API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 12th, 2014
97
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 29.83 KB | None | 0 0
raw download clone embed print report
  1. <?xml version="1.0"?>
  2. <pfsense>
  3. <version>9.8</version>
  4. <lastchange/>
  5. <theme>pfsense_ng</theme>
  6. <sysctl>
  7. <item>
  8. <descr><![CDATA[Disable the pf ftp proxy handler.]]></descr>
  9. <tunable>debug.pfftpproxy</tunable>
  10. <value>default</value>
  11. </item>
  12. <item>
  13. <descr><![CDATA[Increase UFS read-ahead speeds to match current state of hard drives and NCQ. More information here: http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html]]></descr>
  14. <tunable>vfs.read_max</tunable>
  15. <value>default</value>
  16. </item>
  17. <item>
  18. <descr><![CDATA[Set the ephemeral port range to be lower.]]></descr>
  19. <tunable>net.inet.ip.portrange.first</tunable>
  20. <value>default</value>
  21. </item>
  22. <item>
  23. <descr><![CDATA[Drop packets to closed TCP ports without returning a RST]]></descr>
  24. <tunable>net.inet.tcp.blackhole</tunable>
  25. <value>default</value>
  26. </item>
  27. <item>
  28. <descr><![CDATA[Do not send ICMP port unreachable messages for closed UDP ports]]></descr>
  29. <tunable>net.inet.udp.blackhole</tunable>
  30. <value>default</value>
  31. </item>
  32. <item>
  33. <descr><![CDATA[Randomize the ID field in IP packets (default is 0: sequential IP IDs)]]></descr>
  34. <tunable>net.inet.ip.random_id</tunable>
  35. <value>default</value>
  36. </item>
  37. <item>
  38. <descr><![CDATA[Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)]]></descr>
  39. <tunable>net.inet.tcp.drop_synfin</tunable>
  40. <value>default</value>
  41. </item>
  42. <item>
  43. <descr><![CDATA[Enable sending IPv4 redirects]]></descr>
  44. <tunable>net.inet.ip.redirect</tunable>
  45. <value>default</value>
  46. </item>
  47. <item>
  48. <descr><![CDATA[Enable sending IPv6 redirects]]></descr>
  49. <tunable>net.inet6.ip6.redirect</tunable>
  50. <value>default</value>
  51. </item>
  52. <item>
  53. <descr><![CDATA[Generate SYN cookies for outbound SYN-ACK packets]]></descr>
  54. <tunable>net.inet.tcp.syncookies</tunable>
  55. <value>default</value>
  56. </item>
  57. <item>
  58. <descr><![CDATA[Maximum incoming/outgoing TCP datagram size (receive)]]></descr>
  59. <tunable>net.inet.tcp.recvspace</tunable>
  60. <value>default</value>
  61. </item>
  62. <item>
  63. <descr><![CDATA[Maximum incoming/outgoing TCP datagram size (send)]]></descr>
  64. <tunable>net.inet.tcp.sendspace</tunable>
  65. <value>default</value>
  66. </item>
  67. <item>
  68. <descr><![CDATA[IP Fastforwarding]]></descr>
  69. <tunable>net.inet.ip.fastforwarding</tunable>
  70. <value>default</value>
  71. </item>
  72. <item>
  73. <descr><![CDATA[Do not delay ACK to try and piggyback it onto a data packet]]></descr>
  74. <tunable>net.inet.tcp.delayed_ack</tunable>
  75. <value>default</value>
  76. </item>
  77. <item>
  78. <descr><![CDATA[Maximum outgoing UDP datagram size]]></descr>
  79. <tunable>net.inet.udp.maxdgram</tunable>
  80. <value>default</value>
  81. </item>
  82. <item>
  83. <descr><![CDATA[Handling of non-IP packets which are not passed to pfil (see if_bridge(4))]]></descr>
  84. <tunable>net.link.bridge.pfil_onlyip</tunable>
  85. <value>default</value>
  86. </item>
  87. <item>
  88. <descr><![CDATA[Set to 0 to disable filtering on the incoming and outgoing member interfaces.]]></descr>
  89. <tunable>net.link.bridge.pfil_member</tunable>
  90. <value>default</value>
  91. </item>
  92. <item>
  93. <descr><![CDATA[Set to 1 to enable filtering on the bridge interface]]></descr>
  94. <tunable>net.link.bridge.pfil_bridge</tunable>
  95. <value>default</value>
  96. </item>
  97. <item>
  98. <descr><![CDATA[Allow unprivileged access to tap(4) device nodes]]></descr>
  99. <tunable>net.link.tap.user_open</tunable>
  100. <value>default</value>
  101. </item>
  102. <item>
  103. <descr><![CDATA[Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())]]></descr>
  104. <tunable>kern.randompid</tunable>
  105. <value>default</value>
  106. </item>
  107. <item>
  108. <descr><![CDATA[Maximum size of the IP input queue]]></descr>
  109. <tunable>net.inet.ip.intr_queue_maxlen</tunable>
