Project

General

Profile

Bug #4090 » config-pfsense.localdomain-20150105090641.xml

Vick Khera, 01/05/2015 08:06 AM

 
1
<?xml version="1.0"?>
2
<pfsense>
3
	<version>11.3</version>
4
	<lastchange/>
5
	<theme>pfsense_ng_fs</theme>
6
	<sysctl>
7
		<item>
8
			<descr><![CDATA[Disable the pf ftp proxy handler.]]></descr>
9
			<tunable>debug.pfftpproxy</tunable>
10
			<value>default</value>
11
		</item>
12
		<item>
13
			<descr><![CDATA[Increase UFS read-ahead speeds to match current state of hard drives and NCQ. More information here: http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html]]></descr>
14
			<tunable>vfs.read_max</tunable>
15
			<value>default</value>
16
		</item>
17
		<item>
18
			<descr><![CDATA[Set the ephemeral port range to be lower.]]></descr>
19
			<tunable>net.inet.ip.portrange.first</tunable>
20
			<value>default</value>
21
		</item>
22
		<item>
23
			<descr><![CDATA[Drop packets to closed TCP ports without returning a RST]]></descr>
24
			<tunable>net.inet.tcp.blackhole</tunable>
25
			<value>default</value>
26
		</item>
27
		<item>
28
			<descr><![CDATA[Do not send ICMP port unreachable messages for closed UDP ports]]></descr>
29
			<tunable>net.inet.udp.blackhole</tunable>
30
			<value>default</value>
31
		</item>
32
		<item>
33
			<descr><![CDATA[Randomize the ID field in IP packets (default is 0: sequential IP IDs)]]></descr>
34
			<tunable>net.inet.ip.random_id</tunable>
35
			<value>default</value>
36
		</item>
37
		<item>
38
			<descr><![CDATA[Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)]]></descr>
39
			<tunable>net.inet.tcp.drop_synfin</tunable>
40
			<value>default</value>
41
		</item>
42
		<item>
43
			<descr><![CDATA[Enable sending IPv4 redirects]]></descr>
44
			<tunable>net.inet.ip.redirect</tunable>
45
			<value>default</value>
46
		</item>
47
		<item>
48
			<descr><![CDATA[Enable sending IPv6 redirects]]></descr>
49
			<tunable>net.inet6.ip6.redirect</tunable>
50
			<value>default</value>
51
		</item>
52
		<item>
53
			<descr><![CDATA[Generate SYN cookies for outbound SYN-ACK packets]]></descr>
54
			<tunable>net.inet.tcp.syncookies</tunable>
55
			<value>default</value>
56
		</item>
57
		<item>
58
			<descr><![CDATA[Maximum incoming/outgoing TCP datagram size (receive)]]></descr>
59
			<tunable>net.inet.tcp.recvspace</tunable>
60
			<value>default</value>
61
		</item>
62
		<item>
63
			<descr><![CDATA[Maximum incoming/outgoing TCP datagram size (send)]]></descr>
64
			<tunable>net.inet.tcp.sendspace</tunable>
65
			<value>default</value>
66
		</item>
67
		<item>
68
			<descr><![CDATA[IP Fastforwarding]]></descr>
69
			<tunable>net.inet.ip.fastforwarding</tunable>
70
			<value>default</value>
71
		</item>
72
		<item>
73
			<descr><![CDATA[Do not delay ACK to try and piggyback it onto a data packet]]></descr>
74
			<tunable>net.inet.tcp.delayed_ack</tunable>
75
			<value>default</value>
76
		</item>
77
		<item>
78
