1 |
5b237745
|
Scott Ullrich
|
<?xml version="1.0"?>
|
2 |
ee11cc6e
|
Scott Ullrich
|
<!-- pfSense default system configuration -->
|
3 |
44ce4df1
|
Scott Ullrich
|
<pfsense>
|
4 |
279c2f42
|
Renato Botelho
|
<version>9.8</version>
|
5 |
5b237745
|
Scott Ullrich
|
<lastchange></lastchange>
|
6 |
b220cc48
|
hoba
|
<theme>pfsense_ng</theme>
|
7 |
6df9d7e3
|
Scott Ullrich
|
<sysctl>
|
8 |
c06240db
|
Ermal
|
<item>
|
9 |
|
|
<descr><![CDATA[Enable mounting the FS read only with more checks.]]></descr>
|
10 |
|
|
<tunable>vfs.forcesync</tunable>
|
11 |
|
|
<value>default</value>
|
12 |
|
|
</item>
|
13 |
2b7ca9b2
|
Ermal
|
<item>
|
14 |
|
|
<descr><![CDATA[Disable the pf ftp proxy handler.]]></descr>
|
15 |
|
|
<tunable>debug.pfftpproxy</tunable>
|
16 |
|
|
<value>default</value>
|
17 |
|
|
</item>
|
18 |
feae85bc
|
Scott Ullrich
|
<item>
|
19 |
dc074b0f
|
jim-p
|
<descr><![CDATA[Increase UFS read-ahead speeds to match current state of hard drives and NCQ. More information here: http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html]]></descr>
|
20 |
feae85bc
|
Scott Ullrich
|
<tunable>vfs.read_max</tunable>
|
21 |
|
|
<value>default</value>
|
22 |
2b8bdfe4
|
Scott Ullrich
|
</item>
|
23 |
df23ccfe
|
Scott Ullrich
|
<item>
|
24 |
dc074b0f
|
jim-p
|
<descr><![CDATA[Set the ephemeral port range to be lower.]]></descr>
|
25 |
df23ccfe
|
Scott Ullrich
|
<tunable>net.inet.ip.portrange.first</tunable>
|
26 |
d0b461f5
|
sullrich
|
<value>default</value>
|
27 |
df23ccfe
|
Scott Ullrich
|
</item>
|
28 |
9299ceaf
|
Scott Ullrich
|
<item>
|
29 |
dc074b0f
|
jim-p
|
<descr><![CDATA[Drop packets to closed TCP ports without returning a RST]]></descr>
|
30 |
9299ceaf
|
Scott Ullrich
|
<tunable>net.inet.tcp.blackhole</tunable>
|
31 |
d0b461f5
|
sullrich
|
<value>default</value>
|
32 |
9299ceaf
|
Scott Ullrich
|
</item>
|
33 |
|
|
<item>
|
34 |
dc074b0f
|
jim-p
|
<descr><![CDATA[Do not send ICMP port unreachable messages for closed UDP ports]]></descr>
|
35 |
9299ceaf
|
Scott Ullrich
|
<tunable>net.inet.udp.blackhole</tunable>
|
36 |
d0b461f5
|
sullrich
|
<value>default</value>
|
37 |
9299ceaf
|
Scott Ullrich
|
</item>
|
38 |
|
|
<item>
|
39 |
dc074b0f
|
jim-p
|
<descr><![CDATA[Randomize the ID field in IP packets (default is 0: sequential IP IDs)]]></descr>
|
40 |
9299ceaf
|
Scott Ullrich
|
<tunable>net.inet.ip.random_id</tunable>
|
41 |
d0b461f5
|
sullrich
|
<value>default</value>
|
42 |
9299ceaf
|
Scott Ullrich
|
</item>
|
43 |
|
|
<item>
|
44 |
dc074b0f
|
jim-p
|
<descr><![CDATA[Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)]]></descr>
|
45 |
9299ceaf
|
Scott Ullrich
|
<tunable>net.inet.tcp.drop_synfin</tunable>
|
46 |
d0b461f5
|
sullrich
|
<value>default</value>
|
47 |
9299ceaf
|
Scott Ullrich
|
</item>
|
48 |
|
|
<item>
|
49 |
dc074b0f
|
jim-p
|
<descr><![CDATA[Enable sending IPv4 redirects]]></descr>
|
50 |
9299ceaf
|
Scott Ullrich
|
<tunable>net.inet.ip.redirect</tunable>
|
51 |
d0b461f5
|
sullrich
|
<value>default</value>
|
52 |
9299ceaf
|
Scott Ullrich
|
</item>
|
53 |
|
|
<item>
|
54 |
dc074b0f
|
jim-p
|
<descr><![CDATA[Enable sending IPv6 redirects]]></descr>
|
55 |
9299ceaf
|
Scott Ullrich
|
<tunable>net.inet6.ip6.redirect</tunable>
|
56 |
d0b461f5
|
sullrich
|
<value>default</value>
|
57 |
b1d7bc01
|
Scott Ullrich
|
</item>
|
58 |
20a3b436
|
Renato Botelho
|
<item>
|
59 |
|
|
<descr><![CDATA[Enable privacy settings for IPv6 (RFC 4941)]]></descr>
|
60 |
|
|
<tunable>net.inet6.ip6.use_tempaddr</tunable>
|
61 |
|
|
<value>default</value>
|
62 |
|
|
</item>
|
63 |
|
|
<item>
|
64 |
|
|
<descr><![CDATA[Prefer privacy addresses and use them over the normal addresses]]></descr>
|
65 |
|
|
<tunable>net.inet6.ip6.prefer_tempaddr</tunable>
|
66 |
|
|
<value>default</value>
|
67 |
|
|
</item>
|
68 |
9299ceaf
|
Scott Ullrich
|
<item>
|
69 |
dc074b0f
|
jim-p
|
<descr><![CDATA[Generate SYN cookies for outbound SYN-ACK packets]]></descr>