  110. <value>default</value>
  111. </item>
  112. <item>
  113. <descr><![CDATA[Disable CTRL+ALT+Delete reboot from keyboard.]]></descr>
  114. <tunable>hw.syscons.kbd_reboot</tunable>
  115. <value>default</value>
  116. </item>
  117. <item>
  118. <descr><![CDATA[Enable TCP Inflight mode]]></descr>
  119. <tunable>net.inet.tcp.inflight.enable</tunable>
  120. <value>default</value>
  121. </item>
  122. <item>
  123. <descr><![CDATA[Enable TCP extended debugging]]></descr>
  124. <tunable>net.inet.tcp.log_debug</tunable>
  125. <value>default</value>
  126. </item>
  127. <item>
  128. <descr><![CDATA[Set ICMP Limits]]></descr>
  129. <tunable>net.inet.icmp.icmplim</tunable>
  130. <value>default</value>
  131. </item>
  132. <item>
  133. <descr><![CDATA[TCP Offload Engine]]></descr>
  134. <tunable>net.inet.tcp.tso</tunable>
  135. <value>default</value>
  136. </item>
  137. <item>
  138. <descr><![CDATA[Maximum socket buffer size]]></descr>
  139. <tunable>kern.ipc.maxsockbuf</tunable>
  140. <value>default</value>
  141. </item>
  142. </sysctl>
  143. <system>
  144. <optimization>normal</optimization>
  145. <hostname>****</hostname>
  146. <domain>****.lan</domain>
  147. <group>
  148. <name>all</name>
  149. <description><![CDATA[All Users]]></description>
  150. <scope>system</scope>
  151. <gid>1998</gid>
  152. </group>
  153. <group>
  154. <name>****</name>
  155. <description><![CDATA[System Administrators]]></description>
  156. <scope>system</scope>
  157. <gid>1999</gid>
  158. <member>0</member>
  159. <priv>page-all</priv>
  160. </group>
  161. <user>
  162. <name>****</name>
  163. <descr><![CDATA[System Administrator]]></descr>
  164. <scope>system</scope>
  165. <groupname>****</groupname>
  166. <password>****</password>
  167. <uid>0</uid>
  168. <priv>user-shell-access</priv>
  169. <md5-hash>****</md5-hash>
  170. <nt-hash>****</nt-hash>
  171. <expires/>
  172. <authorizedkeys>****</authorizedkeys>
  173. <ipsecpsk/>
  174. </user>
  175. <nextuid>2000</nextuid>
  176. <nextgid>2000</nextgid>
  177. <timezone>CST6CDT</timezone>
  178. <time-update-interval/>
  179. <timeservers>****</timeservers>
  180. <webgui>
  181. <protocol>https</protocol>
  182. <ssl-certref>****</ssl-certref>
  183. <port>443</port>
  184. <max_procs>2</max_procs>
  185. <nohttpreferercheck/>
  186. <althostnames>****</althostnames>
  187. <disablehttpredirect/>
  188. </webgui>
  189. <disablenatreflection>yes</disablenatreflection>
  190. <disablesegmentationoffloading/>
  191. <disablelargereceiveoffloading/>
  192. <enablesshd>enabled</enablesshd>
  193. <dns1gwint>none</dns1gwint>
  194. <dns2gwint>none</dns2gwint>
  195. <dns3gwint>none</dns3gwint>
  196. <dns4gwint>none</dns4gwint>
  197. <ssh>
  198. <sshdkeyonly>enabled</sshdkeyonly>
  199. <port>22</port>
  200. </ssh>
  201. <sshdkeyonly/>
  202. <kill_states/>
  203. <language>en_US</language>
  204. <dns1gw>none</dns1gw>
  205. <dns2gw>none</dns2gw>
  206. <dns3gw>none</dns3gw>
  207. <dns4gw>none</dns4gw>
  208. <dnsserver>****</dnsserver>
  209. </system>
  210. <interfaces>
  211. <wan>
  212. <enable/>
  213. <if>dc0</if>
  214. <descr><![CDATA[WAN]]></descr>
  215. <spoofmac/>
  216. <alias-address/>
  217. <alias-subnet>32</alias-subnet>
  218. <ipaddr>****</ipaddr>
  219. <subnet>24</subnet>
  220. <gateway>****</gateway>
  221. </wan>
  222. <lan>
  223. <enable/>
  224. <if>nfe0</if>
  225. <ipaddr>****</ipaddr>
  226. <subnet>24</subnet>
  227. <media/>
  228. <mediaopt/>
  229. <descr><![CDATA[LAN]]></descr>
  230. </lan>
  231. <opt1>
  232. <descr><![CDATA[DMZ]]></descr>
  233. <if>sk0_vlan1</if>
  234. <enable/>
  235. <spoofmac/>
  236. <ipaddr>10.1.1.1</ipaddr>
  237. <subnet>24</subnet>
  238. </opt1>
  239. <opt2>
  240. <descr><![CDATA[Lab]]></descr>
  241. <if>sk0_vlan2</if>
  242. <enable/>
  243. <ipaddr>10.2.2.1</ipaddr>
  244. <subnet>24</subnet>
  245. <spoofmac/>
  246. </opt2>
  247. </interfaces>
  248. <staticroutes/>
  249. <dhcpd>
  250. <lan>
  251. <range>
  252. <from>****</from>
  253. <to>****</to>
  254. </range>
  255. <defaultleasetime/>
  256. <maxleasetime/>
  257. <netmask/>
  258. <failover_peerip/>
  259. <gateway/>
  260. <domain/>
  261. <domainsearchlist></domainsearchlist>
  262. <ddnsdomain/>
  263. <tftp/>
  264. <ldap/>
  265. <next-server/>