			<descr><![CDATA[Maximum outgoing UDP datagram size]]></descr>
79
			<tunable>net.inet.udp.maxdgram</tunable>
80
			<value>default</value>
81
		</item>
82
		<item>
83
			<descr><![CDATA[Handling of non-IP packets which are not passed to pfil (see if_bridge(4))]]></descr>
84
			<tunable>net.link.bridge.pfil_onlyip</tunable>
85
			<value>default</value>
86
		</item>
87
		<item>
88
			<descr><![CDATA[Set to 0 to disable filtering on the incoming and outgoing member interfaces.]]></descr>
89
			<tunable>net.link.bridge.pfil_member</tunable>
90
			<value>default</value>
91
		</item>
92
		<item>
93
			<descr><![CDATA[Set to 1 to enable filtering on the bridge interface]]></descr>
94
			<tunable>net.link.bridge.pfil_bridge</tunable>
95
			<value>default</value>
96
		</item>
97
		<item>
98
			<descr><![CDATA[Allow unprivileged access to tap(4) device nodes]]></descr>
99
			<tunable>net.link.tap.user_open</tunable>
100
			<value>default</value>
101
		</item>
102
		<item>
103
			<descr><![CDATA[Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())]]></descr>
104
			<tunable>kern.randompid</tunable>
105
			<value>default</value>
106
		</item>
107
		<item>
108
			<descr><![CDATA[Maximum size of the IP input queue]]></descr>
109
			<tunable>net.inet.ip.intr_queue_maxlen</tunable>
110
			<value>default</value>
111
		</item>
112
		<item>
113
			<descr><![CDATA[Disable CTRL+ALT+Delete reboot from keyboard.]]></descr>
114
			<tunable>hw.syscons.kbd_reboot</tunable>
115
			<value>default</value>
116
		</item>
117
		<item>
118
			<descr><![CDATA[Enable TCP Inflight mode]]></descr>
119
			<tunable>net.inet.tcp.inflight.enable</tunable>
120
			<value>default</value>
121
		</item>
122
		<item>
123
			<descr><![CDATA[Enable TCP extended debugging]]></descr>
124
			<tunable>net.inet.tcp.log_debug</tunable>
125
			<value>default</value>
126
		</item>
127
		<item>
128
			<descr><![CDATA[Set ICMP Limits]]></descr>
129
			<tunable>net.inet.icmp.icmplim</tunable>
130
			<value>default</value>
131
		</item>
132
		<item>
133
			<descr><![CDATA[TCP Offload Engine]]></descr>
134
			<tunable>net.inet.tcp.tso</tunable>
135
			<value>default</value>
136
		</item>
137
		<item>
138
			<descr><![CDATA[Maximum socket buffer size]]></descr>
139
			<tunable>kern.ipc.maxsockbuf</tunable>
140
			<value>default</value>
141
		</item>
142
	</sysctl>
143
	<system>
144
		<optimization>normal</optimization>
145
		<hostname>pfsense</hostname>
146
		<domain>localdomain</domain>
147
		<group>
148
			<name>all</name>
149
			<description><![CDATA[All Users]]></description>
150
			<scope>system</scope>
151
			<gid>1998</gid>
152
		</group>
153
		<group>
154
			<name>admins</name>
155
			<description><![CDATA[System Administrators]]></description>
156
			<scope>system</scope>
157
			<gid>1999</gid>
158
			<member>0</member>
159
			<priv>page-all</priv>
160
		</group>
161
		<group>
162
			<name>iphonevpn</name>
163
			<description><![CDATA[People with iphone VPN privileges]]></description>