|
70 |
9299ceaf
|
Scott Ullrich
|
<tunable>net.inet.tcp.syncookies</tunable>
|
71 |
d0b461f5
|
sullrich
|
<value>default</value>
|
72 |
9299ceaf
|
Scott Ullrich
|
</item>
|
73 |
6df9d7e3
|
Scott Ullrich
|
<item>
|
74 |
dc074b0f
|
jim-p
|
<descr><![CDATA[Maximum incoming/outgoing TCP datagram size (receive)]]></descr>
|
75 |
6df9d7e3
|
Scott Ullrich
|
<tunable>net.inet.tcp.recvspace</tunable>
|
76 |
d0b461f5
|
sullrich
|
<value>default</value>
|
77 |
6df9d7e3
|
Scott Ullrich
|
</item>
|
78 |
|
|
<item>
|
79 |
dc074b0f
|
jim-p
|
<descr><![CDATA[Maximum incoming/outgoing TCP datagram size (send)]]></descr>
|
80 |
6df9d7e3
|
Scott Ullrich
|
<tunable>net.inet.tcp.sendspace</tunable>
|
81 |
d0b461f5
|
sullrich
|
<value>default</value>
|
82 |
6df9d7e3
|
Scott Ullrich
|
</item>
|
83 |
|
|
<item>
|
84 |
dc074b0f
|
jim-p
|
<descr><![CDATA[IP Fastforwarding]]></descr>
|
85 |
6df9d7e3
|
Scott Ullrich
|
<tunable>net.inet.ip.fastforwarding</tunable>
|
86 |
d0b461f5
|
sullrich
|
<value>default</value>
|
87 |
6df9d7e3
|
Scott Ullrich
|
</item>
|
88 |
|
|
<item>
|
89 |
dc074b0f
|
jim-p
|
<descr><![CDATA[Do not delay ACK to try and piggyback it onto a data packet]]></descr>
|
90 |
6df9d7e3
|
Scott Ullrich
|
<tunable>net.inet.tcp.delayed_ack</tunable>
|
91 |
d0b461f5
|
sullrich
|
<value>default</value>
|
92 |
6df9d7e3
|
Scott Ullrich
|
</item>
|
93 |
|
|
<item>
|
94 |
dc074b0f
|
jim-p
|
<descr><![CDATA[Maximum outgoing UDP datagram size]]></descr>
|
95 |
6df9d7e3
|
Scott Ullrich
|
<tunable>net.inet.udp.maxdgram</tunable>
|
96 |
d0b461f5
|
sullrich
|
<value>default</value>
|
97 |
6df9d7e3
|
Scott Ullrich
|
</item>
|
98 |
|
|
<item>
|
99 |
dc074b0f
|
jim-p
|
<descr><![CDATA[Handling of non-IP packets which are not passed to pfil (see if_bridge(4))]]></descr>
|
100 |
6df9d7e3
|
Scott Ullrich
|
<tunable>net.link.bridge.pfil_onlyip</tunable>
|
101 |
d0b461f5
|
sullrich
|
<value>default</value>
|
102 |
6df9d7e3
|
Scott Ullrich
|
</item>
|
103 |
3828b68a
|
Scott Ullrich
|
<item>
|
104 |
dc074b0f
|
jim-p
|
<descr><![CDATA[Set to 0 to disable filtering on the incoming and outgoing member interfaces.]]></descr>
|
105 |
9c4d33a1
|
Erik Fonnesbeck
|
<tunable>net.link.bridge.pfil_member</tunable>
|
106 |
|
|
<value>default</value>
|
107 |
3828b68a
|
Scott Ullrich
|
</item>
|
108 |
|
|
<item>
|
109 |
dc074b0f
|
jim-p
|
<descr><![CDATA[Set to 1 to enable filtering on the bridge interface]]></descr>
|
110 |
9c4d33a1
|
Erik Fonnesbeck
|
<tunable>net.link.bridge.pfil_bridge</tunable>
|
111 |
|
|
<value>default</value>
|
112 |
3828b68a
|
Scott Ullrich
|
</item>
|
113 |
6df9d7e3
|
Scott Ullrich
|
<item>
|
114 |
dc074b0f
|
jim-p
|
<descr><![CDATA[Allow unprivileged access to tap(4) device nodes]]></descr>
|
115 |
6df9d7e3
|
Scott Ullrich
|
<tunable>net.link.tap.user_open</tunable>
|
116 |
d0b461f5
|
sullrich
|
<value>default</value>
|
117 |
6df9d7e3
|
Scott Ullrich
|
</item>
|
118 |
|
|
<item>
|
119 |
dc074b0f
|
jim-p
|
<descr><![CDATA[Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())]]></descr>
|
120 |
6df9d7e3
|
Scott Ullrich
|
<tunable>kern.randompid</tunable>
|
121 |
d0b461f5
|
sullrich
|
<value>default</value>
|
122 |
6df9d7e3
|
Scott Ullrich
|
</item>
|
123 |
94f01c71
|
Scott Ullrich
|
<item>
|
124 |
dc074b0f
|
jim-p
|
<descr><![CDATA[Maximum size of the IP input queue]]></descr>
|
125 |
94f01c71
|
Scott Ullrich
|
<tunable>net.inet.ip.intr_queue_maxlen</tunable>
|
126 |
d0b461f5
|
sullrich
|
<value>default</value>
|
127 |
94f01c71
|
Scott Ullrich
|
</item>
|
128 |
ae1ffb16
|
Scott Ullrich
|
<item>
|
129 |
dc074b0f
|
jim-p
|
<descr><![CDATA[Disable CTRL+ALT+Delete reboot from keyboard.]]></descr>
|
130 |
ae1ffb16
|
Scott Ullrich
|
<tunable>hw.syscons.kbd_reboot</tunable>
|
131 |
d0b461f5
|
sullrich
|
<value>default</value>
|
132 |
ee7ff1f0
|
Scott Ullrich
|
</item>
|
133 |
|
|
<item>
|
134 |
dc074b0f
|
jim-p
|