  266. <filename/>
  267. <rootpath/>
  268. <numberoptions/>
  269. <dnsserver></dnsserver>
  270. </lan>
  271. </dhcpd>
  272. <pptpd>
  273. <mode/>
  274. <redir/>
  275. <localip/>
  276. <remoteip/>
  277. </pptpd>
  278. <dnsmasq>
  279. <custom_options/>
  280. </dnsmasq>
  281. <snmpd>
  282. <syslocation/>
  283. <syscontact/>
  284. <rocommunity>public</rocommunity>
  285. </snmpd>
  286. <diag>
  287. <ipv6nat>
  288. <ipaddr/>
  289. </ipv6nat>
  290. </diag>
  291. <bridge/>
  292. <syslog>
  293. <nentries>50</nentries>
  294. <remoteserver>****</remoteserver>
  295. <remoteserver2/>
  296. <remoteserver3/>
  297. <enable/>
  298. </syslog>
  299. <nat>
  300. <ipsecpassthru>
  301. <enable/>
  302. </ipsecpassthru>
  303. <advancedoutbound>
  304. <rule>
  305. <source>
  306. <network>****</network>
  307. </source>
  308. <dstport>500</dstport>
  309. <descr><![CDATA[Auto created rule for ISAKMP - LAN to WAN]]></descr>
  310. <target/>
  311. <interface>wan</interface>
  312. <destination>
  313. <any/>
  314. </destination>
  315. <staticnatport/>
  316. </rule>
  317. <rule>
  318. <source>
  319. <network>****</network>
  320. </source>
  321. <sourceport/>
  322. <descr><![CDATA[Auto created rule for LAN to WAN]]></descr>
  323. <target/>
  324. <targetip/>
  325. <targetip_subnet>0</targetip_subnet>
  326. <interface>wan</interface>
  327. <poolopts/>
  328. <staticnatport/>
  329. <destination>
  330. <any/>
  331. </destination>
  332. </rule>
  333. <rule>
  334. <source>
  335. <network>10.1.1.0/24</network>
  336. </source>
  337. <sourceport/>
  338. <descr><![CDATA[DMZ Core Hide NAT]]></descr>
  339. <target/>
  340. <targetip/>
  341. <targetip_subnet>0</targetip_subnet>
  342. <interface>wan</interface>
  343. <poolopts/>
  344. <staticnatport/>
  345. <destination>
  346. <any/>
  347. </destination>
  348. <created>
  349. <time>1388448511</time>
  350. <username>****</username>
  351. </created>
  352. <updated>
  353. <time>1389385970</time>
  354. <username>****</username>
  355. </updated>
  356. </rule>
  357. <rule>
  358. <source>
  359. <network>****</network>
  360. </source>
  361. <sourceport/>
  362. <descr><![CDATA[Lab 30 Hide NAT]]></descr>
  363. <target/>
  364. <targetip/>
  365. <targetip_subnet>0</targetip_subnet>
  366. <interface>wan</interface>
  367. <poolopts/>
  368. <staticnatport/>
  369. <destination>
  370. <any/>
  371. </destination>
  372. <updated>
  373. <time>1389385989</time>
  374. <username>****</username>
  375. </updated>
  376. <created>
  377. <time>1389385989</time>
  378. <username>****</username>
  379. </created>
  380. </rule>
  381. <rule>
  382. <source>
  383. <network>127.0.0.0/8</network>
  384. </source>
  385. <dstport/>
  386. <descr><![CDATA[Auto created rule for localhost to WAN]]></descr>
  387. <target/>
  388. <interface>wan</interface>
  389. <destination>
  390. <any/>
  391. </destination>
  392. <natport>****</natport>
  393. </rule>
  394. <enable/>
  395. </advancedoutbound>
  396. <rule>
  397. <source>
  398. <any/>
  399. </source>
  400. <destination>
  401. <network>wanip</network>
  402. <port>****</port>
  403. </destination>
  404. <protocol>tcp</protocol>
  405. <target>****</target>
  406. <local-port>****</local-port>
  407. <interface>wan</interface>
  408. <descr><![CDATA[****]]></descr>
  409. <associated-rule-id>nat_51f801adb55361.70017646</associated-rule-id>
  410. </rule>
  411. <rule>
  412. <source>
  413. <any/>
  414. </source>
  415. <destination>
  416. <network>wanip</network>
  417. <port>****</port>
  418. </destination>
  419. <protocol>tcp</protocol>
  420. <target>****</target>
  421. <local-port>****</local-port>
  422. <interface>wan</interface>
  423. <descr><![CDATA[****]]></descr>
  424. <associated-rule-id>nat_51faabf192da14.73966956</associated-rule-id>
  425. </rule>
  426. <rule>
  427. <source>
  428. <any/>
  429. </source>
  430. <destination>
  431. <network>wanip</network>
  432. <port>****</port>
  433. </destination>
  434. <protocol>tcp</protocol>
  435. <target>****</target>
  436. <local-port/>
  437. <interface>wan</interface>
  438. <descr><![CDATA[****]]></descr>
  439. <associated-rule-id>nat_5220d2282da166.18595791</associated-rule-id>
  440. </rule>
  441. <rule>
  442. <source>
  443. <any/>
  444. </source>
