pfSense » pfSense Packages

<?xml version="1.0"?>

<pfsense>

	<version>11.7</version>

	<lastchange/>

	<theme>pfsense_ng</theme>

	<system>

		<optimization>normal</optimization>

		<hostname>pfSense</hostname>

		<domain>localdomain</domain>

		<group>

			<name>all</name>

			<description><![CDATA[All Users]]></description>

			<scope>system</scope>

			<gid>1998</gid>

			<member>0</member>

		</group>

		<group>

			<name>admins</name>

			<description><![CDATA[System Administrators]]></description>

			<scope>system</scope>

			<gid>1999</gid>

			<member>0</member>

			<priv>page-all</priv>

		</group>

		<user>

			<name>admin</name>

			<descr><![CDATA[System Administrator]]></descr>

			<scope>system</scope>

			<groupname>admins</groupname>

			<password>$1$ZjNJHfnC$VH6i5mPe6qH0v5xDEs416/</password>

			<uid>0</uid>

			<priv>user-shell-access</priv>

			<md5-hash>f3a6d55c73fe1eaec44eec13651f897b</md5-hash>

			<nt-hash>3839386530653964623334326536356132656364383435386663643238316537</nt-hash>

		</user>

		<nextuid>2000</nextuid>

		<nextgid>2000</nextgid>

		<timezone>America/New_York</timezone>

		<time-update-interval/>

		<timeservers>0.pfsense.pool.ntp.org</timeservers>

		<webgui>

			<protocol>https</protocol>

			<loginautocomplete/>

			<ssl-certref>53daa0066bba1</ssl-certref>

			<port/>

			<max_procs>2</max_procs>

		</webgui>

		<disablenatreflection>yes</disablenatreflection>

		<disablesegmentationoffloading/>

		<disablelargereceiveoffloading/>

		<ipv6allow/>

		<powerd_ac_mode>hadp</powerd_ac_mode>

		<powerd_battery_mode>hadp</powerd_battery_mode>

		<powerd_normal_mode>hadp</powerd_normal_mode>

		<bogons>

			<interval>monthly</interval>

		</bogons>

		<kill_states/>

		<enableserial/>

		<language>en_US</language>

		<dns1gw>none</dns1gw>

		<dns2gw>none</dns2gw>

		<dns3gw>none</dns3gw>

		<dns4gw>none</dns4gw>

		<dnslocalhost/>

		<serialspeed>115200</serialspeed>

		<primaryconsole>serial</primaryconsole>

		<enablesshd>enabled</enablesshd>

		<dnsallowoverride/>

		<maximumtableentries>2000000</maximumtableentries>

	</system>

	<interfaces>

		<wan>

			<enable/>

			<if>re0</if>

			<blockpriv/>

			<blockbogons/>

			<descr><![CDATA[WAN]]></descr>

			<ipaddr>dhcp</ipaddr>

			<dhcphostname/>

			<alias-address/>

			<alias-subnet>32</alias-subnet>

			<dhcprejectfrom/>

			<adv_dhcp_pt_timeout/>

			<adv_dhcp_pt_retry/>

			<adv_dhcp_pt_select_timeout/>

			<adv_dhcp_pt_reboot/>

			<adv_dhcp_pt_backoff_cutoff/>

			<adv_dhcp_pt_initial_interval/>

			<adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>

			<adv_dhcp_send_options/>

			<adv_dhcp_request_options/>

			<adv_dhcp_required_options/>

			<adv_dhcp_option_modifiers/>

			<adv_dhcp_config_advanced/>

			<adv_dhcp_config_file_override/>

			<adv_dhcp_config_file_override_path/>

			<spoofmac/>

		</wan>

		<lan>

			<enable/>

			<if>re1</if>

			<descr><![CDATA[LAN]]></descr>

			<ipaddr>10.0.0.1</ipaddr>

			<subnet>24</subnet>

			<spoofmac/>

		</lan>

		<opt1>

			<if>re2</if>

			<descr><![CDATA[OPT1]]></descr>

		</opt1>

	</interfaces>

	<staticroutes/>

	<dhcpd>

		<lan>

			<enable/>

			<range>

				<from>10.0.0.10</from>

				<to>10.0.0.245</to>

			</range>

		</lan>

	</dhcpd>

	<pptpd>

		<mode/>

		<redir/>

		<localip/>

		<remoteip/>

	</pptpd>

	<snmpd>

		<syslocation/>

		<syscontact/>

		<rocommunity>public</rocommunity>

	</snmpd>

	<diag>

		<ipv6nat>

			<ipaddr/>

		</ipv6nat>

	</diag>

	<bridge/>

	<syslog/>

	<nat>

		<outbound>

			<mode>automatic</mode>

		</outbound>

	</nat>

	<filter>

		<rule>

			<id/>

			<tracker>1425650750</tracker>

			<type>pass</type>

			<interface>wan</interface>

			<ipprotocol>inet6</ipprotocol>

			<tag/>

			<tagged/>

			<max/>

			<max-src-nodes/>

			<max-src-conn/>

			<max-src-states/>

			<statetimeout/>

			<statetype>keep state</statetype>

			<os/>

			<protocol>tcp</protocol>

			<source>

				<any/>

			</source>

			<destination>

				<address>2600:380:18f7:ebfb:9901:e1d0:886f:2dc6</address>

			</destination>

			<descr/>

			<updated>

				<time>1425650750</time>

				<username>admin@10.0.0.10</username>

			</updated>

			<created>

				<time>1425650750</time>

				<username>admin@10.0.0.10</username>

			</created>

		</rule>

		<rule>

			<type>pass</type>

			<ipprotocol>inet</ipprotocol>

			<descr><![CDATA[Default allow LAN to any rule]]></descr>

			<interface>lan</interface>

			<tracker>0100000101</tracker>

