Project

General

Profile

Bug #786 » config-pfSense.localdomain-20100802190220.xml

Sébastien GAGGINI, 08/02/2010 03:21 PM

 
1
<?xml version="1.0"?>
2
<pfsense>
3
	<version>6.4</version>
4
	<lastchange/>
5
	<theme>pfsense_ng</theme>
6
	<sysctl>
7
		<item>
8
			<desc>Set the ephemeral port range to be lower.</desc>
9
			<tunable>net.inet.ip.portrange.first</tunable>
10
			<value>default</value>
11
		</item>
12
		<item>
13
			<desc>Drop packets to closed TCP ports without returning a RST</desc>
14
			<tunable>net.inet.tcp.blackhole</tunable>
15
			<value>default</value>
16
		</item>
17
		<item>
18
			<desc>Do not send ICMP port unreachable messages for closed UDP ports</desc>
19
			<tunable>net.inet.udp.blackhole</tunable>
20
			<value>default</value>
21
		</item>
22
		<item>
23
			<desc>Randomize the ID field in IP packets (default is 0: sequential IP IDs)</desc>
24
			<tunable>net.inet.ip.random_id</tunable>
25
			<value>default</value>
26
		</item>
27
		<item>
28
			<desc>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</desc>
29
			<tunable>net.inet.tcp.drop_synfin</tunable>
30
			<value>default</value>
31
		</item>
32
		<item>
33
			<desc>Enable sending IPv4 redirects</desc>
34
			<tunable>net.inet.ip.redirect</tunable>
35
			<value>default</value>
36
		</item>
37
		<item>
38
			<desc>Enable sending IPv6 redirects</desc>
39
			<tunable>net.inet6.ip6.redirect</tunable>
40
			<value>default</value>
41
		</item>
42
		<item>
43
			<desc>Generate SYN cookies for outbound SYN-ACK packets</desc>
44
			<tunable>net.inet.tcp.syncookies</tunable>
45
			<value>default</value>
46
		</item>
47
		<item>
48
			<desc>Maximum incoming/outgoing TCP datagram size (receive)</desc>
49
			<tunable>net.inet.tcp.recvspace</tunable>
50
			<value>default</value>
51
		</item>
52
		<item>
53
			<desc>Maximum incoming/outgoing TCP datagram size (send)</desc>
54
			<tunable>net.inet.tcp.sendspace</tunable>
55
			<value>default</value>
56
		</item>
57
		<item>
58
			<desc>IP Fastforwarding</desc>
59
			<tunable>net.inet.ip.fastforwarding</tunable>
60
			<value>default</value>
61
		</item>
62
		<item>
63
			<desc>Do not delay ACK to try and piggyback it onto a data packet</desc>
64
			<tunable>net.inet.tcp.delayed_ack</tunable>
65
			<value>default</value>
66
		</item>
67
		<item>
68
			<desc>Maximum outgoing UDP datagram size</desc>
69
			<tunable>net.inet.udp.maxdgram</tunable>
70
			<value>default</value>
71
		</item>
72
		<item>
73
			<desc>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</desc>
74
			<tunable>net.link.bridge.pfil_onlyip</tunable>
75
			<value>default</value>
76
		</item>
77
		<item>
78
			<desc>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</desc>
79
			<tunable>net.link.bridge.pfil_member</tunable>
80
			<value>default</value>
81
		</item>
82
		<item>
83
			<desc>Set to 1 to enable filtering on the bridge interface</desc>
84
			<tunable>net.link.bridge.pfil_bridge</tunable>
85
			<value>default</value>
86
		</item>
87
		<item>
88
			<desc>Allow unprivileged access to tap(4) device nodes</desc>
