStFZ2RxZTJZbGtDCk41amkvODUydUlwSytXZUVnbmd1ZkVZNDdpVVhQSzFJTVB0UjRURUxOb3hkTWVBYnZBUG9La2QwMWZOWnVaQ3EKQ0dxNS9kMEQ4cDZKNjlUK3M1RnR1R1UrdkxtcUg3NmtsZjVmTTZnOFpCc2xSNStNQ0xlay9DaHRBZGU2VXBQRApXQ2EwazU3dmdneUdQdGVlVXY2RVJBMEp6SjlJd2VHZGdVWHhNdW5LK3ZSNWYydWJKWFJoMVJpNTNFSTNvVUxYClFvWm9hOTY3VzNUajQ3UzR2RlQyK2dLb0g2OXlNckdVNVkwcjJrSTFXMVVhWEJ1aVVrMi94amdyWVdTblUzUUQKZkM3ZXllTlNlN3c4UW9MMVBEYXJwVXdaK2xGZ0w3NFVScldLQU12WVhxa3NTMHVtb0tTSWo4cjZMM0hVSUVaUgpZRzhBTU91dFhrQk5lMkNpTXRKM2NYUXNIOWloQU9QL3AvaE9BTTBGNkM3Ymt1Vm85d1pRdDVESWxRWUl4TlArClFRZ2doRnhBNTlTWmpwRk00QkN5L0hEOENJY3VuSURZOVNlbXNSYXdyUVY1eGk1akFScVdOYTdBSVMvVlArdUUKQkpmS0dDNFlZVmxqS1VLeEgxVUJBb0lCQVFEcnZOWXNrd3ZhQ2Z6MlcvbkIrRjNjVE1RbjM2RENSYnZwQ0s1dApldm96TjJGbjBJdWFnN2RrYzN2NTFxTVNEd0h1cVNkVTRHUHZMcm83alpJaFNEZ1AwLzBLWmc0VmxtZE5HbEovCk1lcXhmOGRkOFdTQjZiUksrK2FRcEhaeDd2SUFTWkE4eHkvZ3F2NGJpSmlqVDhUQ2lSeXdYSTQ0ZlRYM0xLZTIKVG1Uc29XNk9yQmErSWJRYjBpTEh4WE4rZ3JDM0cxWWxIUlNvTEpKUkU0eFVLMGsvM1JLNU16RjRIYUNZb1BWOQpDOFpQellMR253SE9ERU8zbHRtSGJvQUNFa0VrT2dFV3U4RFo2YlYrMXJBcVh6WnN0L3hNZnJ5KzlMRVdYQUwvCkRnOEdkall0YzdyUTFZd1BIY1h6cFo2clVIdXh2K0p6VEE1ZzNCS1p6aWhwNFdHaEFvSUJBUURkTXE3N0dRWGMKYW5hYlMxanlFT3VzNFp5ZlJ4cW10NEVFaHZjY0dRVVVrV0IrWk11bnpyaENxb3ZwQ1dhVU9zWVhuNG45Y3BQSAo3bm1mOUJHbFI4NVhCVHNLM2d4bE5NMUhjSGFTNXZSem9WQVBNd3o2VVV0ZFNLWXRLR0Q3Wkxmbm9ISXN1SlEzCnJ6WWIyTFhpVmx6MWlNNUVmT0VrL1J5UjBwMGtleXVwa0F0OXBRV0hzaURYb0pibDE2d1ZLc2NDNGUzNjdRRWsKcFdoeXcyS3A4bXdtOGxqQllxZWtHdUREeGVZSDMzMVlGa2FMUEJCT2xPQnlveFlOUDdBVVREUlV3KzB1T01jNwozb0N1VE9jWnAxVWMwQURBOXRTRVRINklWdlFEUXZlYzR6MWRTVGRmUEkxRzVUTCt4Mzlvam5OcGVoYng0bEwvCmRxTTBmcFlPL2ZmeEFvSUJBRmwzOU8wNzdjNlY1ZHoyY1djTnhVbThGT0p4UEVrZlFEOGtYVmNOeW5HdnZoY3gKamhwWmpUdmhuSmJvd0VFMVV1MXFZNVFTQ2J1WVIzUWN1ZTVKdzRVMlZwNGd0NDIzNUlMZHo1dVlyVk1xaE5jQgpxN3ltbnhlcVhRcGVjTm15NzBQdXA0QjV0SkVYTkpQc2xzbThsNWVoaERMbkhjOFFybStlRWhUZDBlNEJJcjJoClVJeGVyRVcyemg1MXNPeTkyeVhUaVRGU3hTbENxVkYrRXM5TEVtVGJtYVNTYWw4RkY1TjEyMVhYSnkvWWRwNjkKY0dqc1BMTXIzR2xMSmVnalYzZlJUK0o1NWFxT3lhUlhCTXRBRVo3WGdUampETzJJWHNGMnNHaHV4SU1XVUYrVgp3YnhLbi9xSXVUMU1pVmpKbGZpVE0vWEFVdUN1QlowOEloaDFRcUVDZ2dFQUZwdzJySzRMSGxPM21mb2l0bU9xClkzcVFVdXVtdXNIcEt6aE1qQSsycURxUC9YdDZJY1lNcWF2YkwwL3ByMTh1bm4yTlVsM2k0ejNxS3NKOUIwTUcKd1hoa1o2RDQ3V052VkUwWG9iNS80RTN0N0EvUTFNbDRoYW1HYXZsRXFJM01DcDRvN1k5VWZ6aW10RVA3bTQ0dQpaRjYranR1ZysvSHZlS3hwcWEvNWI1U3N5QVFWUTZDZW9Ndm1nTW9CNmd2OFdid1VZbURWakJSb1Q4clBEQVllCnJnQjV1QkxJaGdyRlROMnV2TUZJZzdlTE1ISk1UR3dGWVZKd1Q1eGgrRUV0M0RoR3gwSEFnOHNqcGkxd05md1gKeENFeTRvYVloSWw1S2FDUndyK1dwZS9JZHYrajdGVTVMN1QvK0hFV0FlOEZ0eE5td3dUYWJRaUllRFkwU29ZRgpVUUtDQVFFQXRiclZqbTFsaDQ1REhIWnVsem4xNllIQzJrMUYwWG9FZFVSQ3o0QTFsMHBEK3ljL2srdmJ0Qmg0Cm1RRDV1a3FicHFFZy9GNUhDZmdOaHlieHNNdVV6NzFaU24zN2dwczNDWUdiUyt4RkhjZTJBakNTbUlYQWIxQjgKR0Z2WnV4UlB5QXU0YVBvT1J3RzM3NVBOM0VNNk83bzdxbjlYeExTZWRIMHExM2U0YkhYYm4rc2xOa1RIM2xmcwpLVnBOUUhVSUNDSW5vQ0llV1dwdnAwQnFoYjlKclRsbXd2c25zOHpZVDNiY3F5QXZHZGRnNUs3Y0MwRVJaem9ECnFJTkI3S05FVjQ1NmF0eDZVT3VYUlpKREMvaHNJUTZNaVBveUJacHRsK1ZIMEtQbEFIWGExb0FXZmNuL0U3MFYKK0RaeVBiMWxkQUdpb1hqditGd2h5VzZlWEVrQlBnPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpSQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1M0d2dna3FBZ0VBQW9JQ0FRREpTUWVnVFhySnl0NVYKYmk0Rk9IeHJrOXhxQ21FRU54V2pINVVwNDBFK3hjUzZQU1NyQ0RyVzdkOVhxUmQ4SkRkQ210a0tEaUxhY1pTMgpMUm1abnd6VnRzZGtBR2pOYm5OM1hSNmlFajdGL0JnbVBlcDFTaklacFNnM2Q5L1h4cU9BM1lCWXNNL25ST29YCnlmTHcycFJOLzhHVjN3MHoxbVFZUitMZWI3UTFuc1c3dTJ5NytUdzlJNkZTQnhuR1pHdHJQWXk2RUFvQ0x2bUYKQnFCYWxkWTQ2ejdlWjlIRkZXaE8ybWpaUzVPdTE3ZVozVHBxcFFNUHVPYnFXcXJoTTF2NWN2Ymh1TmRESE1ndgpVVFVnQ0RNK2FkS3dIc0dNNGw5ZGtOQTgxdGlJcXpzN1BqcjFSbTAyVW5RdGd5bzNjeE9FdWxiT2dTSGx0aFMyCmtUMXE2UmhyemYvRGRJSEhta1RROGtwWVloWGc0VmpMQVdpSVBub2dydmxFSVYwRGFDdkQyNmJGRENtWTFzb0UKbDV1NGtYanJScDRXK29NUVRHeG80NzFMQnNBMlh1Si82ZFJBQkxXOHh1cEU4OERiaWtZbnU1V1BpSnpleHhRUgoyNU1FQVd6TCtKK0lubFExbmpMVWwyN3R0c1VQQ1VjL3c0NXpwcEREdjBmdTQ2enVLcTNjRVZGK2JESytBZ2VPCkQ2SXNzUjVRRTdFNVdkWjYrNWl6ZHB4eWdUeGh0L1k1RlBkSEdCOUJsMWt6NHhsdGFzOW9uZmtIMWRUeTd3MU0Kck43Z1l5WjgvS0pMWW9EY2NBOVFuNGt6bGtPeFVUMENuS1Exa1Y2T3RoVGxUWDMrZ25pSkkrdFdZRDltNGV1cwpzYWN1anpyWDl5TTNZcEloMnZqODJ0NHpPNjIrNFFJREFRQUJBb0lDQUNPNnZpc1BIY3pzb1NjK2dkWkU1dGNNCnZkc240UDFIenVRd0VzRUcrVG1zanVWMVBZbExrbkE4OU1DQmdDejEyOFpMcU51ZlUwSDkxK1Uzbjd2MGJ1bVAKd3BpR2R4UUNOMlpZaGZ2RWE5YW1qMTNZYjBJbks3b0FKbUdrT254NW91UFl6YlBRblBNRE