  445. <destination>
  446. <network>wanip</network>
  447. <port>****</port>
  448. </destination>
  449. <protocol>tcp/udp</protocol>
  450. <target>****</target>
  451. <local-port/>
  452. <interface>wan</interface>
  453. <descr><![CDATA[****]]></descr>
  454. <associated-rule-id>nat_5220d255b5b665.36759894</associated-rule-id>
  455. </rule>
  456. <rule>
  457. <source>
  458. <any/>
  459. </source>
  460. <destination>
  461. <network>wanip</network>
  462. <port>****</port>
  463. </destination>
  464. <protocol>udp</protocol>
  465. <target>****</target>
  466. <local-port/>
  467. <interface>wan</interface>
  468. <descr><![CDATA[****]]></descr>
  469. <associated-rule-id/>
  470. </rule>
  471. <rule>
  472. <source>
  473. <any/>
  474. </source>
  475. <destination>
  476. <network>wanip</network>
  477. <port>****</port>
  478. </destination>
  479. <protocol>tcp</protocol>
  480. <target>****</target>
  481. <local-port/>
  482. <interface>wan</interface>
  483. <descr><![CDATA[****]]></descr>
  484. <associated-rule-id/>
  485. </rule>
  486. <rule>
  487. <source>
  488. <any/>
  489. </source>
  490. <destination>
  491. <network>wanip</network>
  492. <port>****</port>
  493. </destination>
  494. <protocol>tcp</protocol>
  495. <target>****</target>
  496. <local-port/>
  497. <interface>wan</interface>
  498. <descr><![CDATA[****]]></descr>
  499. <associated-rule-id/>
  500. </rule>
  501. <rule>
  502. <source>
  503. <any/>
  504. </source>
  505. <destination>
  506. <network>wanip</network>
  507. <port>****</port>
  508. </destination>
  509. <protocol>tcp</protocol>
  510. <target>****</target>
  511. <local-port/>
  512. <interface>wan</interface>
  513. <descr><![CDATA[****]]></descr>
  514. <associated-rule-id/>
  515. </rule>
  516. <rule>
  517. <source>
  518. <any/>
  519. </source>
  520. <destination>
  521. <network>wanip</network>
  522. <port>****</port>
  523. </destination>
  524. <protocol>udp</protocol>
  525. <target>****</target>
  526. <local-port/>
  527. <interface>wan</interface>
  528. <descr><![CDATA[****]]></descr>
  529. <associated-rule-id/>
  530. </rule>
  531. <rule>
  532. <source>
  533. <any/>
  534. </source>
  535. <destination>
  536. <network>wanip</network>
  537. <port>****</port>
  538. </destination>
  539. <protocol>udp</protocol>
  540. <target>****</target>
  541. <local-port/>
  542. <interface>wan</interface>
  543. <descr><![CDATA[****]]></descr>
  544. <associated-rule-id/>
  545. </rule>
  546. <rule>
  547. <source>
  548. <any/>
  549. </source>
  550. <destination>
  551. <network>wanip</network>
  552. <port>****</port>
  553. </destination>
  554. <protocol>udp</protocol>
  555. <target>****</target>
  556. <local-port/>
  557. <interface>wan</interface>
  558. <descr><![CDATA[****]]></descr>
  559. <associated-rule-id/>
  560. </rule>
  561. </nat>
  562. <filter>
  563. <rule>
  564. <id/>
  565. <type>block</type>
  566. <interface>wan</interface>
  567. <tag/>
  568. <tagged/>
  569. <max/>
  570. <max-src-nodes/>
  571. <max-src-conn/>
  572. <max-src-states/>
  573. <statetimeout/>
  574. <statetype>keep state</statetype>
  575. <os/>
  576. <source>
  577. <address>169.254.1.0/24</address>
  578. </source>
  579. <destination>
  580. <any/>
  581. </destination>
  582. <descr><![CDATA[****]]></descr>
  583. </rule>
  584. <rule>
  585. <id/>
  586. <type>pass</type>
  587. <interface>wan</interface>
  588. <tag/>
  589. <tagged/>
  590. <max/>
  591. <max-src-nodes/>
  592. <max-src-conn/>
  593. <max-src-states/>
  594. <statetimeout/>
  595. <statetype>keep state</statetype>
  596. <os/>
  597. <protocol>tcp</protocol>
  598. <source>
  599. <any/>
  600. </source>
  601. <destination>
  602. <address>****</address>
  603. <port/>
  604. </destination>
  605. <log/>
  606. <descr><![CDATA[****]]></descr>
  607. <associated-rule-id>nat_5220d2282da166.18595791</associated-rule-id>
  608. </rule>
  609. <rule>
  610. <id/>
  611. <type>pass</type>
  612. <interface>wan</interface>
  613. <tag/>
  614. <tagged/>
  615. <max/>
  616. <max-src-nodes/>
  617. <max-src-conn/>
  618. <max-src-states/>
  619. <statetimeout/>
  620. <statetype>keep state</statetype>
  621. <os/>
  622. <protocol>tcp/udp</protocol>
  623. <source>
  624. <any/>
  625. </source>
  626. <destination>