164
			<member>2001</member>
165
			<member>2002</member>
166
			<member>2000</member>
167
			<gid>2001</gid>
168
			<priv>user-ipsec-xauth-dialin</priv>
169
		</group>
170
		<user>
171
			<name>admin</name>
172
			<descr><![CDATA[System Administrator]]></descr>
173
			<scope>system</scope>
174
			<groupname>admins</groupname>
175
			<password>$1$1ss4/1er$D8PUmzpdhKC3MxmfMvD7U0</password>
176
			<uid>0</uid>
177
			<priv>user-shell-access</priv>
178
			<md5-hash>c2c94a0b4c5e28000d45502ffc043479</md5-hash>
179
			<nt-hash>adab035a3afbc0eb5b9af4b199fdb00e</nt-hash>
180
		</user>
181
		<user>
182
			<name>admin</name>
183
			<descr><![CDATA[System Administrator]]></descr>
184
			<scope>system</scope>
185
			<password>$1$ZYKXPzDy$p7rc2rRz1IjSz.TDENmLS0</password>
186
			<uid>0</uid>
187
			<priv>user-shell-access</priv>
188
			<priv>user-copy-files</priv>
189
		</user>
190
		<user>
191
			<scope>user</scope>
192
			<password>$1$1Fh4YhRl$Z5R5jG7kPN2RzqhOBE1ig0</password>
193
			<md5-hash>fa5e08c4e3d479648967162c4a53a42f</md5-hash>
194
			<nt-hash>34613a1039a2cf49d7388b1d5588b5db</nt-hash>
195
			<name>kamelkev</name>
196
			<descr><![CDATA[Kevin Kamel]]></descr>
197
			<expires/>
198
			<authorizedkeys/>
199
			<ipsecpsk/>
200
			<uid>2001</uid>
201
		</user>
202
		<user>
203
			<scope>user</scope>
204
			<password>$1$uiwFqfJJ$48gkfDWJ/jS/aVQAuu7P01</password>
205
			<md5-hash>452ea25e87f9f7b071b4f7c177e74b17</md5-hash>
206
			<nt-hash>8bee20278b6a9fcc0932953c37308622</nt-hash>
207
			<name>raj</name>
208
			<descr><![CDATA[Raj Khera]]></descr>
209
			<expires/>
210
			<authorizedkeys/>
211
			<ipsecpsk/>
212
			<uid>2002</uid>
213
		</user>
214
		<user>
215
			<scope>user</scope>
216
			<password>$1$JfAEE7Ys$Lz6xYmfa9uau9ReAP2EF4.</password>
217
			<md5-hash>9593f160add977eb5f0302339306cd0b</md5-hash>
218
			<nt-hash>e278dd5fa95b839b7c9e73de8d429198</nt-hash>
219
			<name>vivek</name>
220
			<descr><![CDATA[Vick Khera]]></descr>
221
			<expires/>
222
			<authorizedkeys/>
223
			<ipsecpsk/>
224
			<uid>2000</uid>
225
		</user>
226
		<nextuid>2005</nextuid>
227
		<nextgid>2002</nextgid>
228
		<timezone>America/New_York</timezone>
229
		<time-update-interval/>
230
		<timeservers>rockville-fw-a.int.kcilink.com rockville-fw-b.int.kcilink.com</timeservers>
231
		<webgui>
232
			<protocol>http</protocol>
233
			<ssl-certref>4f1f26755c554</ssl-certref>
234
			<port/>
235
			<max_procs>2</max_procs>
236
			<loginautocomplete/>
237
		</webgui>
238
		<disablenatreflection>yes</disablenatreflection>
239
		<disablesegmentationoffloading/>
240
		<disablelargereceiveoffloading/>
241
		<dns1gwint>none</dns1gwint>
242
		<dns2gwint>none</dns2gwint>
243
		<dns3gwint>none</dns3gwint>
244
		<dns4gwint>none</dns4gwint>
245
		<firmware>
246
			<alturl>
247
				<enable/>
248
				<firmwareurl>https://updates.pfsense.org/_updaters</firmwareurl>
249
			</alturl>
250
		</firmware>
251
		<gitsync>