9WK0VKa2JwTWRxZgptOHdmOWg2OXYzSk03bUZJS0UrOVVZR252UjhuMkhETTNwR3FONEhQS1A4MkE0RXlvQ2d2a1BTelRxc052bU5ICnBOY0RURW5rNlNsWUhUVDNOSzJjVnBldUhMUzUrazlqNWI5elhUSlE5TkpVZlN6bnEvUmFpMUZVNDY1K0xpUjEKMGVPWDdnajFWUExOcGgwcWtQQy9ubW0vZStVMmZXUGZZb2FDcWkrQ0VwU2twQXlQZ1FZZTJsSG0rYVU4MzZ2UQpuaHZuL0p5ZHJDL1NyTUFZaXpOZFYyZjlHTkNwcE1SbUZyOS9saVJiNEFpSzRLSDRETGdSRUxHaDJLNzJuOFRLCkxUSVhIV3RacisyMWU4c0Mxbm5MSENnK21wMHBvSWJsbEtoYk9VTmVxR09yWm95NFBXdDZMQndFYzN0MG1wVEMKODhiSUpqMzFCQngzTGE1SUE5b0FNRi9lbHJYdFhhVnl4bm5yTHdjYzFNVWpCV20rZDVqbC9WOEdIcEJRd3pXYwpPNWdNSXlQNUIvdzBacUcyZjV1akZkOHo4dElmcEFRRTJSbDNxRUFYNU1NY1JQaFlTNDJqTWl4czc3TmtOVldQCkpqUVoxVDVXQTVKOUxEL2FKRkplQ2MvbjhpNldOQ3FzdEQ5OVNPTCsrTTBFQTlka2lLNWtOcXFZeXZuRG9SZVcKSW84eXhvVnpObURsWjBkSU9UUzlBb0lCQVFEb2tvMWxPS05FNlBWWmRRU3lmS0JOTEZNcEl1V1VVZmp0ODU4awpJTTB0TnNyS0d2N3NmYkt0dlMvOWgwMGluU2FyWTJ4amVETG91WEI5VzdKY1B1NjRoNHYwek1lbXRhdDRyTUJnClA5bkQ3MW00dERqS2ZrZDAza2tUbk4ySTBxYkwzeFVoTjNEQlJZTU9veDFMa2M4MFFFMHhSUEM1YmRJaXcwemEKTWdtK1dOZVY1VEZoSkpQZ2dVRVo5U1A2aWV1VEY0OW9wRGNWdGUwQ0I0WnFUaTRWb3YvZFVDWGpNK0djRnNWdgpPWTZYTE9KTmRldHdnUVNkd1hlSzB1WlBpWnVKTGlsTEg4OFVKYWNoQThDZW1SclMxRUtxWElwK2dkQWV4MnhVCmY5amRMMGF2SlJEY0xqWlhETXBvWlJpc0JoWVArZzY3VHZza3FscDh4M2p2STlWVkFvSUJBUURkajZrdWNLM0MKYXprMzlqYllvM3RFZ0R5L2VGNnBjWFlpK21Ba1ZNRk9vSWJ5cmNyN3BqSnRMNFMyMEFDRmpBUGFQT042dWVVWQpQQm92dC9QODB1V1c5cGZCK29mRmdadzRqc3hLWFY4eEJmOVdLWVZndFBsOHhIL1RJcERTMjhVTlowNDlhUW4vCjlCRzNac0lyenk3RzFLRTZPLzBMMnVmMnFyaUxxRFQyV3dsdFVsbWs2Ym5NeThkR0sra1JLcFhvSm1RTlNHRHoKOXd4blU2ZmZ1NDdDLzRYMHRIVk1MVFVneFh4djdqN3BpSzI4dzBuZ1N5S3ozV0IzWTJwaFVsZEJIdEprQko1RQpoRm8zMXJCVDU5enhkb2crYXh1bkh4S3EySGFHRkt0ZUZ6RGpkTTFpQzE3bWNtWXBzR2tuenA0cjRjZm5FYTFSCko4Wmo5ZVFQaEVOZEFvSUJBUUN3d2hsbXNkb2MySFVJVFZDSm13QjJSdGJaYitWT2lkS0lmdDBYcHpwcFA3aDIKVEhndEl3ZDIxayt2LzNJWGVaclhMWlJHTVNkNEN1QTgxa0ZEckt6Z1lGeDFiR0hkQ1R2T1ZuVkxjWnUvTjUxWQpMTmp3eFhMbmxyMnhnMG8zMytuWERyQlBjNFJsejcvZ2t3WUQxa2pGckkwK2dlZjI5a2w4RkRUSHJMb05DaGFuCm5PNmZweDRneGZ2Rmo3T05pZDhhQnhEK2RiaEw3dDIzNmlJMWp6K2xRQ0g0Z1I2YWhHYldxOVBZU2NWZWprVmMKbTkrWnZPVFdSU0RteUkwMExDQ2k3UXVEUmlTcmFrYVFaL3F3VHlxOHk0ZnpWS3dKby8yYU52VFZiK2xSaWNuTgorWHpMNnU5dno0L1NNZXZEYWtqQVVjdDZmbmVQa1UxK2dsZ2VZSHlWQW9JQkFRRFJtYW0wVEZhbFdXaHMvNWtOClEwTkhINFhZb1JmMGRta0xXQStCNzBoY2lOS0JYRlp0ME9GZGw1bVdsSm9adk1hY1BBUDd3MGJ1c1ZVWWxZN1YKTy9LRTZVM1I3WjlxQWw1Mnh1aU81Vnc3ZFhBRDVBM1EyZ1EzdTNFdG5VS2lwOVA0QlNYb1JLbDRJVDV0WVdJSgpyZHVUciszQ3VLT0FCcHh4Snpxa3JBRkdtZ01HRCtUTWRXd1hTU1NBeHVPYklNMW1MSU4wYVdlSEJNMFFKdnptClZIb1BFVXA1b0FwamdWVUVacTk4K0VjK0NOWkxmL2d3bndQNllsQnpRWEtQRlNXRWJwTWNtWjNjTmRWZmc5T1YKM1FDUTBkQzhNL21hRlhSRWVibE95TmtCanpEcHpVTExJUFNyVDhoRVlpWm95VGVyVGRJZVVBUEZoYnBTTUhtTApFRlhsQW9JQkFRQ0VUdVJQRHZvMC9tdDhyTzhLNENsamtuU0gxZ1FBSjFha3U3UXg3NUJUTDB6OWRNY2lMK1JLCng1R1lFTW1wcUtNb2FPbWc0WFVRMVRlQ2Vic1R0NjMyWXp6cmNCU0d1RzVnN1o0UUVublUzRXU5QklIMUVSL2gKSEk0NWowU0xNRUpObkNiTkpnRVNRRUFCbzN3cHhrRTdiRGlNdTVPOXVqMlFRVTlTTm94QkFmbVFXRDJJaU1BRQpWYzV3QTNZajBMdElSYkJmdzNBTE9uNlRSc2xucy9JMnd2Z1RCQW9sU3NZbEtEK0NRY3hDZldlNmZwU21aYmlCClBGUE9DY1ZQTXhGeXBhZWFJMkRXNWRPNFNoNGQ0ZlZma2F3ck9LN1N2QnFZb0Y5L2VndThzQS9ZdklaRVltQUQKd0ZIOGs1QjJ4WXdiNkVmNmFFQ29ZTitsNWtlWmhNWTgKLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
<qnameminstrict/>
<queues/>
<quick>1</quick>
<quick>1</quick>
<quick>1</quick>
<quick>1</quick>
</range>
<range>
<reboot/>
<recipient>root@localhost.local</recipient>
<refid>6734d13fa9e4a</refid>
<refid>6734d6c82dc59</refid>
<regdhcp/>
<regdhcpdomain/>
<regdhcpstatic/>
<reminder/>
<remotes/>
<reservations/>
</revision>
<revision>
<rocommunity>public</rocommunity>
<route/>
</rrd>
<rrd>
<rrdbackup>-1</rrdbackup>
<rrsetcachesize/>
</rule>
</rule>
</rule>
</rule>
</rule>
</rule>
<rules/>
<rules/>
<rules/>
<rule uuid="0465308d-8605-466c-bcb4-95eeb989251a">
<rule uuid="2df05591-13e7-4d91-a1b8-d25e338ada5f">
<rule uuid="4a5e7b65-0d7f-4452-8a29-2ec61a47ec19">
<rule uuid="b21f808a-6a4a-4cd6-9a83-1660cc8ea58b">
<rule uuid="f2ee612c-c290-4445-8045-df82a86db0e5">
<rule uuid="f79eded0-3c11-4f57-9aaa-55d4888589fa">
<safesearch/>
<scope>system</scope>
<scope>system</scope>
<secondaryconsole>serial</secondaryconsole>
<sequence>system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show</sequence>
<serialspeed>115200</serialspeed>
<serveexpired/>
<serveexpiredclienttimeout/>
<serveexpiredreplyttl/>
<serveexpiredttl/>