<descr><![CDATA[Enable TCP Inflight mode]]></descr>
|
135 |
ee7ff1f0
|
Scott Ullrich
|
<tunable>net.inet.tcp.inflight.enable</tunable>
|
136 |
d0b461f5
|
sullrich
|
<value>default</value>
|
137 |
b51eff52
|
Scott Ullrich
|
</item>
|
138 |
|
|
<item>
|
139 |
dc074b0f
|
jim-p
|
<descr><![CDATA[Enable TCP extended debugging]]></descr>
|
140 |
b51eff52
|
Scott Ullrich
|
<tunable>net.inet.tcp.log_debug</tunable>
|
141 |
d0b461f5
|
sullrich
|
<value>default</value>
|
142 |
3828b68a
|
Scott Ullrich
|
</item>
|
143 |
|
|
<item>
|
144 |
dc074b0f
|
jim-p
|
<descr><![CDATA[Set ICMP Limits]]></descr>
|
145 |
3828b68a
|
Scott Ullrich
|
<tunable>net.inet.icmp.icmplim</tunable>
|
146 |
d0b461f5
|
sullrich
|
<value>default</value>
|
147 |
e858896b
|
Scott Ullrich
|
</item>
|
148 |
|
|
<item>
|
149 |
dc074b0f
|
jim-p
|
<descr><![CDATA[TCP Offload Engine]]></descr>
|
150 |
e858896b
|
Scott Ullrich
|
<tunable>net.inet.tcp.tso</tunable>
|
151 |
d0b461f5
|
sullrich
|
<value>default</value>
|
152 |
e858896b
|
Scott Ullrich
|
</item>
|
153 |
f388b5c5
|
Ermal
|
<item>
|
154 |
|
|
<descr><![CDATA[UDP Checksums]]></descr>
|
155 |
|
|
<tunable>net.inet.udp.checksum</tunable>
|
156 |
|
|
<value>default</value>
|
157 |
|
|
</item>
|
158 |
abe7607f
|
Scott Ullrich
|
<item>
|
159 |
dc074b0f
|
jim-p
|
<descr><![CDATA[Maximum socket buffer size]]></descr>
|
160 |
abe7607f
|
Scott Ullrich
|
<tunable>kern.ipc.maxsockbuf</tunable>
|
161 |
|
|
<value>default</value>
|
162 |
|
|
</item>
|
163 |
6df9d7e3
|
Scott Ullrich
|
</sysctl>
|
164 |
5b237745
|
Scott Ullrich
|
<system>
|
165 |
adfaae0e
|
Scott Ullrich
|
<optimization>normal</optimization>
|
166 |
f56d2af1
|
Scott Ullrich
|
<hostname>pfSense</hostname>
|
167 |
10e41b74
|
gnhb
|
<domain>localdomain</domain>
|
168 |
dc074b0f
|
jim-p
|
<dnsserver/>
|
169 |
5b237745
|
Scott Ullrich
|
<dnsallowoverride/>
|
170 |
45ee90ed
|
Matthew Grooms
|
<group>
|
171 |
|
|
<name>all</name>
|
172 |
dc074b0f
|
jim-p
|
<description><![CDATA[All Users]]></description>
|
173 |
45ee90ed
|
Matthew Grooms
|
<scope>system</scope>
|
174 |
|
|
<gid>1998</gid>
|
175 |
6b07c15a
|
Matthew Grooms
|
<member>0</member>
|
176 |
45ee90ed
|
Matthew Grooms
|
</group>
|
177 |
8da7252b
|
Scott Ullrich
|
<group>
|
178 |
|
|
<name>admins</name>
|
179 |
dc074b0f
|
jim-p
|
<description><![CDATA[System Administrators]]></description>
|
180 |
8da7252b
|
Scott Ullrich
|
<scope>system</scope>
|
181 |
45ee90ed
|
Matthew Grooms
|
<gid>1999</gid>
|
182 |
6b07c15a
|
Matthew Grooms
|
<member>0</member>
|
183 |
|
|
<priv>page-all</priv>
|
184 |
8da7252b
|
Scott Ullrich
|
</group>
|
185 |
|
|
<user>
|
186 |
|
|
<name>admin</name>
|
187 |
dc074b0f
|
jim-p
|
<descr><![CDATA[System Administrator]]></descr>
|
188 |
8da7252b
|
Scott Ullrich
|
<scope>system</scope>
|
189 |
|
|
<groupname>admins</groupname>
|
190 |
|
|
<password>$1$dSJImFph$GvZ7.1UbuWu.Yb8etC0re.</password>
|
191 |
|
|
<uid>0</uid>
|
192 |
6b07c15a
|
Matthew Grooms
|
<priv>user-shell-access</priv>
|
193 |
8da7252b
|
Scott Ullrich
|
</user>
|
194 |
45ee90ed
|
Matthew Grooms
|
<nextuid>2000</nextuid>
|
195 |
|
|
<nextgid>2000</nextgid>
|
196 |
5b237745
|
Scott Ullrich
|
<timezone>Etc/UTC</timezone>
|
197 |
|
|
<time-update-interval>300</time-update-interval>
|
198 |
2821f8e6
|
Scott Ullrich
|
<timeservers>0.pfsense.pool.ntp.org</timeservers>
|
199 |
5b237745
|
Scott Ullrich
|
<webgui>
|
200 |
effb9797
|
sullrich
|
<protocol>https</protocol>
|
201 |
e8abc4a7
|
Renato Botelho
|
<noautocomplete/>
|
202 |
5b237745
|
Scott Ullrich
|
</webgui>
|
203 |
ea7f7a84
|
sullrich
|
<disablenatreflection>yes</disablenatreflection>
|
204 |
5b237745
|
Scott Ullrich
|
<!-- <disableconsolemenu/> -->
|
205 |
|
|
<!-- <disablefirmwarecheck/> -->
|
206 |
|
|
<!-- <shellcmd></shellcmd> -->
|
207 |
|
|
<!-- <earlyshellcmd></earlyshellcmd> -->
|
208 |
|
|
<!-- <harddiskstandby></harddiskstandby> -->
|
209 |
c7206520
|
jim-p
|