  627. <address>****</address>
  628. <port>-100</port>
  629. </destination>
  630. <log/>
  631. <descr><![CDATA[****]]></descr>
  632. <associated-rule-id>nat_5220d255b5b665.36759894</associated-rule-id>
  633. </rule>
  634. <rule>
  635. <id/>
  636. <type>pass</type>
  637. <interface>wan</interface>
  638. <tag/>
  639. <tagged/>
  640. <max/>
  641. <max-src-nodes/>
  642. <max-src-conn/>
  643. <max-src-states/>
  644. <statetimeout/>
  645. <statetype>keep state</statetype>
  646. <os/>
  647. <protocol>tcp</protocol>
  648. <source>
  649. <any/>
  650. </source>
  651. <destination>
  652. <address>****</address>
  653. <port>3389</port>
  654. </destination>
  655. <log/>
  656. <descr><![CDATA[****]]></descr>
  657. <associated-rule-id>nat_51f801adb55361.70017646</associated-rule-id>
  658. </rule>
  659. <rule>
  660. <id/>
  661. <type>pass</type>
  662. <interface>wan</interface>
  663. <tag/>
  664. <tagged/>
  665. <max/>
  666. <max-src-nodes/>
  667. <max-src-conn/>
  668. <max-src-states/>
  669. <statetimeout/>
  670. <statetype>keep state</statetype>
  671. <os/>
  672. <protocol>tcp</protocol>
  673. <source>
  674. <any/>
  675. </source>
  676. <destination>
  677. <address>****</address>
  678. <port>****</port>
  679. </destination>
  680. <log/>
  681. <descr><![CDATA[****]]></descr>
  682. <associated-rule-id>nat_51faabf192da14.73966956</associated-rule-id>
  683. </rule>
  684. <rule>
  685. <id/>
  686. <type>pass</type>
  687. <interface>wan</interface>
  688. <tag/>
  689. <tagged/>
  690. <max/>
  691. <max-src-nodes/>
  692. <max-src-conn/>
  693. <max-src-states/>
  694. <statetimeout/>
  695. <statetype>keep state</statetype>
  696. <os/>
  697. <protocol>tcp</protocol>
  698. <source>
  699. <any/>
  700. </source>
  701. <destination>
  702. <network>wanip</network>
  703. <port>****</port>
  704. </destination>
  705. <log/>
  706. <descr><![CDATA[Web UI Access]]></descr>
  707. </rule>
  708. <rule>
  709. <id/>
  710. <type>pass</type>
  711. <interface>wan</interface>
  712. <tag/>
  713. <tagged/>
  714. <max/>
  715. <max-src-nodes/>
  716. <max-src-conn/>
  717. <max-src-states/>
  718. <statetimeout/>
  719. <statetype>keep state</statetype>
  720. <os/>
  721. <protocol>tcp</protocol>
  722. <source>
  723. <any/>
  724. </source>
  725. <destination>
  726. <network>wanip</network>
  727. <port>****</port>
  728. </destination>
  729. <log/>
  730. <descr><![CDATA[****]]></descr>
  731. </rule>
  732. <rule>
  733. <id/>
  734. <type>pass</type>
  735. <interface>wan</interface>
  736. <tag/>
  737. <tagged/>
  738. <max/>
  739. <max-src-nodes/>
  740. <max-src-conn/>
  741. <max-src-states/>
  742. <statetimeout/>
  743. <statetype>keep state</statetype>
  744. <os/>
  745. <source>
  746. <any/>
  747. </source>
  748. <destination>
  749. <address>****</address>
  750. </destination>
  751. <descr><![CDATA[****]]></descr>
  752. </rule>
  753. <rule>
  754. <id/>
  755. <type>block</type>
  756. <interface>wan</interface>
  757. <tag/>
  758. <tagged/>
  759. <max/>
  760. <max-src-nodes/>
  761. <max-src-conn/>
  762. <max-src-states/>
  763. <statetimeout/>
  764. <statetype>keep state</statetype>
  765. <os/>
  766. <source>
  767. <any/>
  768. </source>
  769. <destination>
  770. <any/>
  771. </destination>
  772. <descr><![CDATA[Clean Up]]></descr>
  773. </rule>
  774. <rule>
  775. <id/>
  776. <type>pass</type>
  777. <interface>lan</interface>
  778. <tag/>
  779. <tagged/>
  780. <max/>
  781. <max-src-nodes/>
  782. <max-src-conn/>
  783. <max-src-states/>
  784. <statetimeout/>
  785. <statetype>keep state</statetype>
  786. <os/>
  787. <source>
  788. <network>lan</network>
  789. </source>
  790. <destination>
  791. <any/>
  792. </destination>
  793. <log/>
  794. <descr><![CDATA[LAN -&gt; Any]]></descr>
  795. </rule>
  796. <rule>
  797. <id/>
  798. <type>pass</type>
  799. <interface>enc0</interface>
  800. <tag/>
  801. <tagged/>
  802. <max/>
  803. <max-src-nodes/>
  804. <max-src-conn/>
  805. <max-src-states/>
  806. <statetimeout/>
  807. <statetype>keep state</statetype>
  808. <os/>
  809. <source>
  810. <network>lan</network>
  811. </source>
  812. <destination>
  813. <address>****</address>
  814. </destination>
  815. <log/>
  816. <descr><![CDATA[****]]></descr>