89
			<tunable>net.link.tap.user_open</tunable>
90
			<value>default</value>
91
		</item>
92
		<item>
93
			<desc>Verbosity of the rndtest driver (0: do not display results on console)</desc>
94
			<tunable>kern.rndtest.verbose</tunable>
95
			<value>default</value>
96
		</item>
97
		<item>
98
			<desc>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</desc>
99
			<tunable>kern.randompid</tunable>
100
			<value>default</value>
101
		</item>
102
		<item>
103
			<desc>Maximum size of the IP input queue</desc>
104
			<tunable>net.inet.ip.intr_queue_maxlen</tunable>
105
			<value>default</value>
106
		</item>
107
		<item>
108
			<desc>Disable CTRL+ALT+Delete reboot from keyboard.</desc>
109
			<tunable>hw.syscons.kbd_reboot</tunable>
110
			<value>default</value>
111
		</item>
112
		<item>
113
			<desc>Enable TCP Inflight mode</desc>
114
			<tunable>net.inet.tcp.inflight.enable</tunable>
115
			<value>default</value>
116
		</item>
117
		<item>
118
			<desc>Enable TCP extended debugging</desc>
119
			<tunable>net.inet.tcp.log_debug</tunable>
120
			<value>default</value>
121
		</item>
122
		<item>
123
			<desc>Set ICMP Limits</desc>
124
			<tunable>net.inet.icmp.icmplim</tunable>
125
			<value>default</value>
126
		</item>
127
		<item>
128
			<desc>TCP Offload Engine</desc>
129
			<tunable>net.inet.tcp.tso</tunable>
130
			<value>default</value>
131
		</item>
132
		<item>
133
			<desc>TCP Offload Engine - BCE</desc>
134
			<tunable>hw.bce.tso_enable</tunable>
135
			<value>default</value>
136
		</item>
137
	</sysctl>
138
	<system>
139
		<optimization>normal</optimization>
140
		<hostname>pfSense</hostname>
141
		<domain>localdomain</domain>
142
		<dnsallowoverride>on</dnsallowoverride>
143
		<group>
144
			<name>all</name>
145
			<description><![CDATA[All Users]]></description>
146
			<scope>system</scope>
147
			<gid>1998</gid>
148
			<member>0</member>
149
		</group>
150
		<group>
151
			<name>admins</name>
152
			<description><![CDATA[System Administrators]]></description>
153
			<scope>system</scope>
154
			<gid>1999</gid>
155
			<member>0</member>
156
			<priv>page-all</priv>
157
		</group>
158
		<user>
159
			<name>admin</name>
160
			<fullname>System Administrator</fullname>
161
			<scope>system</scope>
162
			<groupname>admins</groupname>
163
			<password>$1$deG/mFxe$HB41QRi2NT2JmLrgExzdo1</password>
164
			<uid>0</uid>
165
			<priv>user-shell-access</priv>
166
			<md5-hash>3a4b4c4dde494d2cec3e0ea68e437e17</md5-hash>
167
			<nt-hash>38384204595792c8cb40f2d3adf52566</nt-hash>
168
		</user>
169
		<nextuid>2000</nextuid>
170
		<nextgid>2000</nextgid>
171
		<timezone>Europe/Paris</timezone>
172
		<time-update-interval>300</time-update-interval>
173
		<timeservers>0.pfsense.pool.ntp.org</timeservers>
174
		<webgui>
175
			<protocol>http</protocol>
176
			<ssl-certref>386d43c04c278</ssl-certref>
177
		</webgui>
178
		<disablenatreflection>yes</disablenatreflection>
179
		<cert>
180
			<refid>386d43c04c278</refid>
181
			<name>webConfigurator default</name>
182