<disablesegmentationoffloading/>
|
210 |
|
|
<disablelargereceiveoffloading/>
|
211 |
000d9e71
|
Seth Mos
|
<ipv6allow/>
|
212 |
91d1736f
|
N0YB
|
<powerd_ac_mode>hadp</powerd_ac_mode>
|
213 |
|
|
<powerd_battery_mode>hadp</powerd_battery_mode>
|
214 |
6b4480dc
|
bcyrill
|
<bogons>
|
215 |
|
|
<interval>monthly</interval>
|
216 |
|
|
</bogons>
|
217 |
7050776a
|
Chris Buechler
|
<kill_states/>
|
218 |
5b237745
|
Scott Ullrich
|
</system>
|
219 |
|
|
<interfaces>
|
220 |
|
|
<wan>
|
221 |
0beab3f4
|
Erik Fonnesbeck
|
<enable/>
|
222 |
4b38cdb7
|
Chris Buechler
|
<if>vr1</if>
|
223 |
5b237745
|
Scott Ullrich
|
<mtu></mtu>
|
224 |
|
|
<ipaddr>dhcp</ipaddr>
|
225 |
444a6f4b
|
Thomas NOEL
|
<ipaddrv6></ipaddrv6>
|
226 |
5b237745
|
Scott Ullrich
|
<!-- *or* ipv4-address *or* 'pppoe' *or* 'pptp' *or* 'bigpond' -->
|
227 |
|
|
<subnet></subnet>
|
228 |
|
|
<gateway></gateway>
|
229 |
|
|
<blockpriv/>
|
230 |
beb9061f
|
Chris Buechler
|
<blockbogons/>
|
231 |
5b237745
|
Scott Ullrich
|
<dhcphostname></dhcphostname>
|
232 |
|
|
<media></media>
|
233 |
|
|
<mediaopt></mediaopt>
|
234 |
000d9e71
|
Seth Mos
|
<dhcp6-duid></dhcp6-duid>
|
235 |
|
|
<dhcp6-ia-pd-len>0</dhcp6-ia-pd-len>
|
236 |
5b237745
|
Scott Ullrich
|
<!--
|
237 |
|
|
<wireless>
|
238 |
|
|
*see below (opt[n])*
|
239 |
|
|
</wireless>
|
240 |
|
|
-->
|
241 |
|
|
</wan>
|
242 |
43ac3acf
|
Scott Ullrich
|
<lan>
|
243 |
0beab3f4
|
Erik Fonnesbeck
|
<enable/>
|
244 |
4b38cdb7
|
Chris Buechler
|
<if>vr0</if>
|
245 |
444a6f4b
|
Thomas NOEL
|
<ipaddr>10.42.0.1</ipaddr>
|
246 |
|
|
<subnet>16</subnet>
|
247 |
|
|
<ipaddrv6></ipaddrv6>
|
248 |
|
|
<subnetv6></subnetv6>
|
249 |
43ac3acf
|
Scott Ullrich
|
<media></media>
|
250 |
|
|
<mediaopt></mediaopt>
|
251 |
6d778ed0
|
smos
|
<track6-interface>wan</track6-interface>
|
252 |
|
|
<track6-prefix-id>0</track6-prefix-id>
|
253 |
43ac3acf
|
Scott Ullrich
|
<!--
|
254 |
|
|
<wireless>
|
255 |
|
|
*see below (opt[n])*
|
256 |
|
|
</wireless>
|
257 |
|
|
-->
|
258 |
|
|
</lan>
|
259 |
5b237745
|
Scott Ullrich
|
<!--
|
260 |
|
|
<opt[n]>
|
261 |
|
|
<enable/>
|
262 |
|
|
<descr></descr>
|
263 |
|
|
<if></if>
|
264 |
|
|
<ipaddr></ipaddr>
|
265 |
|
|
<subnet></subnet>
|
266 |
|
|
<media></media>
|
267 |
|
|
<mediaopt></mediaopt>
|
268 |
|
|
<bridge>lan|wan|opt[n]</bridge>
|
269 |
|
|
<wireless>
|
270 |
|
|
<mode>hostap *or* bss *or* ibss</mode>
|
271 |
|
|
<ssid></ssid>
|
272 |
|
|
<channel></channel>
|
273 |
|
|
<wep>
|
274 |
|
|
<enable/>
|
275 |
|
|
<key>
|
276 |
|
|
<txkey/>
|
277 |
|
|
<value></value>
|
278 |
|
|
</key>
|
279 |
|
|
</wep>
|
280 |
|
|
</wireless>
|
281 |
|
|
</opt[n]>
|
282 |
|
|
-->
|
283 |
|
|
</interfaces>
|
284 |
|
|
<!--
|
285 |
|
|
<vlans>
|
286 |
|
|
<vlan>
|
287 |
|
|
<tag></tag>
|
288 |
|
|
<if></if>
|
289 |
|
|
<descr></descr>
|
290 |
|
|
</vlan>
|
291 |
|
|
</vlans>
|
292 |
|
|
-->
|
293 |
|
|
<staticroutes>
|
294 |
|
|
<!--
|
295 |
|
|
<route>
|
296 |
|
|
<interface>lan|opt[n]|pptp</interface>
|
297 |
|
|
<network>xxx.xxx.xxx.xxx/xx</network>
|
298 |
|
|
<gateway>xxx.xxx.xxx.xxx</gateway>
|
299 |
|
|
<descr></descr>
|
300 |
|
|
</route>
|
301 |
|
|
-->
|
302 |
|
|
</staticroutes>
|
303 |
|
|
<dhcpd>
|
304 |
|
|
<lan>
|
305 |
|
|
<enable/>
|
306 |
|
|
<range>
|
307 |
444a6f4b
|
Thomas NOEL
|
<from>10.42.1.1</from>
|
308 |
|
|
<to>10.42.254.254</to>
|
309 |
5b237745
|
Scott Ullrich
|
</range>
|
310 |
|
|
<!--
|
311 |
|
|
<winsserver>xxx.xxx.xxx.xxx</winsserver>
|
312 |
|
|
<defaultleasetime></defaultleasetime>
|
313 |
|
|
<maxleasetime></maxleasetime>
|
314 |
|
|
<gateway>xxx.xxx.xxx.xxx</gateway>
|
315 |
|
|
<domain></domain>
|
316 |
|
|
<dnsserver></dnsserver>
|
317 |
ad171999
|
Seth Mos
|
<ntpserver>xxx.xxx.xxx.xxx</ntpserver>
|
318 |
5b237745
|
Scott Ullrich
|
<next-server></next-server>
|
319 |
|
|
<filename></filename>
|
320 |
|
|
-->
|
321 |
|
|
</lan>
|
322 |
|
|
<!--
|
323 |
|
|
<opt[n]>
|
324 |
|
|
...