<serveexpiredttlreset/>
</server>
<servers/>
<servers/>
<server version="1.0.0">
</service>
</service>
</service>
</service>
<service uuid="7513f341-7d21-4f11-903f-30d07b3aa41e">
<service uuid="c1e99556-91f5-4dbf-81d7-7915a3213de9">
<service uuid="dca8a81f-d389-4baa-b477-8b348194fd25">
<service uuid="f99ada79-ba1a-4ee1-81f1-ef570e8e5ea9">
<snatrules/>
</snmpd>
<snmpd>
</source>
</source>
</source>
</source>
</source>
</source>
<source>
<source>
<source>
<source>
<source>
<source>
<SPDs/>
<spoofmac/>
</ssh>
<ssh>
<ssl>0</ssl>
<ssl-certref>6734d6c82dc59</ssl-certref>
<ssl-ciphers/>
<sslverify>1</sslverify>
<sslversion>auto</sslversion>
<start/>
<start/>
<start/>
<start/>
<startdelay>120</startdelay>
<starttimeout>30</starttimeout>
<starttimeout>30</starttimeout>
<starttimeout>30</starttimeout>
<starttimeout>30</starttimeout>
<statefile/>
<statetype>keep state</statetype>
<statetype>keep state</statetype>
<statetype>keep state</statetype>
<statetype>keep state</statetype>
<StaticKeys/>
</staticmap>
<staticmap>
</staticroutes>
<staticroutes version="1.0.0">
<stats/>
<stop/>
<stop/>
<stop/>
<stop/>
<subnet>24</subnet>
<subnet>8</subnet>
<subnets/>
<subnetv6>128</subnetv6>
<subnetv6>64</subnetv6>
<subscription/>
</Swanctl>
<Swanctl version="1.0.0">
<synchronizetoip/>
<syncitems/>
<syscontact/>
</sysctl>
<sysctl>
<syslocation/>
<syslog/>
</Syslog>
<syslog>0</syslog>
<syslog_eve>0</syslog_eve>
<Syslog version="1.0.2">
</system>
<system>
<targets/>
<templates/>
<templates/>
</test>
</test>
</test>
</test>
</test>
</test>
</test>
</test>
</test>
</test>
</test>
<tests>865105a2-cbea-4a01-9979-c67818da9d99</tests>
<tests>91b4e409-211b-49d5-9fa3-dc9054106646,cbe9cb72-e8c2-4740-990c-abcc486b0654,c0708923-88de-4178-abdd-819737440ce0,e887125d-c5d2-45e6-b40d-2c400d5449d1</tests>
<tests>cc3684f2-701e-4de4-883d-803e08cf47b6</tests>
<tests>f2d734cb-2a0e-4375-9460-11bdd5b20503</tests>
<test uuid="16186b38-0e13-4cc3-ad18-ccc3fcc91837">
<test uuid="69117d4d-8c41-4712-97c0-87b4fa7c9837">
<test uuid="865105a2-cbea-4a01-9979-c67818da9d99">
<test uuid="91b4e409-211b-49d5-9fa3-dc9054106646">
<test uuid="c0708923-88de-4178-abdd-819737440ce0">