			<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVLRENDQTVHZ0F3SUJBZ0lKQUxVWGZOT2Rvd0Y5TUEwR0NTcUdTSWIzRFFFQkJRVUFNSUcvTVFzd0NRWUQKVlFRR0V3SlZVekVTTUJBR0ExVUVDQk1KVTI5dFpYZG9aWEpsTVJFd0R3WURWUVFIRXdoVGIyMWxZMmwwZVRFVQpNQklHQTFVRUNoTUxRMjl0Y0dGdWVVNWhiV1V4THpBdEJnTlZCQXNUSms5eVoyRnVhWHBoZEdsdmJtRnNJRlZ1CmFYUWdUbUZ0WlNBb1pXY3NJSE5sWTNScGIyNHBNU1F3SWdZRFZRUURFeHREYjIxdGIyNGdUbUZ0WlNBb1pXY3MKSUZsUFZWSWdibUZ0WlNreEhEQWFCZ2txaGtpRzl3MEJDUUVXRFVWdFlXbHNJRUZrWkhKbGMzTXdIaGNOTURBdwpNVEF4TURBd01UQTBXaGNOTURVd05qSXpNREF3TVRBMFdqQ0J2ekVMTUFrR0ExVUVCaE1DVlZNeEVqQVFCZ05WCkJBZ1RDVk52YldWM2FHVnlaVEVSTUE4R0ExVUVCeE1JVTI5dFpXTnBkSGt4RkRBU0JnTlZCQW9UQzBOdmJYQmgKYm5sT1lXMWxNUzh3TFFZRFZRUUxFeVpQY21kaGJtbDZZWFJwYjI1aGJDQlZibWwwSUU1aGJXVWdLR1ZuTENCegpaV04wYVc5dUtURWtNQ0lHQTFVRUF4TWJRMjl0Ylc5dUlFNWhiV1VnS0dWbkxDQlpUMVZTSUc1aGJXVXBNUnd3CkdnWUpLb1pJaHZjTkFRa0JGZzFGYldGcGJDQkJaR1J5WlhOek1JR2ZNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0R04KQURDQmlRS0JnUUMwU3RvTGxlcXFyaG8rejA2L3FQZFlWUnFicXUwM3gvZElBSm1kWWNzUDBqTzdwT3JGa2lpegp5SHdWMWY5NDdPOXVSMVB2WGY1YU5hM21lNUgvNC8valk1Yi9SUk45NFp6SmVzVjd4WmVpNlFiNXBYQXRieUErCjFZekNKNm9zZDdoZXdTMWlCcHhsZ0p5czVmN1F5eEdOVENweHpkU2NQbjEzZXBoQ29oYW1ud0lEQVFBQm80SUIKS0RDQ0FTUXdIUVlEVlIwT0JCWUVGUGpPNXF0bGYxeDJWOXpmbFpzdFBRV2JWbCtoTUlIMEJnTlZIU01FZ2V3dwpnZW1BRlBqTzVxdGxmMXgyVjl6Zmxac3RQUVdiVmwraG9ZSEZwSUhDTUlHL01Rc3dDUVlEVlFRR0V3SlZVekVTCk1CQUdBMVVFQ0JNSlUyOXRaWGRvWlhKbE1SRXdEd1lEVlFRSEV3aFRiMjFsWTJsMGVURVVNQklHQTFVRUNoTUwKUTI5dGNHRnVlVTVoYldVeEx6QXRCZ05WQkFzVEprOXlaMkZ1YVhwaGRHbHZibUZzSUZWdWFYUWdUbUZ0WlNBbwpaV2NzSUhObFkzUnBiMjRwTVNRd0lnWURWUVFERXh0RGIyMXRiMjRnVG1GdFpTQW9aV2NzSUZsUFZWSWdibUZ0ClpTa3hIREFhQmdrcWhraUc5dzBCQ1FFV0RVVnRZV2xzSUVGa1pISmxjM09DQ1FDMUYzelRuYU1CZlRBTUJnTlYKSFJNRUJUQURBUUgvTUEwR0NTcUdTSWIzRFFFQkJRVUFBNEdCQUVHS3lwNE9SYUJUZ2Q3ZWE0a3N4QjVzOWZIdApucHo4VnJVMUQrTXRBZFNHbGVOTjlsU2F0cDRCZkRZOGJwKzJUdlBOZXBFWWNtV2dweko2NlBuMVJqY2RhaU5CClJxKytLVEt0ejJKZkNiMzZMNzVhUjJnSjJ3NDl1ZUVJOWZVcFpDMGhrVHlVVlRwZzVWR1hwZ2w2blZXclhjMVAKQXBQNTJxVWQ5T2lrMW9SeQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==</crt>
183
			<prv>R2VuZXJhdGluZyBSU0EgcHJpdmF0ZSBrZXksIDEwMjQgYml0IGxvbmcgbW9kdWx1cwouKysrKysrCi4uKysrKysrCmUgaXMgNjU1MzcgKDB4MTAwMDEpCi0tLS0tQkVHSU4gUlNBIFBSSVZBVEUgS0VZLS0tLS0KTUlJQ1hBSUJBQUtCZ1FDMFN0b0xsZXFxcmhvK3owNi9xUGRZVlJxYnF1MDN4L2RJQUptZFljc1Awak83cE9yRgpraWl6eUh3VjFmOTQ3Tzl1UjFQdlhmNWFOYTNtZTVILzQvL2pZNWIvUlJOOTRaekplc1Y3eFplaTZRYjVwWEF0CmJ5QSsxWXpDSjZvc2Q3aGV3UzFpQnB4bGdKeXM1ZjdReXhHTlRDcHh6ZFNjUG4xM2VwaENvaGFtbndJREFRQUIKQW9HQVZsdFFDNktZVDM2ckpaQ291SmJYT3VFd3FJVjdzRzlBbTZWbDd3TnJmejJBK0EwclFzMGFYOXJVektTLwpCSTRBdFVMSENtMXNLb3R4cTJkZTdFR3FTOU5nbXk1Vk1sNm93bUJ6SWZMVGdpVDgrNEI1aDBReFBSczFLb0FZClhydHZ6MFZ2T2hQenJEUlphSmhlQ25nR3Ixa0ZvaFRFNkR6UlpmbTJPM2NNM2drQ1FRRGd1VEdETzBMdWd2Q3cKdTR0Y2svRjVudi9QNGkzYjhUSWNXRXE4Lzlkc1FoOW42eUdqTGxJVzE0aXFTcUNYTnh5dURqeUJRRjJiSnNWZQozc1NyOFVvdEFrRUF6V0taT00wd3gvL3B1ZEoyMHhvTCtGOHNKZWhjTUEyY1pmQW5HQXZKemUwdFd6WkVjS2psCjVoZFdtZ0ZsR3RUMDRZL2hlZ2N6UytDSFRQME1YWWp2ZXdKQUJVYjBEYlBmajRCTnJLakt6Z0svWWU3RTdSblAKbitHYkhxVklKQVlTQmYzTGhRSTFpUUoyZFFqY3Nic002R0FuOFVKdVUwNnlwQWtXQzNOSnhRdm1oUUpBWEkyTApHS0syMGRuTUhKWHdRQThqeDhnem45Mkc5WXljcHY5Q3pyNDVNWmdvOFVxU0t1YWh1ejlYSWsxd24xZktCbitOCkR5MkJlemJ5SWNxQ3NQL05Vd0pCQUlaRHBjNENlSjErYTdSYm1NZGdBTU9kR2pGeFBkd2tDeU9rcUJOaWJoOHQKU2RFa2xhcTh5VnBZS3NzUzNyZ3FCQWZuL2VnMng1MTh2M1RyRlcwR3BOUT0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K</prv>
