Project

General

Profile

Download (20.5 KB)

Bug #4090 » config-pfsense.localdomain-20150105090641.xml

Vick Khera, 01/05/2015 08:06 AM

 
1 
<?xml version="1.0"?>
2 
<pfsense>
3 
	<version>11.3</version>
4 
	<lastchange/>
5 
	<theme>pfsense_ng_fs</theme>
6 
	<sysctl>
7 
		<item>
8 
			<descr><![CDATA[Disable the pf ftp proxy handler.]]></descr>
9 
			<tunable>debug.pfftpproxy</tunable>
10 
			<value>default</value>
11 
		</item>
12 
		<item>
13 
			<descr><![CDATA[Increase UFS read-ahead speeds to match current state of hard drives and NCQ. More information here: http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html]]></descr>
14 
			<tunable>vfs.read_max</tunable>
15 
			<value>default</value>
16 
		</item>
17 
		<item>
18 
			<descr><![CDATA[Set the ephemeral port range to be lower.]]></descr>
19 
			<tunable>net.inet.ip.portrange.first</tunable>
20 
			<value>default</value>
21 
		</item>
22 
		<item>
23 
			<descr><![CDATA[Drop packets to closed TCP ports without returning a RST]]></descr>
24 
			<tunable>net.inet.tcp.blackhole</tunable>
25 
			<value>default</value>
26 
		</item>
27 
		<item>
28 
			<descr><![CDATA[Do not send ICMP port unreachable messages for closed UDP ports]]></descr>
29 
			<tunable>net.inet.udp.blackhole</tunable>
30 
			<value>default</value>
31 
		</item>
32 
		<item>
33 
			<descr><![CDATA[Randomize the ID field in IP packets (default is 0: sequential IP IDs)]]></descr>
34 
			<tunable>net.inet.ip.random_id</tunable>
35 
			<value>default</value>
36 
		</item>
37 
		<item>
38 
			<descr><![CDATA[Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)]]></descr>
39 
			<tunable>net.inet.tcp.drop_synfin</tunable>
40 
			<value>default</value>
41 
		</item>
42 
		<item>
43 
			<descr><![CDATA[Enable sending IPv4 redirects]]></descr>
44 
			<tunable>net.inet.ip.redirect</tunable>
45 
			<value>default</value>
46 
		</item>
47 
		<item>
48 
			<descr><![CDATA[Enable sending IPv6 redirects]]></descr>
49 
			<tunable>net.inet6.ip6.redirect</tunable>
50 
			<value>default</value>
51 
		</item>
52 
		<item>
53 
			<descr><![CDATA[Generate SYN cookies for outbound SYN-ACK packets]]></descr>
54 
			<tunable>net.inet.tcp.syncookies</tunable>
55 
			<value>default</value>
56 
		</item>
57 
		<item>
58 
			<descr><![CDATA[Maximum incoming/outgoing TCP datagram size (receive)]]></descr>
59 
			<tunable>net.inet.tcp.recvspace</tunable>
60 
			<value>default</value>
61 
		</item>
62 
		<item>
63 
			<descr><![CDATA[Maximum incoming/outgoing TCP datagram size (send)]]></descr>
64 
			<tunable>net.inet.tcp.sendspace</tunable>
65 
			<value>default</value>
66 
		</item>
67 
		<item>
68 
			<descr><![CDATA[IP Fastforwarding]]></descr>
69 
			<tunable>net.inet.ip.fastforwarding</tunable>
70 
			<value>default</value>
71 
		</item>
72 
		<item>
73 
			<descr><![CDATA[Do not delay ACK to try and piggyback it onto a data packet]]></descr>
74 
			<tunable>net.inet.tcp.delayed_ack</tunable>
75 
			<value>default</value>
76 
		</item>
77 
		<item>
78 