252
			<repositoryurl/>
253
			<branch/>
254
		</gitsync>
255
		<kill_states/>
256
		<serialspeed>9600</serialspeed>
257
		<enablesshd>enabled</enablesshd>
258
		<powerd_ac_mode>hadp</powerd_ac_mode>
259
		<powerd_battery_mode>hadp</powerd_battery_mode>
260
		<powerd_normal_mode>hadp</powerd_normal_mode>
261
		<thermal_hardware>coretemp</thermal_hardware>
262
		<use_mfs_tmp_size/>
263
		<use_mfs_var_size/>
264
		<language>en_US</language>
265
		<dns1gw>none</dns1gw>
266
		<dns2gw>none</dns2gw>
267
		<dns3gw>none</dns3gw>
268
		<dns4gw>none</dns4gw>
269
		<dnsserver>192.168.7.1</dnsserver>
270
	</system>
271
	<interfaces>
272
		<wan>
273
			<enable/>
274
			<if>em0</if>
275
			<ipaddr>dhcp</ipaddr>
276
			<gateway/>
277
			<blockpriv>on</blockpriv>
278
			<blockbogons>on</blockbogons>
279
			<media/>
280
			<mediaopt/>
281
		</wan>
282
		<lan>
283
			<enable/>
284
			<if>em1</if>
285
			<ipaddr>172.16.39.2</ipaddr>
286
			<subnet>24</subnet>
287
			<media/>
288
			<mediaopt/>
289
		</lan>
290
	</interfaces>
291
	<staticroutes/>
292
	<dhcpd>
293
		<lan>
294
			<range>
295
				<from>172.16.39.10</from>
296
				<to>172.16.39.245</to>
297
			</range>
298
		</lan>
299
	</dhcpd>
300
	<pptpd>
301
		<mode/>
302
		<redir/>
303
		<localip/>
304
		<remoteip/>
305
	</pptpd>
306
	<dnsmasq>
307
		<custom_options/>
308
		<interface/>
309
	</dnsmasq>
310
	<snmpd>
311
		<syslocation/>
312
		<syscontact/>
313
		<rocommunity>public</rocommunity>
314
	</snmpd>
315
	<diag>
316
		<ipv6nat>
317
			<ipaddr/>
318
		</ipv6nat>
319
	</diag>
320
	<bridge/>
321
	<syslog/>
322
	<nat>
323
		<outbound>
324
			<mode>automatic</mode>
325
		</outbound>
326
	</nat>
327
	<filter>
328
		<rule>
329
			<id/>
330
			<type>reject</type>
331
			<interface>wan</interface>
332
			<tag/>
333
			<tagged/>
334
			<max/>
335
			<max-src-nodes/>
336
			<max-src-conn/>
337
			<max-src-states/>
338
			<statetimeout/>
339
			<statetype>keep state</statetype>
340
			<os/>
341
			<protocol>tcp</protocol>
342
			<source>
343
				<address>10.10.10.11</address>
344
			</source>
345
			<destination>
346
				<any/>
347
			</destination>
348
			<descr><![CDATA[test rule]]></descr>
349
			<tracker>1418217109</tracker>
350
		</rule>
351
		<rule>
352
			<type>pass</type>
353
			<descr><![CDATA[Default allow LAN to any rule]]></descr>
354
			<interface>lan</interface>
355
			<source>
356
				<network>lan</network>
357
			</source>
358
			<destination>
359
				<any/>
360
			</destination>
361
			<tracker>1418217110</tracker>
362
		</rule>
363
	</filter>
364
	<shaper/>
365
	<ipsec>
366
		<preferoldsa/>
367
	</ipsec>
368
	<aliases/>
369
	<proxyarp/>
370
	<cron>
371
		<item>
372
			<minute>1,31</minute>
373
			<hour>0-5</hour>
374
			<mday>*</mday>
375
			<month>*</month>
376
			<wday>*</wday>
377
			<who>root</who>
378
			<command>/usr/bin/nice -n20 adjkerntz -a</command>
379
		</item>
380
		<item>
381
			<minute>1</minute>
382
			<hour>3</hour>
383
			<mday>1</mday>