			<source>

				<network>lan</network>

			</source>

			<destination>

				<any/>

			</destination>

		</rule>

		<rule>

			<type>pass</type>

			<ipprotocol>inet6</ipprotocol>

			<descr><![CDATA[Default allow LAN IPv6 to any rule]]></descr>

			<interface>lan</interface>

			<tracker>0100000102</tracker>

			<source>

				<network>lan</network>

			</source>

			<destination>

				<any/>

			</destination>

		</rule>

		<rule>

			<id/>

			<tracker>1425650122</tracker>

			<type>pass</type>

			<interface>lan</interface>

			<ipprotocol>inet6</ipprotocol>

			<tag/>

			<tagged/>

			<max/>

			<max-src-nodes/>

			<max-src-conn/>

			<max-src-states/>

			<statetimeout/>

			<statetype>keep state</statetype>

			<os/>

			<protocol>tcp</protocol>

			<source>

				<address>2600:380:18f7:ebfb:9901:e1d0:886f:2dc6</address>

			</source>

			<destination>

				<any/>

			</destination>

			<descr><![CDATA[Easy Rule: Passed from Firewall Log View]]></descr>

			<created>

				<time>1425649947</time>

				<username>Easy Rule</username>

			</created>

			<updated>

				<time>1425650122</time>

				<username>admin@10.0.0.10</username>

			</updated>

		</rule>

		<rule>

			<id/>

			<tracker>1425650255</tracker>

			<type>pass</type>

			<interface>lan</interface>

			<ipprotocol>inet6</ipprotocol>

			<tag/>

			<tagged/>

			<max/>

			<max-src-nodes/>

			<max-src-conn/>

			<max-src-states/>

			<statetimeout/>

			<statetype>keep state</statetype>

			<os/>

			<protocol>tcp</protocol>

			<source>

				<address>2600:380:18f7:ebfb:9901:e1d0:886f:2dc6</address>

			</source>

			<destination>

				<address>2600:1408:e::1700:a371</address>

			</destination>

			<descr><![CDATA[Easy Rule: Passed from Firewall Log View]]></descr>

			<created>

				<time>1425650238</time>

				<username>Easy Rule</username>

			</created>

			<updated>

				<time>1425650255</time>

				<username>admin@10.0.0.10</username>

			</updated>

		</rule>

	</filter>

	<shaper/>

	<ipsec/>

	<aliases/>

	<proxyarp/>

	<cron>

		<item>

			<minute>1,31</minute>

			<hour>0-5</hour>

			<mday>*</mday>

			<month>*</month>

			<wday>*</wday>

			<who>root</who>

			<command>/usr/bin/nice -n20 adjkerntz -a</command>

		</item>

		<item>

			<minute>1</minute>

			<hour>3</hour>

			<mday>1</mday>

			<month>*</month>

			<wday>*</wday>

			<who>root</who>

			<command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh</command>

		</item>

		<item>

			<minute>*/60</minute>

			<hour>*</hour>

			<mday>*</mday>

			<month>*</month>

			<wday>*</wday>

			<who>root</who>

			<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout</command>

		</item>

		<item>

			<minute>*/60</minute>

			<hour>*</hour>

			<mday>*</mday>

			<month>*</month>

			<wday>*</wday>

			<who>root</who>

			<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout</command>

		</item>

		<item>

			<minute>1</minute>

			<hour>1</hour>

			<mday>*</mday>

			<month>*</month>

			<wday>*</wday>

			<who>root</who>

			<command>/usr/bin/nice -n20 /etc/rc.dyndns.update</command>

		</item>

		<item>

			<minute>*/60</minute>

			<hour>*</hour>

			<mday>*</mday>

			<month>*</month>

			<wday>*</wday>

			<who>root</who>

			<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot</command>

		</item>

		<item>

			<minute>30</minute>

			<hour>12</hour>

			<mday>*</mday>

			<month>*</month>

			<wday>*</wday>

			<who>root</who>

			<command>/usr/bin/nice -n20 /etc/rc.update_urltables</command>

		</item>

		<item>

			<minute>*/5</minute>

			<hour>*</hour>

			<mday>*</mday>

			<month>*</month>

			<wday>*</wday>

			<who>root</who>

			<command>/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc</command>

		</item>

		<item>

			<minute>*/5</minute>

			<hour>*</hour>

			<mday>*</mday>

			<month>*</month>

			<wday>*</wday>

			<who>root</who>

			<command>/usr/bin/nice -n20 /sbin/pfctl -q -t snort2c -T expire 3600</command>

		</item>

		<item>

			<minute>5</minute>

			<hour>0</hour>

			<mday>*/1</mday>

			<month>*</month>

			<wday>*</wday>

			<who>root</who>

			<command>/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php</command>

		</item>

		<item>

			<task_name>squid_rotate_logs</task_name>

			<minute>0</minute>

			<hour>0</hour>

			<mday>*</mday>

			<month>*</month>

			<wday>*</wday>

			<who>root</who>

			<command>/bin/rm /var/squid/cache/swap.state; /usr/pbi/squid-amd64/sbin/squid -k rotate</command>

		</item>

		<item>

			<task_name>squid_check_swapstate</task_name>

			<minute>*/15</minute>

			<hour>*</hour>

			<mday>*</mday>

			<month>*</month>

			<wday>*</wday>

			<who>root</who>

			<command>/usr/local/pkg/swapstate_check.php</command>

		</item>

		<item>

			<minute>0</minute>

			<hour>*/4</hour>

			<mday>*</mday>

			<month>*</month>

			<wday>*</wday>

			<who>root</who>

			<command>/usr/bin/nice -n20 /usr/local/etc/rc.d/havp_avupdate</command>

		</item>

	</cron>

	<wol/>

	<rrd>

		<enable/>

	</rrd>

	<load_balancer>

		<monitor_type>

			<name>ICMP</name>

			<type>icmp</type>

			<descr><![CDATA[ICMP]]></descr>

			<options/>

		</monitor_type>

		<monitor_type>

			<name>TCP</name>

			<type>tcp</type>

			<descr><![CDATA[Generic TCP]]></descr>

			<options/>

		</monitor_type>

		<monitor_type>

			<name>HTTP</name>

			<type>http</type>

			<descr><![CDATA[Generic HTTP]]></descr>

			<options>

				<path>/</path>

				<host/>

				<code>200</code>

			</options>

		</monitor_type>

		<monitor_type>

			<name>HTTPS</name>

			<type>https</type>

			<descr><![CDATA[Generic HTTPS]]></descr>

			<options>

				<path>/</path>

				<host/>

				<code>200</code>

			</options>

		</monitor_type>

		<monitor_type>

			<name>SMTP</name>

			<type>send</type>

			<descr><![CDATA[Generic SMTP]]></descr>

			<options>

				<send/>

				<expect>220 *</expect>

			</options>

		</monitor_type>

	</load_balancer>

	<widgets>

		<sequence>system_information-container:col1:show,captive_portal_status-container:col1:close,carp_status-container:col1:close,cpu_graphs-container:col1:close,gateways-container:col1:close,gmirror_status-container:col1:close,installed_packages-container:col1:close,interface_statistics-container:col1:close,interfaces-container:col2:show,ipsec-container:col2:close,load_balancer_status-container:col2:close,log-container:col2:close,picture-container:col2:close,rss-container:col2:close,services_status-container:col2:close,traffic_graphs-container:col2:close,snort_alerts-container:col2:close,pfblockerng-container:col2:show</sequence>

	</widgets>

	<openvpn/>

	<dnshaper/>

	<unbound>

		<enable/>

		<dnssec/>

		<active_interface/>

		<outgoing_interface/>

		<custom_options/>

	</unbound>

	<revision>

		<time>1437529230</time>

		<description><![CDATA[admin@10.0.0.11: Installed pfBlockerNG package.]]></description>

		<username>admin@10.0.0.11</username>

	</revision>

	<dhcpdv6/>

	<cert>

		<refid>53daa0066bba1</refid>

		<descr><![CDATA[webConfigurator default (53daa0066bba1)]]></descr>

		<type>server</type>

		<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZZekNDQkV1Z0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBRENCdERFTE1Ba0dBMVVFQmhNQ1ZWTXgKRGpBTUJnTlZCQWdUQlZOMFlYUmxNUkV3RHdZRFZRUUhFd2hNYjJOaGJHbDBlVEU0TURZR0ExVUVDaE12Y0daVApaVzV6WlNCM1pXSkRiMjVtYVdkMWNtRjBiM0lnVTJWc1ppMVRhV2R1WldRZ1EyVnlkR2xtYVdOaGRHVXhLREFtCkJna3Foa2lHOXcwQkNRRVdHV0ZrYldsdVFIQm1VMlZ1YzJVdWJHOWpZV3hrYjIxaGFXNHhIakFjQmdOVkJBTVQKRlhCbVUyVnVjMlV0TlROa1lXRXdNRFkyWW1KaE1UQWVGdzB4TkRBM016RXhPVFU1TURKYUZ3MHlNREF4TWpFeApPVFU1TURKYU1JRzBNUXN3Q1FZRFZRUUdFd0pWVXpFT01Bd0dBMVVFQ0JNRlUzUmhkR1V4RVRBUEJnTlZCQWNUCkNFeHZZMkZzYVhSNU1UZ3dOZ1lEVlFRS0V5OXdabE5sYm5ObElIZGxZa052Ym1acFozVnlZWFJ2Y2lCVFpXeG0KTFZOcFoyNWxaQ0JEWlhKMGFXWnBZMkYwWlRFb01DWUdDU3FHU0liM0RRRUpBUllaWVdSdGFXNUFjR1pUWlc1egpaUzVzYjJOaGJHUnZiV0ZwYmpFZU1Cd0dBMVVFQXhNVmNHWlRaVzV6WlMwMU0yUmhZVEF3TmpaaVltRXhNSUlCCklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFxTlovbXBoRWJWaThBalFOdmJ5ZTlHK2UKT1ByUzdqVWNZakQ5a3V6NHNRbGE2Y1V0dlRsL2lKVUljTzlEM0ZvbHY4d2xRVy94QytVUVlYQ2l4ZTVuWkIxKwp1WUI5TmQzR0dCZXhMMzFnR3RoUXFaelRwVkxGZG9iVnpwMEFMZ3lIK1lLTEtCbkd5ZGRHU2VHZjNialdKNlNTCjE2akEwbE5vYlFEVWw5UVh0QnFlZnk4RitmUWJZK1RzNTNxZ2l5YjhvNk1NdFRVTExSZjFOODloKzl6cTIyYk0KSERkZDJoOCtGMGdrL21aQnBHbTIyakN2aEl3NHNTUXRzYk14RTdFNUdhVUVjUEUreEx1ditGRUd6VzFXalpaTApUdk96eFVmTmtxK0V0WmdIa3d5Y3A2M0FLZmZSK0lzdElMbDZzK1Bjbk85Y1d1WVFiUU5PZDdhMjJ2YVNOd0lECkFRQUJvNElCZkRDQ0FYZ3dDUVlEVlIwVEJBSXdBREFSQmdsZ2hrZ0JodmhDQVFFRUJBTUNCa0F3TXdZSllJWkkKQVliNFFnRU5CQ1lXSkU5d1pXNVRVMHdnUjJWdVpYSmhkR1ZrSUZObGNuWmxjaUJEWlhKMGFXWnBZMkYwWlRBZApCZ05WSFE0RUZnUVV1Vk53OFlkWGczK3FIam5TeDN2cng5a1Rwd2t3Z2VFR0ExVWRJd1NCMlRDQjFvQVV1Vk53CjhZZFhnMytxSGpuU3gzdnJ4OWtUcHdtaGdicWtnYmN3Z2JReEN6QUpCZ05WQkFZVEFsVlRNUTR3REFZRFZRUUkKRXdWVGRHRjBaVEVSTUE4R0ExVUVCeE1JVEc5allXeHBkSGt4T0RBMkJnTlZCQW9UTDNCbVUyVnVjMlVnZDJWaQpRMjl1Wm1sbmRYSmhkRzl5SUZObGJHWXRVMmxuYm1Wa0lFTmxjblJwWm1sallYUmxNU2d3SmdZSktvWklodmNOCkFRa0JGaGxoWkcxcGJrQndabE5sYm5ObExteHZZMkZzWkc5dFlXbHVNUjR3SEFZRFZRUURFeFZ3WmxObGJuTmwKTFRVelpHRmhNREEyTm1KaVlUR0NBUUF3RXdZRFZSMGxCQXd3Q2dZSUt3WUJCUVVIQXdFd0N3WURWUjBQQkFRRApBZ1dnTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFBTzU2c2lGaHlJKzF5MGFRM1pQb2J5NDYxR0h4MW5sSUl0CloxdTdESTNKdjFnc25vMVVOTlFLN3JaWC9FcDBMUVFuMk45Z0I1djZ3eXRUZnZLbUJ0cUlyRzRJVjBHSmxmNzQKOVV6N2Vxc0Q5SElTRTNaM1A0bUpZYW1mbUJ2dVJqYzJNQ3JzRXFQTXBldUpnZnVZZzhMZ3VhRHc3ZXpmT0gxNgpkRnllc3l6RWs3UGExcGZVT3hUZVVndllEbzcyV2pTTndSOTVXTW9CYzBvQWZseVI0VlllUk40UmhQN1ZLYjNyCnU2SGhwR0c2eUgxbytnU2JadVpVVGdYb3NBcUd0WjFVcFppTlBsZWRVQzNFblZyUHdXZ085dWhVNWxPT0RCY1UKbWREZzFhU0RCSmlUcXJRZHRzZXNWcXpIU0VPSU1qeEpiOGFaSFgxeEp6TElMZHpERUVpQgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==</crt>