			<descr><![CDATA[Maximum outgoing UDP datagram size]]></descr>
79 
			<tunable>net.inet.udp.maxdgram</tunable>
80 
			<value>default</value>
81 
		</item>
82 
		<item>
83 
			<descr><![CDATA[Handling of non-IP packets which are not passed to pfil (see if_bridge(4))]]></descr>
84 
			<tunable>net.link.bridge.pfil_onlyip</tunable>
85 
			<value>default</value>
86 
		</item>
87 
		<item>
88 
			<descr><![CDATA[Set to 0 to disable filtering on the incoming and outgoing member interfaces.]]></descr>
89 
			<tunable>net.link.bridge.pfil_member</tunable>
90 
			<value>default</value>
91 
		</item>
92 
		<item>
93 
			<descr><![CDATA[Set to 1 to enable filtering on the bridge interface]]></descr>
94 
			<tunable>net.link.bridge.pfil_bridge</tunable>
95 
			<value>default</value>
96 
		</item>
97 
		<item>
98 
			<descr><![CDATA[Allow unprivileged access to tap(4) device nodes]]></descr>
99 
			<tunable>net.link.tap.user_open</tunable>
100 
			<value>default</value>
101 
		</item>
102 
		<item>
103 
			<descr><![CDATA[Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())]]></descr>
104 
			<tunable>kern.randompid</tunable>
105 
			<value>default</value>
106 
		</item>
107 
		<item>
108 
			<descr><![CDATA[Maximum size of the IP input queue]]></descr>
109 
			<tunable>net.inet.ip.intr_queue_maxlen</tunable>
110 
			<value>default</value>
111 
		</item>
112 
		<item>
113 
			<descr><![CDATA[Disable CTRL+ALT+Delete reboot from keyboard.]]></descr>
114 
			<tunable>hw.syscons.kbd_reboot</tunable>
115 
			<value>default</value>
116 
		</item>
117 
		<item>
118 
			<descr><![CDATA[Enable TCP Inflight mode]]></descr>
119 
			<tunable>net.inet.tcp.inflight.enable</tunable>
120 
			<value>default</value>
121 
		</item>
122 
		<item>
123 
			<descr><![CDATA[Enable TCP extended debugging]]></descr>
124 
			<tunable>net.inet.tcp.log_debug</tunable>
125 
			<value>default</value>
126 
		</item>
127 
		<item>
128 
			<descr><![CDATA[Set ICMP Limits]]></descr>
129 
			<tunable>net.inet.icmp.icmplim</tunable>
130 
			<value>default</value>
131 
		</item>
132 
		<item>
133 
			<descr><![CDATA[TCP Offload Engine]]></descr>
134 
			<tunable>net.inet.tcp.tso</tunable>
135 
			<value>default</value>
136 
		</item>
137 
		<item>
138 
			<descr><![CDATA[Maximum socket buffer size]]></descr>
139 
			<tunable>kern.ipc.maxsockbuf</tunable>
140 
			<value>default</value>
141 
		</item>
142 
	</sysctl>
143 
	<system>
144 
		<optimization>normal</optimization>
145 
		<hostname>pfsense</hostname>
146 
		<domain>localdomain</domain>
147 
		<group>
148 
			<name>all</name>
149 
			<description><![CDATA[All Users]]></description>
150 
			<scope>system</scope>
151 
			<gid>1998</gid>
152 
		</group>
153 
		<group>
154 
			<name>admins</name>
155 
			<description><![CDATA[System Administrators]]></description>
156 
			<scope>system</scope>
157 
			<gid>1999</gid>
158 
			<member>0</member>
159 
			<priv>page-all</priv>
160 
		</group>
161 
		<group>
162 
			<name>iphonevpn</name>
163 