<test uuid="c34aab30-9194-4667-b516-004b9c90c1c0">
<test uuid="cbe9cb72-e8c2-4740-990c-abcc486b0654">
<test uuid="cc3684f2-701e-4de4-883d-803e08cf47b6">
<test uuid="e887125d-c5d2-45e6-b40d-2c400d5449d1">
<test uuid="ea6b821c-4f30-455b-bd5b-23a6f0c20554">
<test uuid="f2d734cb-2a0e-4375-9460-11bdd5b20503">
<theme>opnsense</theme>
<this_server_name/>
<time>1731518072.7612</time>
<time>1731518072.7612</time>
<time>1731518084.0639</time>
<time>1731518084.0639</time>
<time>1731518114.2801</time>
<time>1731518114.2801</time>
<time>1731518311.7033</time>
<time>1731518356.7559</time>
<time>1731534516.7156</time>
<timeout>300</timeout>
<timeout>300</timeout>
<timeout>300</timeout>
<timeout>300</timeout>
<time_period/>
<timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
<timezone>Etc/UTC</timezone>
<to>10.100.8.245</to>
<toclient_groups/>
<toserver_groups/>
<track6-interface>wan</track6-interface>
<track6-prefix-id>0</track6-prefix-id>
</TrafficShaper>
<TrafficShaper version="1.0.3">
<tunable>hw.ibrs_disable</tunable>
<tunable>hw.syscons.kbd_reboot</tunable>
<tunable>kern.ipc.maxsockbuf</tunable>
<tunable>kern.randompid</tunable>
<tunable>net.inet6.ip6.prefer_tempaddr</tunable>
<tunable>net.inet6.ip6.redirect</tunable>
<tunable>net.inet6.ip6.use_tempaddr</tunable>
<tunable>net.inet.icmp.icmplim</tunable>
<tunable>net.inet.icmp.log_redirect</tunable>
<tunable>net.inet.ip.accept_sourceroute</tunable>
<tunable>net.inet.ip.portrange.first</tunable>
<tunable>net.inet.ip.random_id</tunable>
<tunable>net.inet.ip.redirect</tunable>
<tunable>net.inet.ip.sourceroute</tunable>
<tunable>net.inet.tcp.blackhole</tunable>
<tunable>net.inet.tcp.delayed_ack</tunable>
<tunable>net.inet.tcp.drop_synfin</tunable>
<tunable>net.inet.tcp.log_debug</tunable>
<tunable>net.inet.tcp.recvspace</tunable>
<tunable>net.inet.tcp.sendspace</tunable>
<tunable>net.inet.tcp.syncookies</tunable>
<tunable>net.inet.tcp.tso</tunable>
<tunable>net.inet.udp.blackhole</tunable>
<tunable>net.inet.udp.checksum</tunable>
<tunable>net.inet.udp.maxdgram</tunable>
<tunable>net.link.bridge.pfil_bridge</tunable>