		<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktZd2dnU2lBZ0VBQW9JQkFRQ28xbithbUVSdFdMd0MKTkEyOXZKNzBiNTQ0K3RMdU5SeGlNUDJTN1BpeENWcnB4UzI5T1grSWxRaHc3MFBjV2lXL3pDVkJiL0VMNVJCaApjS0xGN21ka0hYNjVnSDAxM2NZWUY3RXZmV0FhMkZDcG5OT2xVc1YyaHRYT25RQXVESWY1Z29zb0djYkoxMFpKCjRaL2R1TllucEpMWHFNRFNVMmh0QU5TWDFCZTBHcDUvTHdYNTlCdGo1T3puZXFDTEp2eWpvd3kxTlFzdEYvVTMKejJINzNPcmJac3djTjEzYUh6NFhTQ1QrWmtHa2FiYmFNSytFakRpeEpDMnhzekVUc1RrWnBRUnc4VDdFdTYvNApVUWJOYlZhTmxrdE84N1BGUjgyU3I0UzFtQWVUREp5bnJjQXA5OUg0aXkwZ3VYcXo0OXljNzF4YTVoQnRBMDUzCnRyYmE5cEkzQWdNQkFBRUNnZ0VBTWViRDdFTlk1aUMxNE1qVnp1Qnk4cmdTd2JDUXEwc1RTb3BFU0NxMkRrMC8KaTV4MXVsbkdNZTRxZ29hVlBnbCs0c05KdDUrSVZRV3M0Ny9RdkVPTVYzRElSYmVPU2w5ejd5Y0JmWkhHMStoYgpYdVkxUDhYSkN4RXJIRmdXOTRWSW94eE1XTnZWZjA2YlBiYnI4ekp3U1dOQTYzQzdITzcrREVtVWpCTnB0aGMxCkhuUG44YnVFM3JlNFM1RHliY1pwVVhYTDl3VW5LeURvZTMyN0lSZU9JTE5YLyttNzY5eFdaUVNTWWtRRUw4WnIKLzdQaHVVSVBwaHE5SlQ2MG9pcS8yb3RFdjg3ZkliaC83QjhYaWdHdjV3NnRvWDVlOUo3RHlsTFhHNFlxbWMzQwpnK0QrNVpUbVpjWFNUUWhKTjNCR2pEZHpFT1JUd1JSV1l5WUhGRUpJa1FLQmdRRFNFeDBZdHBCRGFQc0dLTXBzCnhOZm5odEVmZHB0YUNPQnl5NmlpdUtMUGdVd3o1SjN5Z0pPdWcySTBLM2lHTVUybEdSdDVZWWVYUm9Vc2pLOS8KelF1VThnbExkOEpFNm5ldUtwZVBONXBFTHdUOU1PTHZlcTBjR1M3c0NPRjMyQjUvMUdCQWQwQW9rTlBDTTNidApRZEV1K2h0UVM1SXN4S21ZbXJSejdtUENpd0tCZ1FETnY0NmhkWkQweWQrVVNOWFE0WEd4M0JrazBsRktYaUUwCm1Yc0Jram1kYkcyK0RWWklXN3hUWDJxcXRxcTRNNEUwSFhDbVJuNVhQbzJFRjQvclQzdlRGUHdodGk2S1o2SFkKKzhHMzllclYvTWtmSzdzc0JzRmluSmkxNEwzOHcrTFNWOURpbWZQbTU2eUd4b2RHS1JLZ0poNkViZmJxeldHZQo3VFRnZkRlQWhRS0JnQ3J2QVJsVjVuSUFlSjB2cFA5SjA1NWI3VTF5M2hrdWkwQ3E0dEl1emdkK3MyWS9xUkF3CnV2NEZtQUoxaC9KVkRUdGF3RVMwYkJPOHMrY0E4YlU2NE0wV0VsUThLNVlPSFZ1WkZOU09WcGJzelNZNTRZZDAKR1FFUEhJbmMzc2V4Z2JvNlcxbVJoYWxFd0NLR2hoM0RQODlNQ2wwRXRPRTFhRHZxRWt0SFExZzFBb0dBWGZtMgp2Z3lpN3d3ZDhPN3Jxb0t1bVp4OFo1TWd5aVVBYWJRSXVRai9BK1o0b2F3WjB1Y0R0OWtITVg1SnIrVG1pTlZCCmxORHgrQXQ4Tys4L0x5MlkweXJzbHNGTnRLM3RBTnpNK0tkOFljMGFXQUJ6ZDRLR1pmSTgxaVlXNFJMZjBVK0cKKzFseVMrOVpvQjJodit3V3M4dDFlT3Q1TW5vb3NweUo0RmNjU3JrQ2dZQi9ROVhhT0ZPMSs4MHlVTXBsQkVEcgpSZFdmOHlMNGxYMHJpRU1qSlViT280MG5KYTBJTk8xQjJmV3R4MnlKU0tzWWJjSmJjUmJabmFZZk8wN3V0ZnVBCkxHRVlrUzB3RW1NK3JPY0k5YXhCbU1aTzR3TUlmeXVtK241emkrSjdORm40bDAvZkRQNnhjUkdKQzZFY1daQnMKTkt5d3FUTThmdlFTdkZZeUNPOWppdz09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K</prv>