|
325 |
|
|
</opt[n]>
|
326 |
|
|
-->
|
327 |
|
|
<!--
|
328 |
|
|
<staticmap>
|
329 |
|
|
<mac>xx:xx:xx:xx:xx:xx</mac>
|
330 |
|
|
<ipaddr>xxx.xxx.xxx.xxx</ipaddr>
|
331 |
|
|
<descr></descr>
|
332 |
|
|
</staticmap>
|
333 |
|
|
-->
|
334 |
|
|
</dhcpd>
|
335 |
|
|
<pptpd>
|
336 |
|
|
<mode><!-- off *or* server *or* redir --></mode>
|
337 |
dc074b0f
|
jim-p
|
<redir/>
|
338 |
|
|
<localip/>
|
339 |
|
|
<remoteip/>
|
340 |
5b237745
|
Scott Ullrich
|
<!-- <accounting/> -->
|
341 |
|
|
<!--
|
342 |
|
|
<user>
|
343 |
|
|
<name></name>
|
344 |
|
|
<password></password>
|
345 |
|
|
</user>
|
346 |
|
|
-->
|
347 |
|
|
</pptpd>
|
348 |
|
|
<dnsmasq>
|
349 |
|
|
<enable/>
|
350 |
|
|
<!--
|
351 |
|
|
<hosts>
|
352 |
|
|
<host></host>
|
353 |
|
|
<domain></domain>
|
354 |
|
|
<ip></ip>
|
355 |
|
|
<descr></descr>
|
356 |
|
|
</hosts>
|
357 |
|
|
-->
|
358 |
|
|
</dnsmasq>
|
359 |
|
|
<snmpd>
|
360 |
6d45aa59
|
Thomas NOEL
|
<enable/>
|
361 |
dc074b0f
|
jim-p
|
<syslocation/>
|
362 |
|
|
<syscontact/>
|
363 |
6d45aa59
|
Thomas NOEL
|
<rocommunity>edustop</rocommunity>
|
364 |
|
|
<modules>
|
365 |
|
|
<mibii/>
|
366 |
|
|
<netgraph/>
|
367 |
|
|
<pf/>
|
368 |
|
|
<hostres/>
|
369 |
|
|
<ucd/>
|
370 |
|
|
<regex/>
|
371 |
|
|
</modules>
|
372 |
|
|
<pollport>161</pollport>
|
373 |
|
|
<trapserver/>
|
374 |
|
|
<trapserverport/>
|
375 |
|
|
<trapstring/>
|
376 |
|
|
<bindip/>
|
377 |
5b237745
|
Scott Ullrich
|
</snmpd>
|
378 |
|
|
<diag>
|
379 |
|
|
<ipv6nat>
|
380 |
|
|
<!-- <enable/> -->
|
381 |
dc074b0f
|
jim-p
|
<ipaddr/>
|
382 |
5b237745
|
Scott Ullrich
|
</ipv6nat>
|
383 |
|
|
</diag>
|
384 |
|
|
<bridge>
|
385 |
|
|
<!-- <filteringbridge/> -->
|
386 |
|
|
</bridge>
|
387 |
|
|
<syslog>
|
388 |
|
|
<!--
|
389 |
|
|
<reverse/>
|
390 |
|
|
<enable/>
|
391 |
|
|
<remoteserver>xxx.xxx.xxx.xxx</remoteserver>
|
392 |
|
|
<filter/>
|
393 |
|
|
<dhcp/>
|
394 |
|
|
<system/>
|
395 |
|
|
<nologdefaultblock/>
|
396 |
|
|
-->
|
397 |
|
|
</syslog>
|
398 |
|
|
<!--
|
399 |
|
|
<captiveportal>
|
400 |
|
|
<enable/>
|
401 |
|
|
<interface>lan|opt[n]</interface>
|
402 |
|
|
<idletimeout>minutes</idletimeout>
|
403 |
|
|
<timeout>minutes</timeout>
|
404 |
|
|
<page>
|
405 |
|
|
<htmltext></htmltext>
|
406 |
|
|
<errtext></errtext>
|
407 |
|
|
</page>
|
408 |
|
|
<httpslogin/>
|
409 |
|
|
<httpsname></httpsname>
|
410 |
|
|
<redirurl></redirurl>
|
411 |
|
|
<radiusip></radiusip>
|
412 |
|
|
<radiusport></radiusport>
|
413 |
|
|
<radiuskey></radiuskey>
|
414 |
|
|
<nomacfilter/>
|
415 |
|
|
</captiveportal>
|
416 |
|
|
-->
|
417 |
|
|
<nat>
|
418 |
c0ce312f
|
Scott Ullrich
|
<ipsecpassthru>
|
419 |
|
|
<enable/>
|
420 |
7c59d0c1
|
Scott Ullrich
|
</ipsecpassthru>
|
421 |
5b237745
|
Scott Ullrich
|
<!--
|
422 |
|
|
<rule>
|
423 |
|
|
<interface></interface>
|
424 |
|
|
<external-address></external-address>
|
425 |
|
|
<protocol></protocol>
|
426 |
|
|
<external-port></external-port>
|
427 |
|
|
<target></target>
|
428 |
|
|
<local-port></local-port>
|
429 |
|
|
<descr></descr>
|
430 |
|
|
</rule>
|
431 |
|
|
-->
|
432 |
|
|
<!--
|
433 |
|
|
<onetoone>
|
434 |
|
|
<interface></interface>
|
435 |
|
|
<external>xxx.xxx.xxx.xxx</external>
|
436 |
|
|
<internal>xxx.xxx.xxx.xxx</internal>
|
437 |
|
|
<subnet></subnet>
|
438 |
|
|
<descr></descr>
|
439 |
|
|
</onetoone>
|
440 |
|
|
-->
|
441 |
|
|
<!--
|
442 |
|
|
<advancedoutbound>
|
443 |
|
|
<enable/>
|
444 |
|
|
<rule>
|
445 |
|
|
<interface></interface>
|
446 |
|
|
<source>
|
447 |
|
|
<network>xxx.xxx.xxx.xxx/xx</network>
|
448 |
|
|
</source>
|
449 |
|
|
<destination>
|
450 |
|
|
<not/>
|
451 |
|
|
<any/>
|
452 |
|
|
*or*
|
453 |
|
|
<network>xxx.xxx.xxx.xxx/xx</network>
|
454 |
|
|
</destination>
|
455 |
|
|