<tunable>net.link.bridge.pfil_local_phys</tunable>
<tunable>net.link.bridge.pfil_member</tunable>
<tunable>net.link.bridge.pfil_onlyip</tunable>
<tunable>net.link.tap.user_open</tunable>
<tunable>net.local.dgram.maxdgram</tunable>
<tunable>security.bsd.see_other_gids</tunable>
<tunable>security.bsd.see_other_uids</tunable>
<tunable>vfs.read_max</tunable>
<tunable>vm.pmap.pti</tunable>
<txtsupport/>
<type/>
<type/>
<type>custom</type>
<type>custom</type>
<type>filesystem</type>
<type>NetworkInterface</type>
<type>NetworkInterface</type>
<type>NetworkPing</type>
<type>none</type>
<type>pass</type>
<type>pass</type>
<type>pass</type>
<type>pass</type>
<type>pass</type>
<type>pass</type>
<type>ProgramStatus</type>
<type>ProgramStatus</type>
<type>SpaceUsage</type>
<type>SystemResource</type>
<type>SystemResource</type>
<type>SystemResource</type>
<type>SystemResource</type>
<type>SystemResource</type>
<type>system</type>
<uid>0</uid>
</unboundplus>
<unboundplus version="1.0.9">
<unwantedreplythreshold/>
<UpdateCron/>
</updated>
</updated>
</updated>
</updated>
<updated>
<updated>
<updated>
<updated>
up your logs consuming your whole hard drive.</descr>
<url/>
</user>
<user>
<userDefinedRules/>
<username/>
<username/>
<username>root@192.168.5.204</username>
<username>root@192.168.5.204</username>
<username>root@192.168.5.204</username>
<username>root@192.168.5.204</username>
<username>root@192.168.5.204</username>
<username>root@192.168.5.204</username>
<username>root@192.168.5.204</username>
<username>root@192.168.5.204</username>
<username>root@192.168.5.204</username>
<usevirtualterminal>1</usevirtualterminal>
<valid_lifetime>4000</valid_lifetime>
<valloglevel>0</valloglevel>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<value>default</value>
<verbosity/>
<version>v9</version>
<vip/>
<virtual>1</virtual>
</virtualip>
<virtualip version="1.0.0">
<vlan/>
</vlans>
<vlans version="1.0.0">
<VTIs/>
<vxlans version="1.0.2"/>
</wan>
<wan>
</webgui>
<webgui>
<weight>1</weight>
<whitelists/>
</widgets>
<widgets>
<wildcards/>
<winsserver/>
</wireguard>
<wireguard>
</wireless>
<wireless>
<?xml version="1.0"?>
<zones/>