	</cert>

	<ppps/>

	<installedpackages>

		<miniupnpd>

			<config>

				<enable>on</enable>

				<enable_upnp>on</enable_upnp>

				<enable_natpmp/>

				<ext_iface>wan</ext_iface>

				<iface_array>lan</iface_array>

				<download/>

				<upload/>

				<overridewanip/>

				<upnpqueue/>

				<logpackets/>

				<sysuptime/>

				<permdefault/>

				<permuser1/>

				<permuser2/>

				<permuser3/>

				<permuser4/>

			</config>

		</miniupnpd>

		<ntopng>

			<config>

				<password>admin</password>

				<passwordagain>admin</passwordagain>

				<interface_array>lan</interface_array>

				<dns_mode>0</dns_mode>

				<local_networks>rfc1918</local_networks>

				<dump_flows/>

			</config>

		</ntopng>

		<package>

			<name>snort</name>

			<pkginfolink>https://doc.pfsense.org/index.php/Setup_Snort_Package</pkginfolink>

			<website>http://www.snort.org</website>

			<descr><![CDATA[Snort is an open source network intrusion prevention and detection system (IDS/IPS). Combining the benefits of signature, protocol, and anomaly-based inspection.]]></descr>

			<category>Security</category>

			<run_depends>bin/snort:security/snort</run_depends>

			<port_category>security</port_category>

			<depends_on_package_pbi>snort-2.9.7.3-amd64.pbi</depends_on_package_pbi>

			<build_pbi>

				<port>security/snort</port>

				<ports_after>security/barnyard2</ports_after>

			</build_pbi>

			<build_options>barnyard2_UNSET_FORCE=ODBC PGSQL PRELUDE;barnyard2_SET_FORCE=GRE IPV6 MPLS MYSQL PORT_PCAP BRO;snort_SET_FORCE=BARNYARD PERFPROFILE SOURCEFIRE GRE IPV6 NORMALIZER APPID;snort_UNSET_FORCE=PULLEDPORK FILEINSPECT HA</build_options>

			<config_file>https://packages.pfsense.org/packages/config/snort/snort.xml</config_file>

			<version>3.2.6</version>

			<required_version>2.2</required_version>

			<status>Stable</status>

			<configurationfile>/snort.xml</configurationfile>

			<after_install_info>Please visit the Snort settings tab first and select your desired rules. Afterwards visit the update rules tab to download your configured rules.</after_install_info>

			<depends_on_package_base_url>https://files.pfsense.org/packages/10/All/</depends_on_package_base_url>

		</package>

		<package>

			<name>squid</name>

			<descr><![CDATA[High performance web proxy cache.]]></descr>

			<website>http://www.squid-cache.org/</website>

			<category>Network</category>

			<version>2.7.9 pkg v.4.3.6</version>

			<status>Stable</status>

			<required_version>2.2</required_version>

			<maintainer>fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer>

			<depends_on_package_pbi>squid-2.7.9_4-amd64.pbi</depends_on_package_pbi>

			<build_pbi>

				<ports_before>www/libwww</ports_before>

				<port>www/squid</port>

				<ports_after>www/squid_radius_auth</ports_after>

			</build_pbi>

			<build_options>squid_UNSET_FORCE=DNS_HELPER IPFILTER PINGER STACKTRACES STRICT_HTTP_DESC USERAGENT_LOG WCCPV2;squid_SET_FORCE=PF LDAP_AUTH NIS_AUTH SASL_AUTH ARP_ACL AUFS CACHE_DIGESTS CARP COSS DELAY_POOLS FOLLOW_XFF HTCP IDENT KERB_AUTH KQUEUE LARGEFILE REFERER_LOG SNMP SSL VIA_DB WCCP;SQUID_UID=proxy;SQUID_GID=proxy</build_options>

			<config_file>https://packages.pfsense.org/packages/config/squid/squid.xml</config_file>

			<configurationfile>squid.xml</configurationfile>

			<maximum_version>2.2.999</maximum_version>

			<depends_on_package_base_url>https://files.pfsense.org/packages/10/All/</depends_on_package_base_url>

			<filter_rule_function>squid_generate_rules</filter_rule_function>

		</package>

		<package>

			<name>HAVP antivirus</name>

			<pkginfolink/>

			<website>http://www.server-side.de/</website>

			<descr><![CDATA[Antivirus:  HAVP (HTTP Antivirus Proxy) is a proxy with a ClamAV anti-virus scanner. The main aims are continuous, non-blocking downloads and smooth scanning of dynamic and password protected HTTP traffic. Havp antivirus proxy has a parent and transparent proxy mode. It can be used with squid or standalone. And File Scanner for local files.]]></descr>

			<category>Network Management</category>

			<depends_on_package_pbi>havp-0.91_3-amd64.pbi</depends_on_package_pbi>

			<build_pbi>

				<port>www/havp</port>

				<ports_after>security/clamav</ports_after>

			</build_pbi>

			<build_options>CLAMAVUSER=havp;CLAMAVGROUP=havp</build_options>

			<version>0.91_3 pkg v1.05_1</version>

			<status>BETA</status>

			<required_version>2.2</required_version>

			<config_file>https://packages.pfsense.org/packages/config/havp/havp.xml</config_file>

