Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?xml version="1.0"?>
- <pfsense>
- <version>6.1</version>
- <lastchange/>
- <theme>pfsense_ng</theme>
- <sysctl>
- <item>
- <desc>Set the ephemeral port range to be lower.</desc>
- <tunable>net.inet.ip.portrange.first</tunable>
- <value>default</value>
- </item>
- <item>
- <desc>Drop packets to closed TCP ports without returning a RST</desc>
- <tunable>net.inet.tcp.blackhole</tunable>
- <value>default</value>
- </item>
- <item>
- <desc>Do not send ICMP port unreachable messages for closed UDP ports</desc>
- <tunable>net.inet.udp.blackhole</tunable>
- <value>default</value>
- </item>
- <item>
- <desc>Randomize the ID field in IP packets (default is 0: sequential IP IDs)</desc>
- <tunable>net.inet.ip.random_id</tunable>
- <value>default</value>
- </item>
- <item>
- <desc>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</desc>
- <tunable>net.inet.tcp.drop_synfin</tunable>
- <value>default</value>
- </item>
- <item>
- <desc>Enable sending IPv4 redirects</desc>
- <tunable>net.inet.ip.redirect</tunable>
- <value>default</value>
- </item>
- <item>
- <desc>Enable sending IPv6 redirects</desc>
- <tunable>net.inet6.ip6.redirect</tunable>
- <value>default</value>
- </item>
- <item>
- <desc>Generate SYN cookies for outbound SYN-ACK packets</desc>
- <tunable>net.inet.tcp.syncookies</tunable>
- <value>default</value>
- </item>
- <item>
- <desc>Maximum incoming/outgoing TCP datagram size (receive)</desc>
- <tunable>net.inet.tcp.recvspace</tunable>
- <value>default</value>
- </item>
- <item>
- <desc>Maximum incoming/outgoing TCP datagram size (send)</desc>
- <tunable>net.inet.tcp.sendspace</tunable>
- <value>default</value>
- </item>
- <item>
- <desc>IP Fastforwarding</desc>
- <tunable>net.inet.ip.fastforwarding</tunable>
- <value>default</value>
- </item>
- <item>
- <desc>Do not delay ACK to try and piggyback it onto a data packet</desc>
- <tunable>net.inet.tcp.delayed_ack</tunable>
- <value>default</value>
- </item>
- <item>
- <desc>Maximum outgoing UDP datagram size</desc>
- <tunable>net.inet.udp.maxdgram</tunable>
- <value>default</value>
- </item>
- <item>
- <desc>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</desc>
- <tunable>net.link.bridge.pfil_onlyip</tunable>
- <value>default</value>
- </item>
- <item>
- <desc>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</desc>
- <tunable>net.link.bridge.pfil_member</tunable>
- <value>default</value>
- </item>
- <item>
- <desc>Set to 1 to enable filtering on the bridge interface</desc>
- <tunable>net.link.bridge.pfil_bridge</tunable>
- <value>default</value>
- </item>
- <item>