384
			<month>*</month>
385
			<wday>*</wday>
386
			<who>root</who>
387
			<command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh</command>
388
		</item>
389
		<item>
390
			<minute>*/60</minute>
391
			<hour>*</hour>
392
			<mday>*</mday>
393
			<month>*</month>
394
			<wday>*</wday>
395
			<who>root</who>
396
			<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout</command>
397
		</item>
398
		<item>
399
			<minute>1</minute>
400
			<hour>1</hour>
401
			<mday>*</mday>
402
			<month>*</month>
403
			<wday>*</wday>
404
			<who>root</who>
405
			<command>/usr/bin/nice -n20 /etc/rc.dyndns.update</command>
406
		</item>
407
		<item>
408
			<minute>*/60</minute>
409
			<hour>*</hour>
410
			<mday>*</mday>
411
			<month>*</month>
412
			<wday>*</wday>
413
			<who>root</who>
414
			<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot</command>
415
		</item>
416
		<item>
417
			<minute>30</minute>
418
			<hour>12</hour>
419
			<mday>*</mday>
420
			<month>*</month>
421
			<wday>*</wday>
422
			<who>root</who>
423
			<command>/usr/bin/nice -n20 /etc/rc.update_urltables</command>
424
		</item>
425
		<item>
426
			<minute>*/60</minute>
427
			<hour>*</hour>
428
			<mday>*</mday>
429
			<month>*</month>
430
			<wday>*</wday>
431
			<who>root</who>
432
			<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout</command>
433
		</item>
434
	</cron>
435
	<wol/>
436
	<rrd>
437
		<enable/>
438
	</rrd>
439
	<load_balancer>
440
		<monitor_type>
441
			<name>ICMP</name>
442
			<type>icmp</type>
443
			<descr><![CDATA[ICMP]]></descr>
444
			<options/>
445
		</monitor_type>
446
		<monitor_type>
447
			<name>TCP</name>
448
			<type>tcp</type>
449
			<descr><![CDATA[Generic TCP]]></descr>
450
			<options/>
451
		</monitor_type>
452
		<monitor_type>
453
			<name>HTTP</name>
454
			<type>http</type>
455
			<descr><![CDATA[Generic HTTP]]></descr>
456
			<options>
457
				<path>/</path>
458
				<host/>
459
				<code>200</code>
460
			</options>
461
		</monitor_type>
462
		<monitor_type>
463
			<name>HTTPS</name>
464
			<type>https</type>
465
			<descr><![CDATA[Generic HTTPS]]></descr>
466
			<options>
467
				<path>/</path>
468
				<host/>
469
				<code>200</code>
470
			</options>
471
		</monitor_type>
472
		<monitor_type>
473
			<name>SMTP</name>
474
			<type>send</type>
475
			<descr><![CDATA[Generic SMTP]]></descr>
476
			<options>
477
				<send/>
478
				<expect>220 *</expect>
479
			</options>
480
		</monitor_type>
481
	</load_balancer>
482
	<widgets>
483
		<sequence>system_information-container:col1:show,captive_portal_status-container:col1:close,carp_status-container:col1:close,cpu_graphs-container:col1:close,gateways-container:col1:close,gmirror_status-container:col1:close,installed_packages-container:col1:close,interface_statistics-container:col1:close,interfaces-container:col2:show,ipsec-container:col2:close,load_balancer_status-container:col2:close,log-container:col2:close,picture-container:col2:close,rss-container:col2:close,services_status-container:col2:close,traffic_graphs-container:col2:close,openvpn-container:col2:none,pfBlocker-container:col2:show,wake_on_lan-container:col2:none</sequence>