			<configurationfile>havp.xml</configurationfile>

			<maintainer>dv_serg@mail.ru</maintainer>

			<after_install_info>Please check the HAVP settings.</after_install_info>

			<maximum_version>2.2.999</maximum_version>

			<depends_on_package_base_url>https://files.pfsense.org/packages/10/All/</depends_on_package_base_url>

		</package>

		<package>

			<name>pfBlockerNG</name>

			<website/>

			<descr><![CDATA[pfBlockerNG is the Next Generation of pfBlocker.&lt;br /&gt;

				Manage IPv4/v6 List Sources into 'Deny, Permit or Match' formats<br />

				Country Blocking Database by MaxMind Inc. (GeoLite Free version).<br />

				De-Duplication, Suppression, and Reputation enhancements.<br />

				Provision to download from diverse List formats. Advanced Integration<br />

				for Emerging Threats IQRisk IP Reputation Threat Sources.]]></descr>

			<category>Firewall</category>

			<pkginfolink>https://forum.pfsense.org/index.php?topic=86212.0</pkginfolink>

			<config_file>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng.xml</config_file>

			<version>1.09</version>

			<status>Stable</status>

			<required_version>2.2</required_version>

			<maintainer>BBCan177@gmail.com</maintainer>

			<configurationfile>pfblockerng.xml</configurationfile>

			<run_depends>bin/geoiplookup:net/GeoIP bin/grepcidr:net-mgmt/grepcidr</run_depends>

			<port_category>net</port_category>

			<depends_on_package_pbi>pfblockerng-1.6.3_1-amd64.pbi</depends_on_package_pbi>

			<build_pbi>

				<port>net/GeoIP</port>

				<ports_after>net-mgmt/grepcidr</ports_after>

				<custom_name>pfblockerng</custom_name>

			</build_pbi>

			<depends_on_package_base_url>https://files.pfsense.org/packages/10/All/</depends_on_package_base_url>