  817. </rule>
  818. <rule>
  819. <id/>
  820. <type>pass</type>
  821. <interface>opt1</interface>
  822. <ipprotocol>inet</ipprotocol>
  823. <tag/>
  824. <tagged/>
  825. <max/>
  826. <max-src-nodes/>
  827. <max-src-conn/>
  828. <max-src-states/>
  829. <statetimeout/>
  830. <statetype>keep state</statetype>
  831. <os/>
  832. <source>
  833. <network>opt1</network>
  834. </source>
  835. <destination>
  836. <any/>
  837. </destination>
  838. <log/>
  839. <descr><![CDATA[DMZ -&gt; Any]]></descr>
  840. <created>
  841. <time>1388276105</time>
  842. <username>****@****</username>
  843. </created>
  844. <updated>
  845. <time>1388448392</time>
  846. <username>****@****</username>
  847. </updated>
  848. </rule>
  849. <rule>
  850. <id/>
  851. <type>pass</type>
  852. <interface>opt2</interface>
  853. <ipprotocol>inet</ipprotocol>
  854. <tag/>
  855. <tagged/>
  856. <max/>
  857. <max-src-nodes/>
  858. <max-src-conn/>
  859. <max-src-states/>
  860. <statetimeout/>
  861. <statetype>keep state</statetype>
  862. <os/>
  863. <source>
  864. <network>opt2</network>
  865. </source>
  866. <destination>
  867. <any/>
  868. </destination>
  869. <descr><![CDATA[Lab -&gt; Any]]></descr>
  870. <updated>
  871. <time>1389508052</time>
  872. <username>****@****</username>
  873. </updated>
  874. <created>
  875. <time>1389508052</time>
  876. <username>****@****</username>
  877. </created>
  878. </rule>
  879. </filter>
  880. <shaper/>
  881. <ipsec>
  882. <preferoldsa/>
  883. <phase1>
  884. <ikeid>2</ikeid>
  885. <disabled/>
  886. <interface>wan</interface>
  887. <remote-gateway>****</remote-gateway>
  888. <mode>main</mode>
  889. <myid_type>dyn_dns</myid_type>
  890. <myid_data>****</myid_data>
  891. <peerid_type>peeraddress</peerid_type>
  892. <peerid_data/>
  893. <encryption-algorithm>
  894. <name>aes</name>
  895. <keylen>128</keylen>
  896. </encryption-algorithm>
  897. <hash-algorithm>md5</hash-algorithm>
  898. <dhgroup>2</dhgroup>
  899. <lifetime>28800</lifetime>
  900. <pre-shared-key>class</pre-shared-key>
  901. <private-key/>
  902. <certref/>
  903. <caref/>
  904. <authentication_method>pre_shared_key</authentication_method>
  905. <generate_policy/>
  906. <proposal_check/>
  907. <descr><![CDATA[****]]></descr>
  908. <nat_traversal>off</nat_traversal>
  909. </phase1>
  910. <client/>
  911. <phase2>
  912. <ikeid>2</ikeid>
  913. <mode>tunnel</mode>
  914. <localid>
  915. <type>network</type>
  916. <address>****</address>
  917. <netbits>24</netbits>
  918. </localid>
  919. <remoteid>
  920. <type>network</type>
  921. <address>****</address>
  922. <netbits>24</netbits>
  923. </remoteid>
  924. <protocol>esp</protocol>
  925. <encryption-algorithm-option>
  926. <name>aes</name>
  927. <keylen>128</keylen>
  928. </encryption-algorithm-option>
  929. <hash-algorithm-option>hmac_md5</hash-algorithm-option>
  930. <pfsgroup>0</pfsgroup>
  931. <lifetime>3600</lifetime>
  932. <pinghost/>
  933. <descr><![CDATA[****]]></descr>
  934. </phase2>
  935. </ipsec>
  936. <aliases>
  937. <alias>
  938. <name>****_TCP</name>
  939. <address>80 443 5223</address>
  940. <descr><![CDATA[****]]></descr>
  941. <type>port</type>
  942. <detail><![CDATA[Entry added Fri, 22 Nov 2013 14:40:14 -0600||Entry added Fri, 22 Nov 2013 14:40:14 -0600||Entry added Fri, 22 Nov 2013 14:40:14 -0600]]></detail>
  943. </alias>
  944. <alias>
  945. <name>****_UDP</name>
  946. <address>3478 3479 3658</address>
  947. <descr><![CDATA[****]]></descr>
  948. <type>port</type>
  949. <detail><![CDATA[Entry added Fri, 22 Nov 2013 14:41:12 -0600||Entry added Fri, 22 Nov 2013 14:41:12 -0600||Entry added Fri, 22 Nov 2013 14:41:12 -0600]]></detail>
  950. </alias>
  951. </aliases>
  952. <proxyarp/>
  953. <cron>
  954. <item>
  955. <minute>0</minute>
  956. <hour>*</hour>
  957. <mday>*</mday>
  958. <month>*</month>
  959. <wday>*</wday>
  960. <who>root</who>
  961. <command>/usr/bin/nice -n20 newsyslog</command>
  962. </item>
  963. <item>
  964. <minute>1,31</minute>
  965. <hour>0-5</hour>
  966. <mday>*</mday>
  967. <month>*</month>
  968. <wday>*</wday>
  969. <who>root</who>
  970. <command>/usr/bin/nice -n20 adjkerntz -a</command>
  971. </item>
  972. <item>
  973. <minute>1</minute>
  974. <hour>3</hour>
  975. <mday>1</mday>