- <desc>Allow unprivileged access to tap(4) device nodes</desc>
- <tunable>net.link.tap.user_open</tunable>
- <value>default</value>
- </item>
- <item>
- <desc>Verbosity of the rndtest driver (0: do not display results on console)</desc>
- <tunable>kern.rndtest.verbose</tunable>
- <value>default</value>
- </item>
- <item>
- <desc>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</desc>
- <tunable>kern.randompid</tunable>
- <value>default</value>
- </item>
- <item>
- <desc>Maximum size of the IP input queue</desc>
- <tunable>net.inet.ip.intr_queue_maxlen</tunable>
- <value>default</value>
- </item>
- <item>
- <desc>Disable CTRL+ALT+Delete reboot from keyboard.</desc>
- <tunable>hw.syscons.kbd_reboot</tunable>
- <value>default</value>
- </item>
- <item>
- <desc>Enable TCP Inflight mode</desc>
- <tunable>net.inet.tcp.inflight.enable</tunable>
- <value>default</value>
- </item>
- <item>
- <desc>Enable TCP extended debugging</desc>
- <tunable>net.inet.tcp.log_debug</tunable>
- <value>default</value>
- </item>
- <item>
- <desc>Set ICMP Limits</desc>
- <tunable>net.inet.icmp.icmplim</tunable>
- <value>default</value>
- </item>
- <item>
- <desc>TCP Offload Engine</desc>
- <tunable>net.inet.tcp.tso</tunable>
- <value>default</value>
- </item>
- <item>
- <desc>TCP Offload Engine - BCE</desc>
- <tunable>hw.bce.tso_enable</tunable>
- <value>default</value>
- </item>
- </sysctl>
- <system>
- <optimization>normal</optimization>
- <hostname>extras05</hostname>
- <domain>extrawireless.ca</domain>
- <group>
- <name>all</name>
- <description>All Users</description>
- <scope>system</scope>
- <gid>1998</gid>
- <member>0</member>
- </group>
- <group>
- <name>admins</name>
- <description>System Administrators</description>
- <scope>system</scope>
- <gid>1999</gid>
- <member>0</member>
- <priv>page-all</priv>
- </group>
- <user>
- <name>admin</name>
- <fullname>System Administrator</fullname>
- <scope>system</scope>
- <groupname>admins</groupname>
- <password>$1$BCNhi1nw$4nMJryA.hxjlVnkihXFqy/</password>
- <uid>0</uid>
- <priv>user-shell-access</priv>
- <md5-hash>3a4b4c4dde494d2cec3e0ea68e437e17</md5-hash>
- <nt-hash>38384204595792c8cb40f2d3adf52566</nt-hash>
- </user>
- <nextuid>2000</nextuid>
- <nextgid>2000</nextgid>
- <timezone>America/Vancouver</timezone>
- <time-update-interval/>
- <timeservers>0.pfsense.pool.ntp.org</timeservers>
- <webgui>
- <protocol>http</protocol>
- <ssl-certref>38e2618ff22fb</ssl-certref>
- <port/>
- </webgui>
- <disablenatreflection>yes</disablenatreflection>
- <cert>
- <refid>38e2618ff22fb</refid>
- <name>webConfigurator default</name>