<target>xxx.xxx.xxx.xxx</target>
|
456 |
|
|
<descr></descr>
|
457 |
|
|
</rule>
|
458 |
|
|
</advancedoutbound>
|
459 |
|
|
-->
|
460 |
|
|
<!--
|
461 |
|
|
<servernat>
|
462 |
|
|
<ipaddr></ipaddr>
|
463 |
|
|
<descr></descr>
|
464 |
|
|
</servernat>
|
465 |
|
|
-->
|
466 |
|
|
</nat>
|
467 |
|
|
<filter>
|
468 |
|
|
<!-- <tcpidletimeout></tcpidletimeout> -->
|
469 |
|
|
<rule>
|
470 |
|
|
<type>pass</type>
|
471 |
000d9e71
|
Seth Mos
|
<ipprotocol>inet</ipprotocol>
|
472 |
dc074b0f
|
jim-p
|
<descr><![CDATA[Default allow LAN to any rule]]></descr>
|
473 |
5b237745
|
Scott Ullrich
|
<interface>lan</interface>
|
474 |
|
|
<source>
|
475 |
|
|
<network>lan</network>
|
476 |
|
|
</source>
|
477 |
|
|
<destination>
|
478 |
|
|
<any/>
|
479 |
|
|
</destination>
|
480 |
|
|
</rule>
|
481 |
000d9e71
|
Seth Mos
|
<rule>
|
482 |
|
|
<type>pass</type>
|
483 |
|
|
<ipprotocol>inet6</ipprotocol>
|
484 |
|
|
<descr><![CDATA[Default allow LAN IPv6 to any rule]]></descr>
|
485 |
|
|
<interface>lan</interface>
|
486 |
|
|
<source>
|
487 |
|
|
<network>lan</network>
|
488 |
|
|
</source>
|
489 |
|
|
<destination>
|
490 |
|
|
<any/>
|
491 |
|
|
</destination>
|
492 |
|
|
</rule>
|
493 |
5b237745
|
Scott Ullrich
|
<!-- rule syntax:
|
494 |
|
|
<rule>
|
495 |
|
|
<disabled/>
|
496 |
b9e28d57
|
unknown
|
<id>[0-9]*</id>
|
497 |
5b237745
|
Scott Ullrich
|
<type>pass|block|reject</type>
|
498 |
000d9e71
|
Seth Mos
|
<ipprotocol>inet|inet6</ipprotocol>
|
499 |
5b237745
|
Scott Ullrich
|
<descr>...</descr>
|
500 |
|
|
<interface>lan|opt[n]|wan|pptp</interface>
|
501 |
|
|
<protocol>tcp|udp|tcp/udp|...</protocol>
|
502 |
|
|
<icmptype></icmptype>
|
503 |
|
|
<source>
|
504 |
|
|
<not/>
|
505 |
f56d2af1
|
Scott Ullrich
|
|
506 |
5b237745
|
Scott Ullrich
|
<address>xxx.xxx.xxx.xxx(/xx) or alias</address>
|
507 |
|
|
*or*
|
508 |
|
|
<network>lan|opt[n]|pptp</network>
|
509 |
|
|
*or*
|
510 |
|
|
<any/>
|
511 |
f56d2af1
|
Scott Ullrich
|
|
512 |
5b237745
|
Scott Ullrich
|
<port>a[-b]</port>
|
513 |
|
|
</source>
|
514 |
|
|
<destination>
|
515 |
|
|
*same as for source*
|
516 |
|
|
</destination>
|
517 |
|
|
<frags/>
|
518 |
|
|
<log/>
|
519 |
|
|
</rule>
|
520 |
|
|
-->
|
521 |
|
|
</filter>
|
522 |
|
|
<shaper>
|
523 |
|
|
<!-- <enable/> -->
|
524 |
a48aec0a
|
Bill Marquette
|
<!-- <schedulertype>hfsc</schedulertype> -->
|
525 |
5b237745
|
Scott Ullrich
|
<!-- rule syntax:
|
526 |
|
|
<rule>
|
527 |
|
|
<disabled/>
|
528 |
|
|
<descr></descr>
|
529 |
f56d2af1
|
Scott Ullrich
|
|
530 |
5b237745
|
Scott Ullrich
|
<targetpipe>number (zero based)</targetpipe>
|
531 |
|
|
*or*
|
532 |
|
|
<targetqueue>number (zero based)</targetqueue>
|
533 |
f56d2af1
|
Scott Ullrich
|
|
534 |
5b237745
|
Scott Ullrich
|
<interface>lan|wan|opt[n]|pptp</interface>
|
535 |
|
|
<protocol>tcp|udp</protocol>
|
536 |
|
|
<direction>in|out</direction>
|
537 |
|
|
<source>
|
538 |
|
|
<not/>
|
539 |
f56d2af1
|
Scott Ullrich
|
|
540 |
5b237745
|
Scott Ullrich
|
<address>xxx.xxx.xxx.xxx(/xx)</address>
|
541 |
|
|
*or*
|
542 |
|
|
<network>lan|opt[n]|pptp</network>
|
543 |
|
|
*or*
|
544 |
|
|
<any/>
|
545 |
f56d2af1
|
Scott Ullrich
|
|
546 |
5b237745
|
Scott Ullrich
|
<port>a[-b]</port>
|
547 |
|
|
</source>
|
548 |
|
|
<destination>
|
549 |
|
|
*same as for source*
|
550 |
|
|
</destination>
|
551 |
f56d2af1
|
Scott Ullrich
|
|
552 |
5b237745
|
Scott Ullrich
|
<iplen>from[-to]</iplen>
|
553 |
|
|
<iptos>(!)lowdelay,throughput,reliability,mincost,congestion</iptos>
|
554 |
|
|
<tcpflags>(!)fin,syn,rst,psh,ack,urg</tcpflags>
|
555 |
|
|
</rule>
|
556 |
|
|
<pipe>
|
557 |
|
|
<descr></descr>
|
558 |
|
|
<bandwidth></bandwidth>
|
559 |
|
|
<delay></delay>
|
560 |
|
|
<mask>source|destination</mask>
|
561 |