484
	</widgets>
485
	<revision>
486
		<time>1420466784</time>
487
		<description><![CDATA[admin@172.16.39.1: DNS Resolver configured.]]></description>
488
		<username>admin@172.16.39.1</username>
489
	</revision>
490
	<openvpn/>
491
	<l7shaper>
492
		<container/>
493
	</l7shaper>
494
	<dnshaper/>
495
	<cert>
496
		<refid>4f1f26755c554</refid>
497
		<descr><![CDATA[webConfigurator default]]></descr>
498
		<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVLRENDQTVHZ0F3SUJBZ0lKQU1vZHQ3WDlhVkl5TUEwR0NTcUdTSWIzRFFFQkJRVUFNSUcvTVFzd0NRWUQKVlFRR0V3SlZVekVTTUJBR0ExVUVDQk1KVTI5dFpYZG9aWEpsTVJFd0R3WURWUVFIRXdoVGIyMWxZMmwwZVRFVQpNQklHQTFVRUNoTUxRMjl0Y0dGdWVVNWhiV1V4THpBdEJnTlZCQXNUSms5eVoyRnVhWHBoZEdsdmJtRnNJRlZ1CmFYUWdUbUZ0WlNBb1pXY3NJSE5sWTNScGIyNHBNU1F3SWdZRFZRUURFeHREYjIxdGIyNGdUbUZ0WlNBb1pXY3MKSUZsUFZWSWdibUZ0WlNreEhEQWFCZ2txaGtpRzl3MEJDUUVXRFVWdFlXbHNJRUZrWkhKbGMzTXdIaGNOTVRJdwpNVEkwTWpFME5USTFXaGNOTVRjd056RTJNakUwTlRJMVdqQ0J2ekVMTUFrR0ExVUVCaE1DVlZNeEVqQVFCZ05WCkJBZ1RDVk52YldWM2FHVnlaVEVSTUE4R0ExVUVCeE1JVTI5dFpXTnBkSGt4RkRBU0JnTlZCQW9UQzBOdmJYQmgKYm5sT1lXMWxNUzh3TFFZRFZRUUxFeVpQY21kaGJtbDZZWFJwYjI1aGJDQlZibWwwSUU1aGJXVWdLR1ZuTENCegpaV04wYVc5dUtURWtNQ0lHQTFVRUF4TWJRMjl0Ylc5dUlFNWhiV1VnS0dWbkxDQlpUMVZTSUc1aGJXVXBNUnd3CkdnWUpLb1pJaHZjTkFRa0JGZzFGYldGcGJDQkJaR1J5WlhOek1JR2ZNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0R04KQURDQmlRS0JnUUN1TzJ1WENOTGRCL2pCb29MaGp1aHd5bm1JNTBCbkRqY1l5SHpqSXlpU293NEtuUFRtRCtBNgpiSVlLK1dWRFNOZXdQdWdCZk85bkNmb0dsWVNENk1DaU1NRWVIWFBZcGZDT1dJRWVGL0xSTW5TakVyOVg4YnQwClBJTzM5Y1pmdjdVTmR2ZTFiYmFYN1U3cUk0cWprdDJRVjYwcGN4ZTJ0Ylp3TFNQVEtsbllVd0lEQVFBQm80SUIKS0RDQ0FTUXdIUVlEVlIwT0JCWUVGTkoxbzh2SzZSemVUN0YzTFk0dUFnclFiZndtTUlIMEJnTlZIU01FZ2V3dwpnZW1BRk5KMW84dks2UnplVDdGM0xZNHVBZ3JRYmZ3bW9ZSEZwSUhDTUlHL01Rc3dDUVlEVlFRR0V3SlZVekVTCk1CQUdBMVVFQ0JNSlUyOXRaWGRvWlhKbE1SRXdEd1lEVlFRSEV3aFRiMjFsWTJsMGVURVVNQklHQTFVRUNoTUwKUTI5dGNHRnVlVTVoYldVeEx6QXRCZ05WQkFzVEprOXlaMkZ1YVhwaGRHbHZibUZzSUZWdWFYUWdUbUZ0WlNBbwpaV2NzSUhObFkzUnBiMjRwTVNRd0lnWURWUVFERXh0RGIyMXRiMjRnVG1GdFpTQW9aV2NzSUZsUFZWSWdibUZ0ClpTa3hIREFhQmdrcWhraUc5dzBCQ1FFV0RVVnRZV2xzSUVGa1pISmxjM09DQ1FES0hiZTEvV2xTTWpBTUJnTlYKSFJNRUJUQURBUUgvTUEwR0NTcUdTSWIzRFFFQkJRVUFBNEdCQUZSWWtvN0hvemlKTzhvUWgreWsxNXVEVkVGLwp0TFhVNVhUVGh6SjVWRWZDOUw5Z3NkZkQ4T1ZKaE1tWFNEQ1FoRmU5QzdMTkJ3b0l3L05XNExUSWl6YUc3VzBTCmJhdDRWZnhzbjI3eGk3bTNpQVk0dHMzckxJTUQyZndjYStIVCtlbkxTemVSV3drT284VENRcTR3VHRPeGw0QmkKMzJwSUw5NUh6ZVpKZDg1RQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==</crt>
499