- <crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVLRENDQTVHZ0F3SUJBZ0lKQVA5b2hTdFRIRGZRTUEwR0NTcUdTSWIzRFFFQkJRVUFNSUcvTVFzd0NRWUQKVlFRR0V3SlZVekVTTUJBR0ExVUVDQk1KVTI5dFpYZG9aWEpsTVJFd0R3WURWUVFIRXdoVGIyMWxZMmwwZVRFVQpNQklHQTFVRUNoTUxRMjl0Y0dGdWVVNWhiV1V4THpBdEJnTlZCQXNUSms5eVoyRnVhWHBoZEdsdmJtRnNJRlZ1CmFYUWdUbUZ0WlNBb1pXY3NJSE5sWTNScGIyNHBNU1F3SWdZRFZRUURFeHREYjIxdGIyNGdUbUZ0WlNBb1pXY3MKSUZsUFZWSWdibUZ0WlNreEhEQWFCZ2txaGtpRzl3MEJDUUVXRFVWdFlXbHNJRUZrWkhKbGMzTXdIaGNOTURBdwpNekk1TWpBd016STRXaGNOTURVd09URTVNakF3TXpJNFdqQ0J2ekVMTUFrR0ExVUVCaE1DVlZNeEVqQVFCZ05WCkJBZ1RDVk52YldWM2FHVnlaVEVSTUE4R0ExVUVCeE1JVTI5dFpXTnBkSGt4RkRBU0JnTlZCQW9UQzBOdmJYQmgKYm5sT1lXMWxNUzh3TFFZRFZRUUxFeVpQY21kaGJtbDZZWFJwYjI1aGJDQlZibWwwSUU1aGJXVWdLR1ZuTENCegpaV04wYVc5dUtURWtNQ0lHQTFVRUF4TWJRMjl0Ylc5dUlFNWhiV1VnS0dWbkxDQlpUMVZTSUc1aGJXVXBNUnd3CkdnWUpLb1pJaHZjTkFRa0JGZzFGYldGcGJDQkJaR1J5WlhOek1JR2ZNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0R04KQURDQmlRS0JnUUM0ZUluRTNHeXdDemxxaDZMUTM0WTN2K2NwYnRHZkJ6WW9yWW1SRkk2WkNvdlpWUGtkVm1ySQpCNHpyTExrMFdGd3dkZ2FtQ0FEak40Mzh4SnJCNjBHZ1pLaUFRdWErNkV3d2d2OFVQZUVBYUxWcksrNXVxb0JICmExa3hIZkpyMW44WVJFYzRuN0NLb0xYMll5SndaaStib2JzUUUvV1VoZS93cnRJU2N2WjRrd0lEQVFBQm80SUIKS0RDQ0FTUXdIUVlEVlIwT0JCWUVGTzFxdXo2VTMzYnp1TUlXOEt6bnhxMExUZmgyTUlIMEJnTlZIU01FZ2V3dwpnZW1BRk8xcXV6NlUzM2J6dU1JVzhLem54cTBMVGZoMm9ZSEZwSUhDTUlHL01Rc3dDUVlEVlFRR0V3SlZVekVTCk1CQUdBMVVFQ0JNSlUyOXRaWGRvWlhKbE1SRXdEd1lEVlFRSEV3aFRiMjFsWTJsMGVURVVNQklHQTFVRUNoTUwKUTI5dGNHRnVlVTVoYldVeEx6QXRCZ05WQkFzVEprOXlaMkZ1YVhwaGRHbHZibUZzSUZWdWFYUWdUbUZ0WlNBbwpaV2NzSUhObFkzUnBiMjRwTVNRd0lnWURWUVFERXh0RGIyMXRiMjRnVG1GdFpTQW9aV2NzSUZsUFZWSWdibUZ0ClpTa3hIREFhQmdrcWhraUc5dzBCQ1FFV0RVVnRZV2xzSUVGa1pISmxjM09DQ1FEL2FJVXJVeHczMERBTUJnTlYKSFJNRUJUQURBUUgvTUEwR0NTcUdTSWIzRFFFQkJRVUFBNEdCQUdRSFNHWDM5OGd5aWRCQ3JPWCt6MHllM1VrWgpsWFNnR1M0RUE0Vy9DT3AxZzBVSnJCR00xbjRZQkhNUXJnK213MGZIdUNTQ1N5ZE1OekJSU1hUbm4xKzhHdjdaCnRNcjVjc1hzRnBKb3VMbm5KSWhKTkZrd3lJWjFLM0lxckU4djNVS3JzQStZM0FOZ0ZYc2Z1bWNSQnc4c3F1emsKTEdFbnI1WVVBUTVkdkw2YgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==</crt>
- <prv>R2VuZXJhdGluZyBSU0EgcHJpdmF0ZSBrZXksIDEwMjQgYml0IGxvbmcgbW9kdWx1cwouLi4uLisrKysrKwouLi4uLi4uKysrKysrCmUgaXMgNjU1MzcgKDB4MTAwMDEpCi0tLS0tQkVHSU4gUlNBIFBSSVZBVEUgS0VZLS0tLS0KTUlJQ1d3SUJBQUtCZ1FDNGVJbkUzR3l3Q3pscWg2TFEzNFkzditjcGJ0R2ZCellvclltUkZJNlpDb3ZaVlBrZApWbXJJQjR6ckxMazBXRnd3ZGdhbUNBRGpONDM4eEpyQjYwR2daS2lBUXVhKzZFd3dndjhVUGVFQWFMVnJLKzV1CnFvQkhhMWt4SGZKcjFuOFlSRWM0bjdDS29MWDJZeUp3WmkrYm9ic1FFL1dVaGUvd3J0SVNjdlo0a3dJREFRQUIKQW9HQWROb1dHeGV0Mlk0aW5yS3dsak1oYUNzdG1QZFQzYkxKd2RhN3I2VWY5eDNSSEtoUTdSNlNvWWIyNHZuLwpqNEx4VXRsUXVOZVZDRmxtbmRsRVZ0WlpTTmRVYWphY2xCTHZqMmFkUUo3aEJWRXNETk9RdkRFVXVIb2p0b0N4CldyYTN1MkRBQUlLK2l0ZUZTb2NlK3lZK2d5OG9uL1BzdE83VFVZdm