		</package>

		<snortglobal>

			<snort_config_ver>3.2.6</snort_config_ver>

			<rule>

				<interface>wan</interface>

				<enable>on</enable>

				<uuid>11584</uuid>

				<descr><![CDATA[WAN]]></descr>

				<performance>ac-bnfa</performance>

				<blockoffenders7>on</blockoffenders7>

				<blockoffendersip>both</blockoffendersip>

				<whitelistname>EmptyPassList</whitelistname>

				<homelistname>default</homelistname>

				<externallistname>default</externallistname>

				<suppresslistname>default</suppresslistname>

				<alertsystemlog>off</alertsystemlog>

				<alertsystemlog_facility>log_auth</alertsystemlog_facility>

				<alertsystemlog_priority>log_alert</alertsystemlog_priority>

				<cksumcheck>off</cksumcheck>

				<fpm_split_any_any>off</fpm_split_any_any>

				<fpm_search_optimize>on</fpm_search_optimize>

				<fpm_no_stream_inserts>off</fpm_no_stream_inserts>

				<max_attribute_hosts>10000</max_attribute_hosts>

				<max_attribute_services_per_host>10</max_attribute_services_per_host>

				<max_paf>16000</max_paf>

				<ftp_preprocessor>on</ftp_preprocessor>

				<ftp_telnet_inspection_type>stateful</ftp_telnet_inspection_type>

				<ftp_telnet_alert_encrypted>off</ftp_telnet_alert_encrypted>

				<ftp_telnet_check_encrypted>on</ftp_telnet_check_encrypted>

				<ftp_telnet_normalize>on</ftp_telnet_normalize>

				<ftp_telnet_detect_anomalies>on</ftp_telnet_detect_anomalies>

				<ftp_telnet_ayt_attack_threshold>20</ftp_telnet_ayt_attack_threshold>

				<ftp_client_engine>

					<item>

						<name>default</name>

						<bind_to>all</bind_to>

						<max_resp_len>256</max_resp_len>

						<telnet_cmds>no</telnet_cmds>

						<ignore_telnet_erase_cmds>yes</ignore_telnet_erase_cmds>

						<bounce>yes</bounce>

						<bounce_to_net/>

						<bounce_to_port/>

					</item>

				</ftp_client_engine>

				<ftp_server_engine>

					<item>

						<name>default</name>

						<bind_to>all</bind_to>

						<ports>default</ports>

						<telnet_cmds>no</telnet_cmds>

						<ignore_telnet_erase_cmds>yes</ignore_telnet_erase_cmds>

						<ignore_data_chan>no</ignore_data_chan>

						<def_max_param_len>100</def_max_param_len>

					</item>

				</ftp_server_engine>

				<smtp_preprocessor>on</smtp_preprocessor>

				<smtp_memcap>838860</smtp_memcap>

				<smtp_max_mime_mem>838860</smtp_max_mime_mem>

				<smtp_b64_decode_depth>0</smtp_b64_decode_depth>

				<smtp_qp_decode_depth>0</smtp_qp_decode_depth>

				<smtp_bitenc_decode_depth>0</smtp_bitenc_decode_depth>

				<smtp_uu_decode_depth>0</smtp_uu_decode_depth>

				<smtp_email_hdrs_log_depth>1464</smtp_email_hdrs_log_depth>

				<smtp_ignore_data>off</smtp_ignore_data>

				<smtp_ignore_tls_data>on</smtp_ignore_tls_data>

				<smtp_log_mail_from>on</smtp_log_mail_from>

				<smtp_log_rcpt_to>on</smtp_log_rcpt_to>

				<smtp_log_filename>on</smtp_log_filename>

				<smtp_log_email_hdrs>on</smtp_log_email_hdrs>

				<dce_rpc_2>on</dce_rpc_2>

				<dns_preprocessor>on</dns_preprocessor>

				<ssl_preproc>on</ssl_preproc>

				<pop_preproc>on</pop_preproc>

				<pop_memcap>838860</pop_memcap>

				<pop_b64_decode_depth>0</pop_b64_decode_depth>

				<pop_qp_decode_depth>0</pop_qp_decode_depth>

				<pop_bitenc_decode_depth>0</pop_bitenc_decode_depth>

				<pop_uu_decode_depth>0</pop_uu_decode_depth>

				<imap_preproc>on</imap_preproc>

				<imap_memcap>838860</imap_memcap>

				<imap_b64_decode_depth>0</imap_b64_decode_depth>

				<imap_qp_decode_depth>0</imap_qp_decode_depth>

				<imap_bitenc_decode_depth>0</imap_bitenc_decode_depth>

				<imap_uu_decode_depth>0</imap_uu_decode_depth>

				<sip_preproc>on</sip_preproc>

				<other_preprocs>on</other_preprocs>

				<pscan_protocol>all</pscan_protocol>

				<pscan_type>all</pscan_type>

				<pscan_memcap>10000000</pscan_memcap>

				<pscan_sense_level>medium</pscan_sense_level>

				<http_inspect>on</http_inspect>

				<http_inspect_proxy_alert>off</http_inspect_proxy_alert>

				<http_inspect_memcap>150994944</http_inspect_memcap>

				<http_inspect_max_gzip_mem>838860</http_inspect_max_gzip_mem>

				<http_inspect_engine>

					<item>

						<name>default</name>

						<bind_to>all</bind_to>

						<server_profile>all</server_profile>

						<enable_xff>off</enable_xff>

						<log_uri>off</log_uri>

						<log_hostname>off</log_hostname>

						<server_flow_depth>65535</server_flow_depth>

						<enable_cookie>on</enable_cookie>

						<client_flow_depth>1460</client_flow_depth>

						<extended_response_inspection>on</extended_response_inspection>

						<no_alerts>off</no_alerts>

						<unlimited_decompress>on</unlimited_decompress>

						<inspect_gzip>on</inspect_gzip>

						<normalize_cookies>on</normalize_cookies>

						<normalize_headers>on</normalize_headers>

						<normalize_utf>on</normalize_utf>

						<normalize_javascript>on</normalize_javascript>

						<allow_proxy_use>off</allow_proxy_use>

						<inspect_uri_only>off</inspect_uri_only>

						<max_javascript_whitespaces>200</max_javascript_whitespaces>

						<post_depth>-1</post_depth>

						<max_headers>0</max_headers>

						<max_spaces>0</max_spaces>

						<max_header_length>0</max_header_length>

						<ports>default</ports>

					</item>

				</http_inspect_engine>

				<frag3_max_frags>8192</frag3_max_frags>

				<frag3_memcap>4194304</frag3_memcap>

				<frag3_detection>on</frag3_detection>

				<frag3_engine>

					<item>

						<name>default</name>

						<bind_to>all</bind_to>

						<policy>bsd</policy>

						<timeout>60</timeout>

						<min_ttl>1</min_ttl>

						<detect_anomalies>on</detect_anomalies>

						<overlap_limit>0</overlap_limit>

						<min_frag_len>0</min_frag_len>

					</item>

				</frag3_engine>

				<stream5_reassembly>on</stream5_reassembly>

				<stream5_flush_on_alert>off</stream5_flush_on_alert>

				<stream5_prune_log_max>1048576</stream5_prune_log_max>

				<stream5_track_tcp>on</stream5_track_tcp>

				<stream5_max_tcp>262144</stream5_max_tcp>

				<stream5_track_udp>on</stream5_track_udp>

				<stream5_max_udp>131072</stream5_max_udp>

				<stream5_udp_timeout>30</stream5_udp_timeout>

				<stream5_track_icmp>off</stream5_track_icmp>

				<stream5_max_icmp>65536</stream5_max_icmp>

				<stream5_icmp_timeout>30</stream5_icmp_timeout>

				<stream5_mem_cap>8388608</stream5_mem_cap>

				<stream5_tcp_engine>

					<item>

						<name>default</name>

						<bind_to>all</bind_to>

						<policy>bsd</policy>

						<timeout>30</timeout>

						<max_queued_bytes>1048576</max_queued_bytes>

						<detect_anomalies>off</detect_anomalies>

						<overlap_limit>0</overlap_limit>

						<max_queued_segs>2621</max_queued_segs>

						<require_3whs>off</require_3whs>

						<startup_3whs_timeout>0</startup_3whs_timeout>

						<no_reassemble_async>off</no_reassemble_async>

						<max_window>0</max_window>

						<use_static_footprint_sizes>off</use_static_footprint_sizes>

						<check_session_hijacking>off</check_session_hijacking>

						<dont_store_lg_pkts>off</dont_store_lg_pkts>

						<ports_client>default</ports_client>

						<ports_both>default</ports_both>

						<ports_server>none</ports_server>

					</item>

				</stream5_tcp_engine>

				<appid_preproc>on</appid_preproc>

				<sf_appid_mem_cap>256</sf_appid_mem_cap>

				<sf_appid_statslog>on</sf_appid_statslog>

				<sf_appid_stats_period>300</sf_appid_stats_period>

				<rulesets/>

				<ips_policy_enable>on</ips_policy_enable>

				<ips_policy>balanced</ips_policy>

				<autoflowbitrules>on</autoflowbitrules>

				<sdf_alert_data_type>Credit Card,Email Addresses,U.S. Phone Numbers,U.S. Social Security Numbers</sdf_alert_data_type>