  976. <month>*</month>
  977. <wday>*</wday>
  978. <who>root</who>
  979. <command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh</command>
  980. </item>
  981. <item>
  982. <minute>*/60</minute>
  983. <hour>*</hour>
  984. <mday>*</mday>
  985. <month>*</month>
  986. <wday>*</wday>
  987. <who>root</who>
  988. <command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout</command>
  989. </item>
  990. <item>
  991. <minute>1</minute>
  992. <hour>1</hour>
  993. <mday>*</mday>
  994. <month>*</month>
  995. <wday>*</wday>
  996. <who>root</who>
  997. <command>/usr/bin/nice -n20 /etc/rc.dyndns.update</command>
  998. </item>
  999. <item>
  1000. <minute>*/60</minute>
  1001. <hour>*</hour>
  1002. <mday>*</mday>
  1003. <month>*</month>
  1004. <wday>*</wday>
  1005. <who>root</who>
  1006. <command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot</command>
  1007. </item>
  1008. <item>
  1009. <minute>30</minute>
  1010. <hour>12</hour>
  1011. <mday>*</mday>
  1012. <month>*</month>
  1013. <wday>*</wday>
  1014. <who>root</who>
  1015. <command>/usr/bin/nice -n20 /etc/rc.update_urltables</command>
  1016. </item>
  1017. </cron>
  1018. <wol>
  1019. <wolentry>
  1020. <interface>lan</interface>
  1021. <mac>****</mac>
  1022. <descr><![CDATA[****]]></descr>
  1023. </wolentry>
  1024. <wolentry>
  1025. <interface>lan</interface>
  1026. <mac>****</mac>
  1027. <descr><![CDATA[****]]></descr>
  1028. </wolentry>
  1029. <wolentry>
  1030. <interface>lan</interface>
  1031. <mac>****</mac>
  1032. <descr><![CDATA[****]]></descr>
  1033. </wolentry>
  1034. <wolentry>
  1035. <interface>lan</interface>
  1036. <mac>****</mac>
  1037. <descr><![CDATA[****]]></descr>
  1038. </wolentry>
  1039. <wolentry>
  1040. <interface>lan</interface>
  1041. <mac>****</mac>
  1042. <descr><![CDATA[****]]></descr>
  1043. </wolentry>
  1044. <wolentry>
  1045. <interface>lan</interface>
  1046. <mac>****</mac>
  1047. <descr><![CDATA[********]]></descr>
  1048. </wolentry>
  1049. </wol>
  1050. <rrd>
  1051. <enable/>
  1052. </rrd>
  1053. <load_balancer>
  1054. <monitor_type>
  1055. <name>ICMP</name>
  1056. <type>icmp</type>
  1057. <descr><![CDATA[ICMP]]></descr>
  1058. <options/>
  1059. </monitor_type>
  1060. <monitor_type>
  1061. <name>TCP</name>
  1062. <type>tcp</type>
  1063. <descr><![CDATA[Generic TCP]]></descr>
  1064. <options/>
  1065. </monitor_type>
  1066. <monitor_type>
  1067. <name>HTTP</name>
  1068. <type>http</type>
  1069. <descr><![CDATA[Generic HTTP]]></descr>
  1070. <options>
  1071. <path>/</path>
  1072. <host/>
  1073. <code>200</code>
  1074. </options>
  1075. </monitor_type>
  1076. <monitor_type>
  1077. <name>HTTPS</name>
  1078. <type>https</type>
  1079. <descr><![CDATA[Generic HTTPS]]></descr>
  1080. <options>
  1081. <path>/</path>
  1082. <host/>
  1083. <code>200</code>
  1084. </options>
  1085. </monitor_type>
  1086. <monitor_type>
  1087. <name>SMTP</name>
  1088. <type>send</type>
  1089. <descr><![CDATA[Generic SMTP]]></descr>
  1090. <options>
  1091. <send>EHLO nosuchhost</send>
  1092. <expect>250-</expect>
  1093. </options>
  1094. </monitor_type>
  1095. </load_balancer>
  1096. <widgets>
  1097. <sequence>system_information-container:col1:show,traffic_graphs-container:col1:show,ipsec-container:col1:close,captive_portal_status-container:col1:close,carp_status-container:col1:close,cpu_graphs-container:col1:close,gateways-container:col1:close,gmirror_status-container:col1:close,installed_packages-container:col1:close,interface_statistics-container:col1:close,services_status-container:col2:show,load_balancer_status-container:col2:close,interfaces-container:col2:show,log-container:col2:show,picture-container:col2:close,rss-container:col2:close,openvpn-container:col2:none,wake_on_lan-container:col2:none</sequence>
  1098. <filterlogentries>15</filterlogentries>
  1099. <traffic_graphs-config>WAN_graph-config:show,LAN_graph-config:hide,refreshInterval=2</traffic_graphs-config>
  1100. <servicestatusfilter>apinger</servicestatusfilter>
  1101. </widgets>
  1102. <revision>
  1103. <time>1389513830</time>
  1104. <description><![CDATA[****@****: /interfaces.php made unknown change]]></description>
  1105. <username>****@****</username>
  1106. </revision>
  1107. <openvpn/>
  1108. <l7shaper>