184
		</cert>
185
	</system>
186
	<interfaces>
187
		<wan>
188
			<enable/>
189
			<if>vr2</if>
190
			<ipaddr>dhcp</ipaddr>
191
			<blockpriv>on</blockpriv>
192
			<blockbogons>on</blockbogons>
193
			<media/>
194
			<mediaopt/>
195
		</wan>
196
		<lan>
197
			<enable/>
198
			<if>vr0</if>
199
			<ipaddr>192.168.0.1</ipaddr>
200
			<subnet>24</subnet>
201
			<media/>
202
			<mediaopt/>
203
		</lan>
204
	</interfaces>
205
	<staticroutes/>
206
	<pppoe>
207
		<username/>
208
		<password/>
209
		<provider/>
210
	</pppoe>
211
	<pptp>
212
		<username/>
213
		<password/>
214
	</pptp>
215
	<dhcpd>
216
		<lan>
217
			<enable/>
218
			<range>
219
				<from>192.168.0.10</from>
220
				<to>192.168.0.245</to>
221
			</range>
222
		</lan>
223
	</dhcpd>
224
	<pptpd>
225
		<mode/>
226
		<redir/>
227
		<localip/>
228
		<remoteip/>
229
	</pptpd>
230
	<ovpn/>
231
	<dnsmasq>
232
		<enable/>
233
	</dnsmasq>
234
	<snmpd>
235
		<syslocation/>
236
		<syscontact/>
237
		<rocommunity>public</rocommunity>
238
	</snmpd>
239
	<diag>
240
		<ipv6nat>
241
			<ipaddr/>
242
		</ipv6nat>
243
	</diag>
244
	<bridge/>
245
	<syslog/>
246
	<nat>
247
		<ipsecpassthru>
248
			<enable/>
249
		</ipsecpassthru>
250
	</nat>
251
	<filter>
252
		<rule>
253
			<id/>
254
			<type>pass</type>
255
			<tag/>
256
			<tagged/>
257
			<direction>any</direction>
258
			<floating>yes</floating>
259
			<max/>
260
			<max-src-nodes/>
261
			<max-src-conn/>
262
			<max-src-states/>
263
			<statetimeout/>
264
			<statetype>keep state</statetype>
265
			<os></os>
266
			<protocol>udp</protocol>
267
			<source>
268
				<any/>
269
			</source>
270
			<destination>
271
				<any/>
272
				<port>53</port>
273
			</destination>
274
			<descr/>
275
		</rule>
276
		<rule>
277
			<type>pass</type>
278
			<descr><![CDATA[Default allow LAN to any rule]]></descr>
279
			<interface>lan</interface>
280
			<source>
281
				<network>lan</network>
282
			</source>
283
			<destination>
284
				<any/>
285
			</destination>
286
		</rule>
287
	</filter>
288
	<shaper/>
289
	<ipsec>
290
		<preferoldsa/>
291
	</ipsec>
292
	<aliases/>
293
	<proxyarp/>
294
	<cron>
295
		<item>
296
			<minute>0</minute>
297
			<hour>*</hour>
298
			<mday>*</mday>
299
			<month>*</month>
300
			<wday>*</wday>
301
			<who>root</who>
302
			<command>/usr/bin/nice -n20 newsyslog</command>
303
		</item>
304
		<item>
305
			<minute>1,31</minute>
306
			<hour>0-5</hour>
307
			<mday>*</mday>
308
			<month>*</month>
309
			<wday>*</wday>
310
			<who>root</who>
311
			<command>/usr/bin/nice -n20 adjkerntz -a</command>
312
		</item>
313
		<item>
314
			<minute>1</minute>
315
			<hour>3</hour>
316
			<mday>1</mday>
317
			<month>*</month>
318
			<wday>*</wday>
319
			<who>root</who>
320