				<sdf_alert_threshold>25</sdf_alert_threshold>

				<sdf_mask_output>off</sdf_mask_output>

				<ssh_preproc>on</ssh_preproc>

				<pscan_ignore_scanners/>

				<perform_stat>off</perform_stat>

				<host_attribute_table>off</host_attribute_table>

				<sf_portscan>off</sf_portscan>

				<sensitive_data>off</sensitive_data>

				<dnp3_preproc>off</dnp3_preproc>

				<modbus_preproc>off</modbus_preproc>

				<gtp_preproc>off</gtp_preproc>

				<preproc_auto_rule_disable>off</preproc_auto_rule_disable>

				<protect_preproc_rules>off</protect_preproc_rules>

			</rule>

			<snortdownload>on</snortdownload>

			<snortcommunityrules>off</snortcommunityrules>

			<emergingthreats>off</emergingthreats>

			<emergingthreats_pro>off</emergingthreats_pro>

			<clearblocks>off</clearblocks>

			<verbose_logging>off</verbose_logging>

			<openappid_detectors>on</openappid_detectors>

			<hide_deprecated_rules>off</hide_deprecated_rules>

			<oinkmastercode>45065f07ffa1978fcd788b7597c9886ed1d6046a</oinkmastercode>

			<etpro_code/>

			<rm_blocked>1h_b</rm_blocked>

			<autorulesupdate7>1d_up</autorulesupdate7>

			<rule_update_starttime>00:05</rule_update_starttime>

			<forcekeepsettings>on</forcekeepsettings>

			<last_rule_upd_status>success</last_rule_upd_status>

			<last_rule_upd_time>1437523513</last_rule_upd_time>

			<whitelist>

				<item>

					<name>EmptyPassList</name>

					<uuid>6140</uuid>

					<localnets>no</localnets>

					<wanips>no</wanips>

					<wangateips>no</wangateips>

					<wandnsips>no</wandnsips>

					<vips>no</vips>

					<vpnips>no</vpnips>

					<address/>

					<descr/>

				</item>

			</whitelist>

			<enable_log_mgmt>on</enable_log_mgmt>

			<clearlogs>off</clearlogs>

			<snortloglimit>on</snortloglimit>

			<snortloglimitsize>478</snortloglimitsize>

			<alert_log_limit_size>500</alert_log_limit_size>

			<alert_log_retention>336</alert_log_retention>

			<stats_log_limit_size>500</stats_log_limit_size>

			<stats_log_retention>168</stats_log_retention>

			<sid_changes_log_limit_size>250</sid_changes_log_limit_size>

			<sid_changes_log_retention>336</sid_changes_log_retention>

			<event_pkts_log_limit_size>0</event_pkts_log_limit_size>

			<event_pkts_log_retention>336</event_pkts_log_retention>

			<appid_stats_log_limit_size>1000</appid_stats_log_limit_size>

			<appid_stats_log_retention>168</appid_stats_log_retention>

			<alertsblocks>

				<arefresh>off</arefresh>

				<alertnumber>250</alertnumber>

			</alertsblocks>

		</snortglobal>

		<menu>

			<name>Snort</name>

			<tooltiptext>Set up snort specific settings</tooltiptext>

			<section>Services</section>

			<url>/snort/snort_interfaces.php</url>

		</menu>

		<menu>

			<name>Antivirus</name>

			<tooltiptext>Antivirus service</tooltiptext>

			<section>Services</section>

			<url>/antivirus.php</url>

		</menu>

		<menu>

			<name>pfBlockerNG</name>

			<configfile>pfblockerng.xml</configfile>

			<tooltiptext>Configure pfBlockerNG</tooltiptext>

			<section>Firewall</section>

			<url>/pkg_edit.php?xml=pfblockerng.xml</url>

		</menu>

		<service>

			<name>snort</name>

			<rcfile>snort.sh</rcfile>

			<executable>snort</executable>

			<description><![CDATA[Snort IDS/IPS Daemon]]></description>

		</service>

		<service>

			<name>havp</name>

			<rcfile>havp.sh</rcfile>

			<executable>havp</executable>

			<description><![CDATA[Antivirus HTTP proxy Service]]></description>

		</service>

		<havp>

			<config>

				<enable>on</enable>

				<useclamd>true</useclamd>

				<proxymode>transparent</proxymode>

				<proxyinterface>lan</proxyinterface>

				<proxyport>3125</proxyport>

				<parentproxy/>

				<enablexforwardedfor/>

				<enableforwardedip/>

				<lang>en</lang>

				<maxdownloadsize/>

				<range/>

				<whitelist/>

				<blacklist/>

				<failscanerror/>

				<enableramdisk>on</enableramdisk>

				<scanmaxsize>5000</scanmaxsize>

				<scanimg>on</scanimg>

				<scanstream/>

				<scanbrokenexe>on</scanbrokenexe>

				<log>on</log>

				<syslog/>

			</config>

		</havp>

		<havpavset>

			<config>

				<havpavupdate>4</havpavupdate>

				<dbregion>us</dbregion>

				<avupdateserver/>

				<avsetlog>on</avsetlog>

				<avsetsyslog/>

			</config>

		</havpavset>

		<squid>

			<config>

				<active_interface>lan</active_interface>

				<allow_interface>on</allow_interface>

				<transparent_proxy>on</transparent_proxy>

				<private_subnet_proxy_off/>

				<defined_ip_proxy_off/>

				<defined_ip_proxy_off_dest/>

				<log_enabled>on</log_enabled>

				<log_dir>/var/squid/logs</log_dir>

				<log_rotate>2</log_rotate>

				<proxy_port>3128</proxy_port>

				<icp_port/>

				<visible_hostname>localhost</visible_hostname>

				<admin_email>admin@localhost</admin_email>

				<error_language>English</error_language>

				<disable_xforward/>

				<disable_via/>

				<uri_whitespace>strip</uri_whitespace>

				<dns_nameservers/>

				<disable_squidversion/>

				<custom_options/>

			</config>

		</squid>

		<squidcache>

			<config>

				<harddisk_cache_size>500</harddisk_cache_size>

				<harddisk_cache_system>ufs</harddisk_cache_system>

				<harddisk_cache_location>/var/squid/cache</harddisk_cache_location>

				<memory_cache_size>8</memory_cache_size>

				<minimum_object_size>0</minimum_object_size>

				<maximum_object_size>4</maximum_object_size>

				<maximum_objsize_in_mem>32</maximum_objsize_in_mem>

				<level1_subdirs>16</level1_subdirs>

				<memory_replacement_policy>heap GDSF</memory_replacement_policy>

				<cache_replacement_policy>heap LFUDA</cache_replacement_policy>

				<cache_swap_low>90</cache_swap_low>

				<cache_swap_high>95</cache_swap_high>

				<donotcache/>

				<enable_offline/>

			</config>

		</squidcache>

		<tab>

			<text>General</text>

			<url>/pkg_edit.php?xml=pfblockerng.xml&amp;id=0</url>

			<active/>

		</tab>

	</installedpackages>

	<gateways/>

</pfsense>