  1109. <container/>
  1110. </l7shaper>
  1111. <dnshaper/>
  1112. <cert>
  1113. <refid>505f63ddefaf7</refid>
  1114. <descr><![CDATA[webConfigurator default]]></descr>
  1115. <crt>****</crt>
  1116. <prv>****</prv>
  1117. </cert>
  1118. <gateways>
  1119. <gateway_item>
  1120. <interface>wan</interface>
  1121. <gateway>****</gateway>
  1122. <name>****</name>
  1123. <weight>1</weight>
  1124. <interval/>
  1125. <descr/>
  1126. <monitor_disable/>
  1127. <defaultgw/>
  1128. <ipprotocol>inet</ipprotocol>
  1129. </gateway_item>
  1130. </gateways>
  1131. <ppps>
  1132. </ppps>
  1133. <dhcrelay>
  1134. <enable/>
  1135. <interface>opt1</interface>
  1136. <server>****</server>
  1137. </dhcrelay>
  1138. <dhcpdv6/>
  1139. <installedpackages>
  1140. <package>
  1141. <name>Quagga OSPF</name>
  1142. <descr><![CDATA[OSPF routing protocol using Quagga -- WARNING! Installs files to the same place as OpenOSPFD and OpenBGPD. Installing both will break things.]]></descr>
  1143. <maintainer>jimp@pfsense.org</maintainer>
  1144. <version>0.99.22.3 v0.6.1</version>
  1145. <category>Routing</category>
  1146. <status>BETA</status>
  1147. <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url>
  1148. <depends_on_package>quagga-0.99.22.3.tbz</depends_on_package>
  1149. <depends_on_package_pbi>quagga-0.99.22.3-amd64.pbi</depends_on_package_pbi>
  1150. <config_file>http://www.pfsense.com/packages/config/quagga_ospfd/quagga_ospfd.xml</config_file>
  1151. <build_port_path>/usr/ports/net/quagga</build_port_path>
  1152. <pkginfolink/>
  1153. <required_version>2.0</required_version>
  1154. <configurationfile>quagga_ospfd.xml</configurationfile>
  1155. </package>
  1156. <menu>
  1157. <name>Quagga OSPFd</name>
  1158. <tooltiptext>Modify Quagga ospfd settings.</tooltiptext>
  1159. <section>Services</section>
  1160. <configfile>quagga_ospfd.xml</configfile>
  1161. <url>/pkg_edit.php?xml=quagga_ospfd.xml&amp;id=0</url>
  1162. </menu>
  1163. <tab>
  1164. <text>Global Settings</text>
  1165. <url>pkg_edit.php?xml=quagga_ospfd.xml&amp;id=0</url>
  1166. <active/>
  1167. </tab>
  1168. <service>
  1169. <name>Quagga OSPFd</name>
  1170. <rcfile>quagga.sh</rcfile>
  1171. <executable>ospfd</executable>
  1172. <description><![CDATA[OSPF routing daemon]]></description>
  1173. </service>
  1174. <service>
  1175. <name>Quagga Zebra</name>
  1176. <rcfile>quagga.sh</rcfile>
  1177. <executable>zebra</executable>
  1178. <description><![CDATA[Quagga core/abstraction daemon]]></description>
  1179. </service>
  1180. <quaggaospfdinterfaces>
  1181. <config>
  1182. <interface>opt1</interface>
  1183. <metric/>
  1184. <interfacearea>0.0.0.0</interfacearea>
  1185. <descr/>
  1186. <passive/>
  1187. <acceptfilter/>
  1188. <md5password/>
  1189. <password/>
  1190. <routerpriorityelections/>
  1191. <hellointervalinseconds/>
  1192. <retransmitinterval/>
  1193. <deadtimer/>
  1194. </config>
  1195. <config>
  1196. <interface>opt2</interface>
  1197. <metric/>
  1198. <interfacearea>0.0.0.0</interfacearea>
  1199. <descr/>
  1200. <passive/>
  1201. <acceptfilter/>
  1202. <md5password/>
  1203. <password/>
  1204. <routerpriorityelections/>
  1205. <hellointervalinseconds/>
  1206. <retransmitinterval/>
  1207. <deadtimer/>
  1208. </config>
  1209. </quaggaospfdinterfaces>
  1210. <quaggaospfd>
  1211. <config>
  1212. <password>class</password>
  1213. <logging/>
  1214. <adjacencylog/>
  1215. <routerid>10.1.1.1</routerid>
  1216. <area>0.0.0.0</area>
  1217. <updatefib/>
  1218. <redistributeconnectedsubnets/>
  1219. <redistributedefaultroute>on</redistributedefaultroute>
  1220. <redistributestatic/>
  1221. <redistributekernel/>
  1222. <spfholdtime/>
  1223. <spfdelay/>
  1224. <rfc1583/>
  1225. <row>
  1226. <routevalue/>
  1227. <routearea/>
  1228. </row>
  1229. <carpstatusip/>
  1230. </config>
  1231. </quaggaospfd>
  1232. </installedpackages>
  1233. <vlans>
  1234. <vlan>
  1235. <if>sk0</if>
  1236. <tag>1</tag>
  1237. <descr><![CDATA[DMZ]]></descr>
  1238. <vlanif>sk0_vlan1</vlanif>
  1239. </vlan>
  1240. <vlan>
  1241. <if>sk0</if>
  1242. <tag>2</tag>
  1243. <descr><![CDATA[Lab]]></descr>
  1244. <vlanif>sk0_vlan2</vlanif>
  1245. </vlan>
  1246. </vlans>
  1247. </pfsense>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!