			<description><![CDATA[People with iphone VPN privileges]]></description>
164 
			<member>2001</member>
165 
			<member>2002</member>
166 
			<member>2000</member>
167 
			<gid>2001</gid>
168 
			<priv>user-ipsec-xauth-dialin</priv>
169 
		</group>
170 
		<user>
171 
			<name>admin</name>
172 
			<descr><![CDATA[System Administrator]]></descr>
173 
			<scope>system</scope>
174 
			<groupname>admins</groupname>
175 
			<password>$1$1ss4/1er$D8PUmzpdhKC3MxmfMvD7U0</password>
176 
			<uid>0</uid>
177 
			<priv>user-shell-access</priv>
178 
			<md5-hash>c2c94a0b4c5e28000d45502ffc043479</md5-hash>
179 
			<nt-hash>adab035a3afbc0eb5b9af4b199fdb00e</nt-hash>
180 
		</user>
181 
		<user>
182 
			<name>admin</name>
183 
			<descr><![CDATA[System Administrator]]></descr>
184 
			<scope>system</scope>
185 
			<password>$1$ZYKXPzDy$p7rc2rRz1IjSz.TDENmLS0</password>
186 
			<uid>0</uid>
187 
			<priv>user-shell-access</priv>
188 
			<priv>user-copy-files</priv>
189 
		</user>
190 
		<user>
191 
			<scope>user</scope>
192 
			<password>$1$1Fh4YhRl$Z5R5jG7kPN2RzqhOBE1ig0</password>
193 
			<md5-hash>fa5e08c4e3d479648967162c4a53a42f</md5-hash>
194 
			<nt-hash>34613a1039a2cf49d7388b1d5588b5db</nt-hash>
195 
			<name>kamelkev</name>
196 
			<descr><![CDATA[Kevin Kamel]]></descr>
197 
			<expires/>
198 
			<authorizedkeys/>
199 
			<ipsecpsk/>
200 
			<uid>2001</uid>
201 
		</user>
202 
		<user>
203 
			<scope>user</scope>
204 
			<password>$1$uiwFqfJJ$48gkfDWJ/jS/aVQAuu7P01</password>
205 
			<md5-hash>452ea25e87f9f7b071b4f7c177e74b17</md5-hash>
206 
			<nt-hash>8bee20278b6a9fcc0932953c37308622</nt-hash>
207 
			<name>raj</name>
208 
			<descr><![CDATA[Raj Khera]]></descr>
209 
			<expires/>
210 
			<authorizedkeys/>
211 
			<ipsecpsk/>
212 
			<uid>2002</uid>
213 
		</user>
214 
		<user>
215 
			<scope>user</scope>
216 
			<password>$1$JfAEE7Ys$Lz6xYmfa9uau9ReAP2EF4.</password>
217 
			<md5-hash>9593f160add977eb5f0302339306cd0b</md5-hash>
218 
			<nt-hash>e278dd5fa95b839b7c9e73de8d429198</nt-hash>
219 
			<name>vivek</name>
220 
			<descr><![CDATA[Vick Khera]]></descr>
221 
			<expires/>
222 
			<authorizedkeys/>
223 
			<ipsecpsk/>
224 
			<uid>2000</uid>
225 
		</user>
226 
		<nextuid>2005</nextuid>
227 
		<nextgid>2002</nextgid>
228 
		<timezone>America/New_York</timezone>
229 
		<time-update-interval/>
230 
		<timeservers>rockville-fw-a.int.kcilink.com rockville-fw-b.int.kcilink.com</timeservers>
231 
		<webgui>
232 
			<protocol>http</protocol>
233 
			<ssl-certref>4f1f26755c554</ssl-certref>
234 
			<port/>
235 
			<max_procs>2</max_procs>
236 
			<loginautocomplete/>
237 
		</webgui>
238 
		<disablenatreflection>yes</disablenatreflection>
239 
		<disablesegmentationoffloading/>
240 
		<disablelargereceiveoffloading/>
241 
		<dns1gwint>none</dns1gwint>
242 
		<dns2gwint>none</dns2gwint>
243 
		<dns3gwint>none</dns3gwint>
244 
		<dns4gwint>none</dns4gwint>
245 
		<firmware>
246 
			<alturl>
247 
				<enable/>
248 
				<firmwareurl>https://updates.pfsense.org/_updaters</firmwareurl>
249 
			</alturl>
250 
		</firmware>