|
|
</pipe>
|
562 |
|
|
<queue>
|
563 |
|
|
<descr></descr>
|
564 |
|
|
<targetpipe>number (zero based)</targetpipe>
|
565 |
|
|
<weight></weight>
|
566 |
|
|
<mask>source|destination</mask>
|
567 |
|
|
</queue>
|
568 |
|
|
-->
|
569 |
|
|
</shaper>
|
570 |
|
|
<ipsec>
|
571 |
|
|
<!-- <enable/> -->
|
572 |
|
|
<!-- syntax:
|
573 |
|
|
<tunnel>
|
574 |
|
|
<disabled/>
|
575 |
|
|
<auto/>
|
576 |
|
|
<descr></descr>
|
577 |
|
|
<interface>lan|wan|opt[n]</interface>
|
578 |
|
|
<local-subnet>
|
579 |
|
|
<address>xxx.xxx.xxx.xxx(/xx)</address>
|
580 |
|
|
*or*
|
581 |
|
|
<network>lan|opt[n]</network>
|
582 |
|
|
</local-subnet>
|
583 |
|
|
<remote-subnet>xxx.xxx.xxx.xxx/xx</remote-subnet>
|
584 |
|
|
<remote-gateway></remote-gateway>
|
585 |
|
|
<p1>
|
586 |
|
|
<mode></mode>
|
587 |
|
|
<myident>
|
588 |
|
|
<myaddress/>
|
589 |
|
|
*or*
|
590 |
|
|
<address>xxx.xxx.xxx.xxx</address>
|
591 |
|
|
*or*
|
592 |
|
|
<fqdn>the.fq.dn</fqdn>
|
593 |
|
|
</myident>
|
594 |
|
|
<encryption-algorithm></encryption-algorithm>
|
595 |
|
|
<hash-algorithm></hash-algorithm>
|
596 |
|
|
<dhgroup></dhgroup>
|
597 |
|
|
<lifetime></lifetime>
|
598 |
|
|
<pre-shared-key></pre-shared-key>
|
599 |
|
|
</p1>
|
600 |
|
|
<p2>
|
601 |
|
|
<protocol></protocol>
|
602 |
|
|
<encryption-algorithm-option></encryption-algorithm-option>
|
603 |
|
|
<hash-algorithm-option></hash-algorithm-option>
|
604 |
|
|
<pfsgroup></pfsgroup>
|
605 |
|
|
<lifetime></lifetime>
|
606 |
|
|
</p2>
|
607 |
|
|
</tunnel>
|
608 |
|
|
<mobileclients>
|
609 |
|
|
<enable/>
|
610 |
|
|
<p1>
|
611 |
|
|
<mode></mode>
|
612 |
|
|
<myident>
|
613 |
|
|
<myaddress/>
|
614 |
|
|
*or*
|
615 |
|
|
<address>xxx.xxx.xxx.xxx</address>
|
616 |
|
|
*or*
|
617 |
|
|
<fqdn>the.fq.dn</fqdn>
|
618 |
|
|
</myident>
|
619 |
|
|
<encryption-algorithm></encryption-algorithm>
|
620 |
|
|
<hash-algorithm></hash-algorithm>
|
621 |
|
|
<dhgroup></dhgroup>
|
622 |
|
|
<lifetime></lifetime>
|
623 |
|
|
</p1>
|
624 |
|
|
<p2>
|
625 |
|
|
<protocol></protocol>
|
626 |
|
|
<encryption-algorithm-option></encryption-algorithm-option>
|
627 |
|
|
<hash-algorithm-option></hash-algorithm-option>
|
628 |
|
|
<pfsgroup></pfsgroup>
|
629 |
|
|
<lifetime></lifetime>
|
630 |
|
|
</p2>
|
631 |
|
|
</mobileclients>
|
632 |
|
|
<mobilekey>
|
633 |
|
|
<ident></ident>
|
634 |
|
|
<pre-shared-key></pre-shared-key>
|
635 |
|
|
</mobilekey>
|
636 |
|
|
-->
|
637 |
|
|
</ipsec>
|
638 |
|
|
<aliases>
|
639 |
|
|
<!--
|
640 |
|
|
<alias>
|
641 |
|
|
<name></name>
|
642 |
|
|
<address>xxx.xxx.xxx.xxx(/xx)</address>
|
643 |
|
|
<descr></descr>
|
644 |
|
|
</alias>
|
645 |
|
|
-->
|
646 |
|
|
</aliases>
|
647 |
|
|
<proxyarp>
|
648 |
|
|
<!--
|
649 |
|
|
<proxyarpnet>
|
650 |
|
|
<network>xxx.xxx.xxx.xxx/xx</network>
|
651 |
|
|
*or*
|
652 |
|
|
<range>
|
653 |
|
|
<from>xxx.xxx.xxx.xxx</from>
|
654 |
|
|
<to>xxx.xxx.xxx.xxx</to>
|
655 |
|
|
</range>
|
656 |
|
|
</proxyarpnet>
|
657 |
|
|
-->
|
658 |
|
|
</proxyarp>
|
659 |
1071e028
|
Scott Ullrich
|
<cron>
|
660 |
|
|
<item>
|
661 |
|
|
<minute>1,31</minute>
|
662 |
|
|
<hour>0-5</hour>
|
663 |
|
|
<mday>*</mday>
|
664 |
|
|
<month>*</month>
|
665 |
|
|
<wday>*</wday>
|
666 |
|
|
<who>root</who>
|
667 |
|
|
<command>/usr/bin/nice -n20 adjkerntz -a</command>
|
668 |
|
|
</item>
|
669 |
|
|
<item>
|
670 |
|
|
<minute>1</minute>
|
671 |
2672d65d
|
Scott Ullrich
|
<hour>3</hour>
|
672 |
1071e028
|
Scott Ullrich
|
<mday>1</mday>
|
673 |
|
|
<month>*</month>
|
674 |
|
|
<wday>*</wday>
|
675 |
|
|
<who>root</who>
|
676 |
|
|
<command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh</command>
|
677 |
|
|
</item>
|
678 |
|
|
<item>
|
679 |
|
|
<minute>*/60</minute>
|
680 |
|
|
<hour>*</hour>
|
681 |