		<prv>R2VuZXJhdGluZyBSU0EgcHJpdmF0ZSBrZXksIDEwMjQgYml0IGxvbmcgbW9kdWx1cwouLi4uLi4uLi4uLi4uLisrKysrKwouKysrKysrCmUgaXMgNjU1MzcgKDB4MTAwMDEpCi0tLS0tQkVHSU4gUlNBIFBSSVZBVEUgS0VZLS0tLS0KTUlJQ1hBSUJBQUtCZ1FDdU8ydVhDTkxkQi9qQm9vTGhqdWh3eW5tSTUwQm5EamNZeUh6akl5aVNvdzRLblBUbQpEK0E2YklZSytXVkRTTmV3UHVnQmZPOW5DZm9HbFlTRDZNQ2lNTUVlSFhQWXBmQ09XSUVlRi9MUk1uU2pFcjlYCjhidDBQSU8zOWNaZnY3VU5kdmUxYmJhWDdVN3FJNHFqa3QyUVY2MHBjeGUydGJad0xTUFRLbG5ZVXdJREFRQUIKQW9HQVVWR3llWi9JcXhrWlpXYndKMDZIOW56S0ZMZTZPMTlMSCtvVFFBQWM0N1B1emMxTUVFVEFwd1FYMis5aQo3L0NEbXVNQmJoQmR2SDNQa0ZzZ3FtQnI1NElJVWY3MUg3ZENOZmUrWFJ4VGJ0ZnNWcmRvYWE2WmRRMVR1UjlXCkhYdE9XK2V0WkhFRmRFV29pKzRRT0dvcG1nYjJtbjJnMi9vbUFabkFabVVUUm9FQ1FRRGJZYXBTL0ttYklEbTgKc3F1NjEwYXcvUkx0TE9mYWFRbG9hMGtubkVsZEE0QWhpalpHendPUzQvSWYzQ0NKQS9OQU9rWDZ2QXNzRmhhQgpwOTZkcGtiREFrRUF5MUI4M29hWUtFcUREdittcW9DVkJlQktoQytTRkNZWXI0Z292dGFXcUg2c1lpdnloeEdWCklXN09MZlpNdC9LdnU5RURvOGlPMG81NXZqYjFJODJ2TVFKQUVvN29nYXl1REZsbGlQajBYaEhvQVFEbm9QaXoKaEY1dVZVNytHVU8zVVE4Q3Y5T1pVOVFmVVVYSExickpaYzNYdmc4djdFNE1BK2E2Y0sxcXY1dFpVUUpCQUp3MQpsZ3NlM0c4d2VLdWdicnhYbUtmd0lUQ1lvQ0xNOW5CL0s5Y2NacHJFNE10NHVwbGVQL2QwL0FMQ1YwV0p0ODJWCkZMZlZFeTdoZXRaVHdWc2w0REVDUUR6NkJvZjJqNmx0YWQ2VVEwSTNneDI5eFR1clNSQkcwcU5CZC9rUis3NmkKQkovZzlkV3BiMFh3TGtQSjRtdVBwUGhIdEQvTXFEVkpMd244SnFZQW1FST0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K</prv>
500
	</cert>
501
	<ppps/>
502
	<installedpackages>
503
		<haproxy>
504
			<enable/>
505
			<maxconn>100</maxconn>
506
		</haproxy>
507
		<pfblocker>
508
			<config>
509
				<enable_cb/>
510
				<enable_log>on</enable_log>
511
				<inbound_interface>wan</inbound_interface>
512
				<inbound_deny_action>reject</inbound_deny_action>
513
				<outbound_interface>lan</outbound_interface>
514
				<outbound_deny_action>reject</outbound_deny_action>
515
				<credits/>
516
				<donation/>
517
			</config>
518
		</pfblocker>
519
		<pfblockerlists>
520
			<config>
521
				<aliasname>VKList</aliasname>
522
				<description><![CDATA[custom local list]]></description>
523
				<action>Deny_Inbound</action>
524
				<cron>Never</cron>
525
				<custom>MTkyLjE2OC4yNTQuMC8yNA==</custom>
526
			</config>
527
			<config>
528
				<aliasname>DShield</aliasname>
529
				<description><![CDATA[dshield attackers list]]></description>
530
				<row>
531
					<format>txt</format>
532
					<url>http://feeds.dshield.org/top10-2.txt</url>
533
				</row>
534
				<action>Deny_Inbound</action>
535
				<cron>01hour</cron>
536
				<custom/>
537
			</config>
538
			<config>
539
				<aliasname>SpamHaus</aliasname>
540
				<description><![CDATA[SpamHaus DROP]]></description>
541
				<row>
542
					<format>txt</format>
543
					<url>http://www.spamhaus.org/drop/drop.lasso</url>
544
				</row>
545
				<action>Deny_Inbound</action>
546
				<cron>04hours</cron>
547
				<custom/>
548
			</config>
549
		</pfblockerlists>
550
		<service/>
551
		<package>
552
			<name>pfBlocker</name>
553
			<website/>
554
			<descr><![CDATA[Introduce Enhanced Aliastable Feature to pfsense.&lt;br /&gt;
555
			Assign many IP urls lists from sites like I-blocklist to a single alias and then choose rule action to take.&lt;br /&gt;
556
			This package also Block countries and IP ranges.&lt;br /&gt;