251 
		<gitsync>
252 
			<repositoryurl/>
253 
			<branch/>
254 
		</gitsync>
255 
		<kill_states/>
256 
		<serialspeed>9600</serialspeed>
257 
		<enablesshd>enabled</enablesshd>
258 
		<powerd_ac_mode>hadp</powerd_ac_mode>
259 
		<powerd_battery_mode>hadp</powerd_battery_mode>
260 
		<powerd_normal_mode>hadp</powerd_normal_mode>
261 
		<thermal_hardware>coretemp</thermal_hardware>
262 
		<use_mfs_tmp_size/>
263 
		<use_mfs_var_size/>
264 
		<language>en_US</language>
265 
		<dns1gw>none</dns1gw>
266 
		<dns2gw>none</dns2gw>
267 
		<dns3gw>none</dns3gw>
268 
		<dns4gw>none</dns4gw>
269 
		<dnsserver>192.168.7.1</dnsserver>
270 
	</system>
271 
	<interfaces>
272 
		<wan>
273 
			<enable/>
274 
			<if>em0</if>
275 
			<ipaddr>dhcp</ipaddr>
276 
			<gateway/>
277 
			<blockpriv>on</blockpriv>
278 
			<blockbogons>on</blockbogons>
279 
			<media/>
280 
			<mediaopt/>
281 
		</wan>
282 
		<lan>
283 
			<enable/>
284 
			<if>em1</if>
285 
			<ipaddr>172.16.39.2</ipaddr>
286 
			<subnet>24</subnet>
287 
			<media/>
288 
			<mediaopt/>
289 
		</lan>
290 
	</interfaces>
291 
	<staticroutes/>
292 
	<dhcpd>
293 
		<lan>
294 
			<range>
295 
				<from>172.16.39.10</from>
296 
				<to>172.16.39.245</to>
297 
			</range>
298 
		</lan>
299 
	</dhcpd>
300 
	<pptpd>
301 
		<mode/>
302 
		<redir/>
303 
		<localip/>
304 
		<remoteip/>
305 
	</pptpd>
306 
	<dnsmasq>
307 
		<custom_options/>
308 
		<interface/>
309 
	</dnsmasq>
310 
	<snmpd>
311 
		<syslocation/>
312 
		<syscontact/>
313 
		<rocommunity>public</rocommunity>
314 
	</snmpd>
315 
	<diag>
316 
		<ipv6nat>
317 
			<ipaddr/>
318 
		</ipv6nat>
319 
	</diag>
320 
	<bridge/>
321 
	<syslog/>
322 
	<nat>
323 
		<outbound>
324 
			<mode>automatic</mode>
325 
		</outbound>
326 
	</nat>
327 
	<filter>
328 
		<rule>
329 
			<id/>
330 
			<type>reject</type>
331 
			<interface>wan</interface>
332 
			<tag/>
333 
			<tagged/>
334 
			<max/>
335 
			<max-src-nodes/>
336 
			<max-src-conn/>
337 
			<max-src-states/>
338 
			<statetimeout/>
339 
			<statetype>keep state</statetype>
340 
			<os/>
341 
			<protocol>tcp</protocol>
342 
			<source>
343 
				<address>10.10.10.11</address>
344 
			</source>
345 
			<destination>
346 
				<any/>
347 
			</destination>
348 
			<descr><![CDATA[test rule]]></descr>
349 
			<tracker>1418217109</tracker>
350 
		</rule>
351 
		<rule>
352 
			<type>pass</type>
353 
			<descr><![CDATA[Default allow LAN to any rule]]></descr>
354 
			<interface>lan</interface>
355 
			<source>
356 
				<network>lan</network>
357 
			</source>
358 
			<destination>
359 
				<any/>
360 
			</destination>
361 
			<tracker>1418217110</tracker>
362 
		</rule>
363 
	</filter>
364 
	<shaper/>
365 
	<ipsec>
366 
		<preferoldsa/>
367 
	</ipsec>
368 
	<aliases/>
369 
	<proxyarp/>
370 
	<cron>
371 
		<item>
372 
			<minute>1,31</minute>
373 
			<hour>0-5</hour>
374 
			<mday>*</mday>
375 
			<month>*</month>
376 
			<wday>*</wday>
377 
			<who>root</who>
378 
			<command>/usr/bin/nice -n20 adjkerntz -a</command>
379 
		</item>
380 