|
|
<mday>*</mday>
|
682 |
|
|
<month>*</month>
|
683 |
|
|
<wday>*</wday>
|
684 |
|
|
<who>root</who>
|
685 |
|
|
<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout</command>
|
686 |
|
|
</item>
|
687 |
|
|
<item>
|
688 |
|
|
<minute>1</minute>
|
689 |
|
|
<hour>1</hour>
|
690 |
|
|
<mday>*</mday>
|
691 |
|
|
<month>*</month>
|
692 |
|
|
<wday>*</wday>
|
693 |
|
|
<who>root</who>
|
694 |
|
|
<command>/usr/bin/nice -n20 /etc/rc.dyndns.update</command>
|
695 |
|
|
</item>
|
696 |
|
|
<item>
|
697 |
|
|
<minute>*/60</minute>
|
698 |
|
|
<hour>*</hour>
|
699 |
|
|
<mday>*</mday>
|
700 |
|
|
<month>*</month>
|
701 |
|
|
<wday>*</wday>
|
702 |
|
|
<who>root</who>
|
703 |
|
|
<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot</command>
|
704 |
|
|
</item>
|
705 |
|
|
<item>
|
706 |
dc074b0f
|
jim-p
|
<minute>30</minute>
|
707 |
|
|
<hour>12</hour>
|
708 |
1071e028
|
Scott Ullrich
|
<mday>*</mday>
|
709 |
|
|
<month>*</month>
|
710 |
|
|
<wday>*</wday>
|
711 |
|
|
<who>root</who>
|
712 |
dc074b0f
|
jim-p
|
<command>/usr/bin/nice -n20 /etc/rc.update_urltables</command>
|
713 |
1071e028
|
Scott Ullrich
|
</item>
|
714 |
|
|
</cron>
|
715 |
5b237745
|
Scott Ullrich
|
<wol>
|
716 |
|
|
<!--
|
717 |
|
|
<wolentry>
|
718 |
|
|
<interface>lan|opt[n]</interface>
|
719 |
|
|
<mac>xx:xx:xx:xx:xx:xx</mac>
|
720 |
|
|
<descr></descr>
|
721 |
|
|
</wolentry>
|
722 |
|
|
-->
|
723 |
|
|
</wol>
|
724 |
451d439e
|
Seth Mos
|
<rrd>
|
725 |
|
|
<enable/>
|
726 |
|
|
</rrd>
|
727 |
08b17c6d
|
Scott Ullrich
|
<load_balancer>
|
728 |
|
|
<monitor_type>
|
729 |
|
|
<name>ICMP</name>
|
730 |
|
|
<type>icmp</type>
|
731 |
dc074b0f
|
jim-p
|
<descr><![CDATA[ICMP]]></descr>
|
732 |
|
|
<options/>
|
733 |
08b17c6d
|
Scott Ullrich
|
</monitor_type>
|
734 |
|
|
<monitor_type>
|
735 |
|
|
<name>TCP</name>
|
736 |
|
|
<type>tcp</type>
|
737 |
dc074b0f
|
jim-p
|
<descr><![CDATA[Generic TCP]]></descr>
|
738 |
|
|
<options/>
|
739 |
08b17c6d
|
Scott Ullrich
|
</monitor_type>
|
740 |
|
|
<monitor_type>
|
741 |
|
|
<name>HTTP</name>
|
742 |
|
|
<type>http</type>
|
743 |
dc074b0f
|
jim-p
|
<descr><![CDATA[Generic HTTP]]></descr>
|
744 |
08b17c6d
|
Scott Ullrich
|
<options>
|
745 |
|
|
<path>/</path>
|
746 |
|
|
<host/>
|
747 |
|
|
<code>200</code>
|
748 |
|
|
</options>
|
749 |
|
|
</monitor_type>
|
750 |
|
|
<monitor_type>
|
751 |
|
|
<name>HTTPS</name>
|
752 |
|
|
<type>https</type>
|
753 |
dc074b0f
|
jim-p
|
<descr><![CDATA[Generic HTTPS]]></descr>
|
754 |
08b17c6d
|
Scott Ullrich
|
<options>
|
755 |
|
|
<path>/</path>
|
756 |
|
|
<host/>
|
757 |
|
|
<code>200</code>
|
758 |
|
|
</options>
|
759 |
|
|
</monitor_type>
|
760 |
|
|
<monitor_type>
|
761 |
|
|
<name>SMTP</name>
|
762 |
|
|
<type>send</type>
|
763 |
dc074b0f
|
jim-p
|
<descr><![CDATA[Generic SMTP]]></descr>
|
764 |
08b17c6d
|
Scott Ullrich
|
<options>
|
765 |
3c19d44a
|
jim-p
|
<send></send>
|
766 |
|
|
<expect>220 *</expect>
|
767 |
08b17c6d
|
Scott Ullrich
|
</options>
|
768 |
|
|
</monitor_type>
|
769 |
|
|
</load_balancer>
|
770 |
880637d2
|
Scott Ullrich
|
<widgets>
|
771 |
|
|
<sequence>system_information-container:col1:show,captive_portal_status-container:col1:close,carp_status-container:col1:close,cpu_graphs-container:col1:close,gateways-container:col1:close,gmirror_status-container:col1:close,installed_packages-container:col1:close,interface_statistics-container:col1:close,interfaces-container:col2:show,ipsec-container:col2:close,load_balancer_status-container:col2:close,log-container:col2:close,picture-container:col2:close,rss-container:col2:close,services_status-container:col2:close,traffic_graphs-container:col2:close</sequence>
|
772 |
|
|
</widgets>
|
773 |
9b16b834
|
Ermal Lu?i
|
</pfsense>
|