5KeWExSmRFQ1FRRGV2aGYwWWZpRGpub1EKREVRaDdnbTM5bjI0TzZXL3REQUY2L2ZzSnVjYmlNRittR3VsL25hSW8wZEEveU9QbXEza2RKWFRsUHluWGQ0bQp6cDU3dGgwOUFrRUExQU9WRWVKQm5nNC9FQXRzSDRwTmtHL1BaZmxuK3IwSkNQblVoQ1VEQW1mYVlHNWdiU2NHCk95d2p0MmpWUDRDVkdrNUQ2SFpYL0lPWFJ6a1NPZVhxRHdKQUZqYlBITWhJaUpaRkJpU3pCczgrbU9JMFY1TmIKVEdzai92TXhucE9pcU5SU3Q5VnJwdnBoeCs3QXhIS3RrVHpUNnR6VnRHdy9abEd1UGlDTkhibGo0UUpBSUwzZwo0cDhuZFFwTU1PVWlzSWhDVEVFSUxYNWowWFFxRmduSENSVlNMcWZ0TUtFN0lRQTYxUjZPOFg4dUY1MTY2VklXCjZLcUdFZ2djYjdKZm56Tmpmd0pBWkpCUUdSZXpSRnA4Yzc3cGF6d0EwWU53dW5aR3hBaldFaENvWTJ2dXhRODgKRnVRUTltT1RtUmpZS1JaSW5xMVZQMmFHQnFNYm5hNnJkY1dpYWVEV1p3PT0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K</prv>
- </cert>
- <enablesshd>enabled</enablesshd>
- <dnsserver>192.168.1.254</dnsserver>
- </system>
- <interfaces>
- <lan>
- <enable/>
- <if>vr1</if>
- <ipaddr>192.168.150.254</ipaddr>
- <subnet>24</subnet>
- <media/>
- <mediaopt/>
- <bandwidth>100</bandwidth>
- <bandwidthtype>Mb</bandwidthtype>
- <descr>LAN</descr>
- </lan>
- <opt1>
- <descr>OPT1</descr>
- <if>ath0</if>
- <wireless>
- <standard>11b</standard>
- <mode>hostap</mode>
- <protmode>off</protmode>
- <ssid>SecheltPublicLibrary</ssid>
- <channel>0</channel>
- <authmode/>
- <txpower>99</txpower>
- <distance/>
- <regdomain/>
- <regcountry/>
- <reglocation>indoor</reglocation>
- <wpa>
- <macaddr_acl/>
- <auth_algs>1</auth_algs>
- <wpa_mode>1</wpa_mode>
- <wpa_key_mgmt>WPA-PSK</wpa_key_mgmt>
- <wpa_pairwise>CCMP TKIP</wpa_pairwise>
- <wpa_group_rekey>60</wpa_group_rekey>
- <wpa_gmk_rekey>3600</wpa_gmk_rekey>
- <passphrase/>
- <ext_wpa_sw/>
- </wpa>
- <auth_server_addr/>
- <auth_server_port/>
- <auth_server_shared_secret/>
- <wep/>
- </wireless>
- <enable/>
- <ipaddr>192.168.151.254</ipaddr>
- <subnet>24</subnet>
- <spoofmac/>
- </opt1>
- <wan>
- <enable/>
- <if>vr0</if>
- <media/>
- <mediaopt/>
- <bandwidth>100</bandwidth>
- <bandwidthtype>Mb</bandwidthtype>
- <descr>WAN</descr>
- <ipaddr>192.168.1.205</ipaddr>
- <subnet>24</subnet>
- <gateway>1921681254</gateway>
- <spoofmac/>
- </wan>
- </interfaces>
- <staticroutes/>
- <pppoe>
- <username/>
- <password/>
- <provider/>
- </pppoe>
- <pptp>
- <username/>
- <password/>
- </pptp>
- <dhcpd>
- <lan>
- <enable/>
- <range>
- <from>192.168.150.10</from>
- <to>192.168.150.245</to>
- </range>
- </lan>
- <opt1>
- <range>
- <from>192.168.151.100</from>
- <to>192.168.151.200</to>
- </range>
- <defaultleasetime/>
- <maxleasetime/>
- <netmask/>
- <failover_peerip/>
- <gateway/>
- <domain/>
- <domainsearchlist/>
- <enable/>
- <ddnsdomain/>
- <tftp/>
- <ldap/>
- <next-server/>
- <filename/>
- <rootpath/>
- </opt1>
- </dhcpd>
- <pptpd>
- <mode/>
- <redir/>