		<item>
381 
			<minute>1</minute>
382 
			<hour>3</hour>
383 
			<mday>1</mday>
384 
			<month>*</month>
385 
			<wday>*</wday>
386 
			<who>root</who>
387 
			<command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh</command>
388 
		</item>
389 
		<item>
390 
			<minute>*/60</minute>
391 
			<hour>*</hour>
392 
			<mday>*</mday>
393 
			<month>*</month>
394 
			<wday>*</wday>
395 
			<who>root</who>
396 
			<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout</command>
397 
		</item>
398 
		<item>
399 
			<minute>1</minute>
400 
			<hour>1</hour>
401 
			<mday>*</mday>
402 
			<month>*</month>
403 
			<wday>*</wday>
404 
			<who>root</who>
405 
			<command>/usr/bin/nice -n20 /etc/rc.dyndns.update</command>
406 
		</item>
407 
		<item>
408 
			<minute>*/60</minute>
409 
			<hour>*</hour>
410 
			<mday>*</mday>
411 
			<month>*</month>
412 
			<wday>*</wday>
413 
			<who>root</who>
414 
			<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot</command>
415 
		</item>
416 
		<item>
417 
			<minute>30</minute>
418 
			<hour>12</hour>
419 
			<mday>*</mday>
420 
			<month>*</month>
421 
			<wday>*</wday>
422 
			<who>root</who>
423 
			<command>/usr/bin/nice -n20 /etc/rc.update_urltables</command>
424 
		</item>
425 
		<item>
426 
			<minute>*/60</minute>
427 
			<hour>*</hour>
428 
			<mday>*</mday>
429 
			<month>*</month>
430 
			<wday>*</wday>
431 
			<who>root</who>
432 
			<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout</command>
433 
		</item>
434 
	</cron>
435 
	<wol/>
436 
	<rrd>
437 
		<enable/>
438 
	</rrd>
439 
	<load_balancer>
440 
		<monitor_type>
441 
			<name>ICMP</name>
442 
			<type>icmp</type>
443 
			<descr><![CDATA[ICMP]]></descr>
444 
			<options/>
445 
		</monitor_type>
446 
		<monitor_type>
447 
			<name>TCP</name>
448 
			<type>tcp</type>
449 
			<descr><![CDATA[Generic TCP]]></descr>
450 
			<options/>
451 
		</monitor_type>
452 
		<monitor_type>
453 
			<name>HTTP</name>
454 
			<type>http</type>
455 
			<descr><![CDATA[Generic HTTP]]></descr>
456 
			<options>
457 
				<path>/</path>
458 
				<host/>
459 
				<code>200</code>
460 
			</options>
461 
		</monitor_type>
462 
		<monitor_type>
463 
			<name>HTTPS</name>
464 
			<type>https</type>
465 
			<descr><![CDATA[Generic HTTPS]]></descr>
466 
			<options>
467 
				<path>/</path>
468 
				<host/>
469 
				<code>200</code>
470 
			</options>
471 
		</monitor_type>
472 
		<monitor_type>
473 
			<name>SMTP</name>
474 
			<type>send</type>
475 
			<descr><![CDATA[Generic SMTP]]></descr>
476 
			<options>
477 
				<send/>
478 
				<expect>220 *</expect>
479 
			</options>
480 
		</monitor_type>
481 
	</load_balancer>
482 
	<widgets>
483 
		<sequence>system_information-container:col1:show,captive_portal_status-container:col1:close,carp_status-container:col1:close,cpu_graphs-container:col1:close,gateways-container:col1:close,gmirror_status-container:col1:close,installed_packages-container:col1:close,interface_statistics-container:col1:close,interfaces-container:col2:show,ipsec-container:col2:close,load_balancer_status-container:col2:close,log-container:col2:close,picture-container:col2:close,rss-container:col2:close,services_status-container:col2:close,traffic_graphs-container:col2:close,openvpn-container:col2:none,pfBlocker-container:col2:show,wake_on_lan-container:col2:none</sequence>