			<command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh</command>
321
		</item>
322
		<item>
323
			<minute>*/60</minute>
324
			<hour>*</hour>
325
			<mday>*</mday>
326
			<month>*</month>
327
			<wday>*</wday>
328
			<who>root</who>
329
			<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout</command>
330
		</item>
331
		<item>
332
			<minute>1</minute>
333
			<hour>1</hour>
334
			<mday>*</mday>
335
			<month>*</month>
336
			<wday>*</wday>
337
			<who>root</who>
338
			<command>/usr/bin/nice -n20 /etc/rc.dyndns.update</command>
339
		</item>
340
		<item>
341
			<minute>*/60</minute>
342
			<hour>*</hour>
343
			<mday>*</mday>
344
			<month>*</month>
345
			<wday>*</wday>
346
			<who>root</who>
347
			<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot</command>
348
		</item>
349
		<item>
350
			<minute>*/5</minute>
351
			<hour>*</hour>
352
			<mday>*</mday>
353
			<month>*</month>
354
			<wday>*</wday>
355
			<who>root</who>
356
			<command>/usr/bin/nice -n20 /usr/local/bin/checkreload.sh</command>
357
		</item>
358
	</cron>
359
	<wol/>
360
	<rrd>
361
		<enable/>
362
	</rrd>
363
	<load_balancer>
364
		<monitor_type>
365
			<name>ICMP</name>
366
			<type>icmp</type>
367
			<desc>ICMP</desc>
368
			<options/>
369
		</monitor_type>
370
		<monitor_type>
371
			<name>TCP</name>
372
			<type>tcp</type>
373
			<desc>Generic TCP</desc>
374
			<options/>
375
		</monitor_type>
376
		<monitor_type>
377
			<name>HTTP</name>
378
			<type>http</type>
379
			<desc>Generic HTTP</desc>
380
			<options>
381
				<path>/</path>
382
				<host/>
383
				<code>200</code>
384
			</options>
385
		</monitor_type>
386
		<monitor_type>
387
			<name>HTTPS</name>
388
			<type>https</type>
389
			<desc>Generic HTTPS</desc>
390
			<options>
391
				<path>/</path>
392
				<host/>
393
				<code>200</code>
394
			</options>
395
		</monitor_type>
396
		<monitor_type>
397
			<name>SMTP</name>
398
			<type>send</type>
399
			<desc>Generic SMTP</desc>
400
			<options>
401
				<send>EHLO nosuchhost</send>
402
				<expect>250-</expect>
403
			</options>
404
		</monitor_type>
405
	</load_balancer>
406
	<widgets>
407
		<sequence>system_information-container:col1:show,captive_portal_status-container:col1:close,carp_status-container:col1:close,cpu_graphs-container:col1:close,gateways-container:col1:close,gmirror_status-container:col1:close,installed_packages-container:col1:close,interface_statistics-container:col1:close,interfaces-container:col2:show,ipsec-container:col2:close,load_balancer_status-container:col2:close,log-container:col2:close,picture-container:col2:close,rss-container:col2:close,services_status-container:col2:close,traffic_graphs-container:col2:close</sequence>
408
	</widgets>
409
	<ppps/>
410
	<revision>
411
		<description><![CDATA[admin: /firewall_rules_edit.php made unknown change]]></description>
412
		<username>admin</username>
413
		<time>1280775670</time>
414
	</revision>
415
	<l7shaper>
416
		<container/>
417
	</l7shaper>
418
	<dnshaper/>
419
	<gateways/>
420
	<openvpn/>
421
</pfsense>
(1-1/4)