- <localip/>
- <remoteip/>
- </pptpd>
- <ovpn/>
- <dnsmasq>
- <enable/>
- </dnsmasq>
- <snmpd>
- <syslocation/>
- <syscontact/>
- <rocommunity>public</rocommunity>
- </snmpd>
- <diag>
- <ipv6nat>
- <ipaddr/>
- </ipv6nat>
- </diag>
- <bridge/>
- <syslog/>
- <nat>
- <ipsecpassthru>
- <enable/>
- </ipsecpassthru>
- </nat>
- <filter>
- <rule>
- <id/>
- <type>pass</type>
- <interface>wan</interface>
- <max/>
- <max-src-nodes/>
- <max-src-conn/>
- <max-src-states/>
- <statetimeout/>
- <statetype>keep state</statetype>
- <os/>
- <protocol>tcp</protocol>
- <source>
- <any/>
- </source>
- <destination>
- <any/>
- </destination>
- <descr/>
- </rule>
- <rule>
- <id/>
- <type>pass</type>
- <interface>lan</interface>
- <max/>
- <max-src-nodes/>
- <max-src-conn/>
- <max-src-states/>
- <statetimeout/>
- <statetype>keep state</statetype>
- <os/>
- <source>
- <network>lan</network>
- </source>
- <destination>
- <any/>
- </destination>
- <descr>Default allow LAN to any rule</descr>
- <associated-rule-id/>
- </rule>
- </filter>
- <shaper/>
- <ipsec>
- <preferredoldsa/>
- </ipsec>
- <aliases/>
- <proxyarp/>
- <cron>
- <item>
- <minute>0</minute>
- <hour>*</hour>
- <mday>*</mday>
- <month>*</month>
- <wday>*</wday>
- <who>root</who>
- <command>/usr/bin/nice -n20 newsyslog</command>
- </item>
- <item>
- <minute>1,31</minute>
- <hour>0-5</hour>
- <mday>*</mday>
- <month>*</month>
- <wday>*</wday>
- <who>root</who>
- <command>/usr/bin/nice -n20 adjkerntz -a</command>
- </item>
- <item>
- <minute>1</minute>
- <hour>3</hour>
- <mday>1</mday>
- <month>*</month>
- <wday>*</wday>
- <who>root</who>
- <command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh</command>
- </item>
- <item>
- <minute>*/60</minute>
- <hour>*</hour>
- <mday>*</mday>
- <month>*</month>
- <wday>*</wday>
- <who>root</who>
- <command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout</command>
- </item>
- <item>
- <minute>1</minute>
- <hour>1</hour>
- <mday>*</mday>
- <month>*</month>
- <wday>*</wday>
- <who>root</who>
- <command>/usr/bin/nice -n20 /etc/rc.dyndns.update</command>
- </item>
- <item>
- <minute>*/60</minute>
- <hour>*</hour>
- <mday>*</mday>
- <month>*</month>
- <wday>*</wday>
- <who>root</who>
- <command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot</command>
- </item>
- <item>
- <minute>*/5</minute>
- <hour>*</hour>
- <mday>*</mday>
- <month>*</month>
- <wday>*</wday>
- <who>root</who>
- <command>/usr/bin/nice -n20 /usr/local/bin/checkreload.sh</command>
- </item>
- </cron>
- <wol/>
- <rrd>
- <enable/>
- </rrd>
- <load_balancer>
- <monitor_type>
- <name>ICMP</name>
- <type>icmp</type>
- <desc>ICMP</desc>
- <options/>
- </monitor_type>