484 
	</widgets>
485 
	<revision>
486 
		<time>1420466784</time>
487 
		<description><![CDATA[admin@172.16.39.1: DNS Resolver configured.]]></description>
488 
		<username>admin@172.16.39.1</username>
489 
	</revision>
490 
	<openvpn/>
491 
	<l7shaper>
492 
		<container/>
493 
	</l7shaper>
494 
	<dnshaper/>
495 
	<cert>
496 
		<refid>4f1f26755c554</refid>
497 
		<descr><![CDATA[webConfigurator default]]></descr>
498 
		<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVLRENDQTVHZ0F3SUJBZ0lKQU1vZHQ3WDlhVkl5TUEwR0NTcUdTSWIzRFFFQkJRVUFNSUcvTVFzd0NRWUQKVlFRR0V3SlZVekVTTUJBR0ExVUVDQk1KVTI5dFpYZG9aWEpsTVJFd0R3WURWUVFIRXdoVGIyMWxZMmwwZVRFVQpNQklHQTFVRUNoTUxRMjl0Y0dGdWVVNWhiV1V4THpBdEJnTlZCQXNUSms5eVoyRnVhWHBoZEdsdmJtRnNJRlZ1CmFYUWdUbUZ0WlNBb1pXY3NJSE5sWTNScGIyNHBNU1F3SWdZRFZRUURFeHREYjIxdGIyNGdUbUZ0WlNBb1pXY3MKSUZsUFZWSWdibUZ0WlNreEhEQWFCZ2txaGtpRzl3MEJDUUVXRFVWdFlXbHNJRUZrWkhKbGMzTXdIaGNOTVRJdwpNVEkwTWpFME5USTFXaGNOTVRjd056RTJNakUwTlRJMVdqQ0J2ekVMTUFrR0ExVUVCaE1DVlZNeEVqQVFCZ05WCkJBZ1RDVk52YldWM2FHVnlaVEVSTUE4R0ExVUVCeE1JVTI5dFpXTnBkSGt4RkRBU0JnTlZCQW9UQzBOdmJYQmgKYm5sT1lXMWxNUzh3TFFZRFZRUUxFeVpQY21kaGJtbDZZWFJwYjI1aGJDQlZibWwwSUU1aGJXVWdLR1ZuTENCegpaV04wYVc5dUtURWtNQ0lHQTFVRUF4TWJRMjl0Ylc5dUlFNWhiV1VnS0dWbkxDQlpUMVZTSUc1aGJXVXBNUnd3CkdnWUpLb1pJaHZjTkFRa0JGZzFGYldGcGJDQkJaR1J5WlhOek1JR2ZNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0R04KQURDQmlRS0JnUUN1TzJ1WENOTGRCL2pCb29MaGp1aHd5bm1JNTBCbkRqY1l5SHpqSXlpU293NEtuUFRtRCtBNgpiSVlLK1dWRFNOZXdQdWdCZk85bkNmb0dsWVNENk1DaU1NRWVIWFBZcGZDT1dJRWVGL0xSTW5TakVyOVg4YnQwClBJTzM5Y1pmdjdVTmR2ZTFiYmFYN1U3cUk0cWprdDJRVjYwcGN4ZTJ0Ylp3TFNQVEtsbllVd0lEQVFBQm80SUIKS0RDQ0FTUXdIUVlEVlIwT0JCWUVGTkoxbzh2SzZSemVUN0YzTFk0dUFnclFiZndtTUlIMEJnTlZIU01FZ2V3dwpnZW1BRk5KMW84dks2UnplVDdGM0xZNHVBZ3JRYmZ3bW9ZSEZwSUhDTUlHL01Rc3dDUVlEVlFRR0V3SlZVekVTCk1CQUdBMVVFQ0JNSlUyOXRaWGRvWlhKbE1SRXdEd1lEVlFRSEV3aFRiMjFsWTJsMGVURVVNQklHQTFVRUNoTUwKUTI5dGNHRnVlVTVoYldVeEx6QXRCZ05WQkFzVEprOXlaMkZ1YVhwaGRHbHZibUZzSUZWdWFYUWdUbUZ0WlNBbwpaV2NzSUhObFkzUnBiMjRwTVNRd0lnWURWUVFERXh0RGIyMXRiMjRnVG1GdFpTQW9aV2NzSUZsUFZWSWdibUZ0ClpTa3hIREFhQmdrcWhraUc5dzBCQ1FFV0RVVnRZV2xzSUVGa1pISmxjM09DQ1FES0hiZTEvV2xTTWpBTUJnTlYKSFJNRUJUQURBUUgvTUEwR0NTcUdTSWIzRFFFQkJRVUFBNEdCQUZSWWtvN0hvemlKTzhvUWgreWsxNXVEVkVGLwp0TFhVNVhUVGh6SjVWRWZDOUw5Z3NkZkQ4T1ZKaE1tWFNEQ1FoRmU5QzdMTkJ3b0l3L05XNExUSWl6YUc3VzBTCmJhdDRWZnhzbjI3eGk3bTNpQVk0dHMzckxJTUQyZndjYStIVCtlbkxTemVSV3drT284VENRcTR3VHRPeGw0QmkKMzJwSUw5NUh6ZVpKZDg1RQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==</crt>
499 