557
			pfBlocker replaces Countryblock and IPblocklist.]]></descr>
558
			<category>Firewall</category>
559
			<pkginfolink>https://forum.pfsense.org/index.php/topic,42543.0.html</pkginfolink>
560
			<config_file>https://packages.pfsense.org/packages/config/pf-blocker/pfblocker.xml</config_file>
561
			<version>1.0.3</version>
562
			<status>Release</status>
563
			<required_version>2.2</required_version>
564
			<maintainer>tom@tomschaefer.org marcellocoutinho@gmail.com</maintainer>
565
			<configurationfile>pfblocker.xml</configurationfile>
566
			<depends_on_package_base_url>https://files.pfsense.org/packages/10/All/</depends_on_package_base_url>
567
		</package>
568
		<menu>
569
			<name>pfBlocker</name>
570
			<tooltiptext>Configure pfblocker</tooltiptext>
571
			<section>Firewall</section>
572
			<url>/pkg_edit.php?xml=pfblocker.xml</url>
573
		</menu>
574
		<tab>
575
			<text>General</text>
576
			<url>/pkg_edit.php?xml=pfblocker.xml&amp;id=0</url>
577
			<active/>
578
		</tab>
579
	</installedpackages>
580
	<dhcrelay/>
581
	<dhcpdv6/>
582
	<dhcrelay6/>
583
	<ntpd>
584
		<gps>
585
			<type>Default</type>
586
		</gps>
587
		<statsgraph>on</statsgraph>
588
	</ntpd>
589
	<notifications>
590
		<growl>
591
			<ipaddress/>
592
			<password/>
593
			<name>PHP-Growl</name>
594
			<notification_name>pfSense growl alert</notification_name>
595
			<disable/>
596
		</growl>
597
		<smtp>
598
			<ipaddress/>
599
			<port/>
600
			<notifyemailaddress/>
601
			<username/>
602
			<password/>
603
			<fromaddress/>
604
		</smtp>
605
	</notifications>
606
	<unbound>
607
		<active_interface>all</active_interface>
608
		<outgoing_interface/>
609
		<custom_options>server:
610
private-domain: &quot;kcilink.com&quot;
611
private-domain: &quot;m1e.net&quot;
612
private-domain: mailermailer.com
613
private-domain: khera.org</custom_options>
614
		<msgcachesize>4</msgcachesize>
615
		<outgoing_num_tcp>10</outgoing_num_tcp>
616
		<incoming_num_tcp>10</incoming_num_tcp>
617
		<edns_buffer_size>4096</edns_buffer_size>
618
		<num_queries_per_thread>512</num_queries_per_thread>
619
		<jostle_timeout>200</jostle_timeout>
620
		<cache_max_ttl>86400</cache_max_ttl>
621
		<cache_min_ttl>0</cache_min_ttl>
622
		<infra_host_ttl>900</infra_host_ttl>
623
		<infra_lame_ttl>900</infra_lame_ttl>
624
		<infra_cache_numhosts>10000</infra_cache_numhosts>
625
		<unwanted_reply_threshold>10000000</unwanted_reply_threshold>
626
		<log_verbosity>1</log_verbosity>
627
		<domainoverrides>
628
			<domain>7.168.192.in-addr.arpa</domain>
629
			<ip>199.83.96.5</ip>
630
			<descr><![CDATA[KCI office LAN]]></descr>
631
		</domainoverrides>
632
		<domainoverrides>
633
			<domain>97.168.192.in-addr.arpa</domain>
634
			<ip>199.83.96.5</ip>
635
			<descr><![CDATA[ashburn private lan]]></descr>
636
		</domainoverrides>
637
		<enable/>
638
		<dnssecstripped/>
639
		<dnssec/>
640
		<hardenglue/>
641
	</unbound>
642
</pfsense>
(2-2/2)