- <monitor_type>
- <name>TCP</name>
- <type>tcp</type>
- <desc>Generic TCP</desc>
- <options/>
- </monitor_type>
- <monitor_type>
- <name>HTTP</name>
- <type>http</type>
- <desc>Generic HTTP</desc>
- <options>
- <path>/</path>
- <host/>
- <code>200</code>
- </options>
- </monitor_type>
- <monitor_type>
- <name>HTTPS</name>
- <type>https</type>
- <desc>Generic HTTPS</desc>
- <options>
- <path>/</path>
- <host/>
- <code>200</code>
- </options>
- </monitor_type>
- <monitor_type>
- <name>SMTP</name>
- <type>send</type>
- <desc>Generic SMTP</desc>
- <options>
- <send>EHLO nosuchhost</send>
- <expect>250-</expect>
- </options>
- </monitor_type>
- </load_balancer>
- <widgets>
- <sequence>system_information-container:col1:show,captive_portal_status-container:col1:close,carp_status-container:col1:close,cpu_graphs-container:col1:close,gateways-container:col1:close,gmirror_status-container:col1:close,installed_packages-container:col1:close,interface_statistics-container:col1:close,interfaces-container:col2:show,ipsec-container:col2:close,load_balancer_status-container:col2:close,log-container:col2:close,picture-container:col2:close,rss-container:col2:close,services_status-container:col2:close,traffic_graphs-container:col2:close</sequence>
- </widgets>
- <l7shaper>
- <container/>
- </l7shaper>
- <dnshaper/>
- <gateways>
- <gateway_item>
- <interface>wan</interface>
- <name>1921681254</name>
- <gateway>192.168.1.254</gateway>
- <descr/>
- <defaultgw/>
- </gateway_item>
- </gateways>
- <openvpn/>
- <revision>
- <description>/services_captiveportal.php made unknown change</description>
- <time>1274483778</time>
- </revision>
- <wireless/>
- <captiveportal>
- <page>
- <htmltext>DQo8aDE+SGFyYm91ciBXaXJlbGVzcyBTZWNoZWx0IFB1YmxpYyBMaWJyYXJ5PC9oMT4NCjxicj48YnI+DQo8Zm9ybSBtZXRob2Q9InBvc3QiIGFjdGlvbj0iJFBPUlRBTF9BQ1RJT04kIj4NCiAgIEVudGVyIFZvdWNlciBjb2RlOiA8aW5wdXQgbmFtZT0iYXV0aF92b3VjaGVyIiB0eXBlPSJ0ZXh0Ij4NCjxicj4NCiAgIDxpbnB1dCBuYW1lPSJyZWRpcnVybCIgdHlwZT0iaGlkZGVuIiB2YWx1ZT0iJFBPUlRBTF9SRURJUlVSTCQiPg0KICAgPGlucHV0IG5hbWU9ImFjY2VwdCIgdHlwZT0ic3VibWl0IiB2YWx1ZT0iQ29udGludWUiPg0KPC9mb3JtPg==</htmltext>
- </page>
- <timeout>60</timeout>
- <interface>lan</interface>
- <maxproc></maxproc>
- <idletimeout/>
- <enable/>
- <auth_method>none</auth_method>
- <reauthenticateacct/>
- <httpsname/>
- <bwdefaultdn/>
- <bwdefaultup/>
- <certificate/>
- <cacertificate/>
- <private-key/>
- <redirurl/>
- <radiusip/>
- <radiusip2/>
- <radiusport/>
- <radiusport2/>
- <radiusacctport/>
- <radiuskey/>
- <radiuskey2/>
- <radiusvendor>default</radiusvendor>
- <radmac_format>default</radmac_format>
- </captiveportal>
- </pfsense>
RAW Paste Data