		<prv>R2VuZXJhdGluZyBSU0EgcHJpdmF0ZSBrZXksIDEwMjQgYml0IGxvbmcgbW9kdWx1cwouLi4uLi4uLi4uLi4uLisrKysrKwouKysrKysrCmUgaXMgNjU1MzcgKDB4MTAwMDEpCi0tLS0tQkVHSU4gUlNBIFBSSVZBVEUgS0VZLS0tLS0KTUlJQ1hBSUJBQUtCZ1FDdU8ydVhDTkxkQi9qQm9vTGhqdWh3eW5tSTUwQm5EamNZeUh6akl5aVNvdzRLblBUbQpEK0E2YklZSytXVkRTTmV3UHVnQmZPOW5DZm9HbFlTRDZNQ2lNTUVlSFhQWXBmQ09XSUVlRi9MUk1uU2pFcjlYCjhidDBQSU8zOWNaZnY3VU5kdmUxYmJhWDdVN3FJNHFqa3QyUVY2MHBjeGUydGJad0xTUFRLbG5ZVXdJREFRQUIKQW9HQVVWR3llWi9JcXhrWlpXYndKMDZIOW56S0ZMZTZPMTlMSCtvVFFBQWM0N1B1emMxTUVFVEFwd1FYMis5aQo3L0NEbXVNQmJoQmR2SDNQa0ZzZ3FtQnI1NElJVWY3MUg3ZENOZmUrWFJ4VGJ0ZnNWcmRvYWE2WmRRMVR1UjlXCkhYdE9XK2V0WkhFRmRFV29pKzRRT0dvcG1nYjJtbjJnMi9vbUFabkFabVVUUm9FQ1FRRGJZYXBTL0ttYklEbTgKc3F1NjEwYXcvUkx0TE9mYWFRbG9hMGtubkVsZEE0QWhpalpHendPUzQvSWYzQ0NKQS9OQU9rWDZ2QXNzRmhhQgpwOTZkcGtiREFrRUF5MUI4M29hWUtFcUREdittcW9DVkJlQktoQytTRkNZWXI0Z292dGFXcUg2c1lpdnloeEdWCklXN09MZlpNdC9LdnU5RURvOGlPMG81NXZqYjFJODJ2TVFKQUVvN29nYXl1REZsbGlQajBYaEhvQVFEbm9QaXoKaEY1dVZVNytHVU8zVVE4Q3Y5T1pVOVFmVVVYSExickpaYzNYdmc4djdFNE1BK2E2Y0sxcXY1dFpVUUpCQUp3MQpsZ3NlM0c4d2VLdWdicnhYbUtmd0lUQ1lvQ0xNOW5CL0s5Y2NacHJFNE10NHVwbGVQL2QwL0FMQ1YwV0p0ODJWCkZMZlZFeTdoZXRaVHdWc2w0REVDUUR6NkJvZjJqNmx0YWQ2VVEwSTNneDI5eFR1clNSQkcwcU5CZC9rUis3NmkKQkovZzlkV3BiMFh3TGtQSjRtdVBwUGhIdEQvTXFEVkpMd244SnFZQW1FST0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K</prv>
500 
	</cert>
501 
	<ppps/>
502 
	<installedpackages>
503 
		<haproxy>
504 
			<enable/>
505 
			<maxconn>100</maxconn>
506 
		</haproxy>
507 
		<pfblocker>
508 
			<config>
509 
				<enable_cb/>
510 
				<enable_log>on</enable_log>
511 
				<inbound_interface>wan</inbound_interface>
512 
				<inbound_deny_action>reject</inbound_deny_action>
513 
				<outbound_interface>lan</outbound_interface>
514 
				<outbound_deny_action>reject</outbound_deny_action>
515 
				<credits/>
516 
				<donation/>
517 
			</config>
518 
		</pfblocker>
519 
		<pfblockerlists>
520 
			<config>
521 
				<aliasname>VKList</aliasname>
522 
				<description><![CDATA[custom local list]]></description>
523 
				<action>Deny_Inbound</action>
524 
				<cron>Never</cron>
525 
				<custom>MTkyLjE2OC4yNTQuMC8yNA==</custom>
526 
			</config>
527 
			<config>
528 
				<aliasname>DShield</aliasname>
529 
				<description><![CDATA[dshield attackers list]]></description>
530 
				<row>
531 
					<format>txt</format>
532 
					<url>http://feeds.dshield.org/top10-2.txt</url>
533 
				</row>
534 
				<action>Deny_Inbound</action>
535 
				<cron>01hour</cron>
536 
				<custom/>
537 
			</config>
538 
			<config>
539 
				<aliasname>SpamHaus</aliasname>
540 
				<description><![CDATA[SpamHaus DROP]]></description>
541 
				<row>
542 
					<format>txt</format>
543 
					<url>http://www.spamhaus.org/drop/drop.lasso</url>
544 
				</row>
545 
				<action>Deny_Inbound</action>
546 
				<cron>04hours</cron>
547 
				<custom/>
548 
			</config>
549 
		</pfblockerlists>
550 
		<service/>
551 
		<package>
552 
			<name>pfBlocker</name>
553 
			<website/>
554 
			<descr><![CDATA[Introduce Enhanced Aliastable Feature to pfsense.&lt;br /&gt;
555 
			Assign many IP urls lists from sites like I-blocklist to a single alias and then choose rule action to take.&lt;br /&gt;
556 
			This package also Block countries and IP ranges.&lt;br /&gt;
557 
			pfBlocker replaces Countryblock and IPblocklist.]]></descr>
558 
			<category>Firewall</category>
559 
			<pkginfolink>https://forum.pfsense.org/index.php/topic,42543.0.html</pkginfolink>
560 
			<config_file>https://packages.pfsense.org/packages/config/pf-blocker/pfblocker.xml</config_file>
561 
			<version>1.0.3</version>
562 
			<status>Release</status>
563 
			<required_version>2.2</required_version>
564 
			<maintainer>tom@tomschaefer.org marcellocoutinho@gmail.com</maintainer>
565 
			<configurationfile>pfblocker.xml</configurationfile>
566 
			<depends_on_package_base_url>https://files.pfsense.org/packages/10/All/</depends_on_package_base_url>
567 
		</package>
568 
		<menu>
569 
			<name>pfBlocker</name>
570 
			<tooltiptext>Configure pfblocker</tooltiptext>
571 
			<section>Firewall</section>
572 
			<url>/pkg_edit.php?xml=pfblocker.xml</url>
573 
		</menu>
574 
		<tab>
575 
			<text>General</text>
576 
			<url>/pkg_edit.php?xml=pfblocker.xml&amp;id=0</url>
577 
			<active/>
578 
		</tab>
579 
	</installedpackages>
580 
	<dhcrelay/>
581 
	<dhcpdv6/>
582 
	<dhcrelay6/>
583 
	<ntpd>
584 
		<gps>
585 
			<type>Default</type>
586 
		</gps>
587 
		<statsgraph>on</statsgraph>
588 
	</ntpd>
589 
	<notifications>
590 
		<growl>
591 
			<ipaddress/>
592 
			<password/>
593 
			<name>PHP-Growl</name>
594 
			<notification_name>pfSense growl alert</notification_name>
595 
			<disable/>
596 
		</growl>
597 
		<smtp>
598 
			<ipaddress/>
599 
			<port/>
600 
			<notifyemailaddress/>
601 
			<username/>
602 
			<password/>
603 
			<fromaddress/>
604 
		</smtp>
605 
	</notifications>
606 
	<unbound>
607 
		<active_interface>all</active_interface>
608 
		<outgoing_interface/>
609 
		<custom_options>server:
610 
private-domain: &quot;kcilink.com&quot;
611 
private-domain: &quot;m1e.net&quot;
612 
private-domain: mailermailer.com
613 
private-domain: khera.org</custom_options>
614 
		<msgcachesize>4</msgcachesize>
615 
		<outgoing_num_tcp>10</outgoing_num_tcp>
616 
		<incoming_num_tcp>10</incoming_num_tcp>
617 
		<edns_buffer_size>4096</edns_buffer_size>
618 
		<num_queries_per_thread>512</num_queries_per_thread>
619 
		<jostle_timeout>200</jostle_timeout>
620 
		<cache_max_ttl>86400</cache_max_ttl>
621 
		<cache_min_ttl>0</cache_min_ttl>
622 
		<infra_host_ttl>900</infra_host_ttl>
623 
		<infra_lame_ttl>900</infra_lame_ttl>
624 
		<infra_cache_numhosts>10000</infra_cache_numhosts>
625 
		<unwanted_reply_threshold>10000000</unwanted_reply_threshold>
626 
		<log_verbosity>1</log_verbosity>
627 
		<domainoverrides>
628 
			<domain>7.168.192.in-addr.arpa</domain>
629 
			<ip>199.83.96.5</ip>
630 
			<descr><![CDATA[KCI office LAN]]></descr>
631 
		</domainoverrides>
632 
		<domainoverrides>
633 
			<domain>97.168.192.in-addr.arpa</domain>
634 
			<ip>199.83.96.5</ip>
635 
			<descr><![CDATA[ashburn private lan]]></descr>
636 
		</domainoverrides>
637 
		<enable/>
638 
		<dnssecstripped/>
639 
		<dnssec/>
640 
		<hardenglue/>
641 
	</unbound>
642 
</pfsense>
(2-2/2)