Project

General

Profile

Bug #3004 ยป config-pfSense.localdomain-20130903124713.xml

Chris Buechler, 09/03/2013 07:46 AM

 
1
<?xml version="1.0"?>
2
<pfsense>
3
	<version>8.0</version>
4
	<lastchange/>
5
	<theme>pfsense_ng</theme>
6
	<sysctl>
7
		<item>
8
			<descr><![CDATA[Disable the pf ftp proxy handler.]]></descr>
9
			<tunable>debug.pfftpproxy</tunable>
10
			<value>default</value>
11
		</item>
12
		<item>
13
			<descr><![CDATA[Increase UFS read-ahead speeds to match current state of hard drives and NCQ. More information here: http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html]]></descr>
14
			<tunable>vfs.read_max</tunable>
15
			<value>default</value>
16
		</item>
17
		<item>
18
			<descr><![CDATA[Set the ephemeral port range to be lower.]]></descr>
19
			<tunable>net.inet.ip.portrange.first</tunable>
20
			<value>default</value>
21
		</item>
22
		<item>
23
			<descr><![CDATA[Drop packets to closed TCP ports without returning a RST]]></descr>
24
			<tunable>net.inet.tcp.blackhole</tunable>
25
			<value>default</value>
26
		</item>
27
		<item>
28
			<descr><![CDATA[Do not send ICMP port unreachable messages for closed UDP ports]]></descr>
29
			<tunable>net.inet.udp.blackhole</tunable>
30
			<value>default</value>
31
		</item>
32
		<item>
33
			<descr><![CDATA[Randomize the ID field in IP packets (default is 0: sequential IP IDs)]]></descr>
34
			<tunable>net.inet.ip.random_id</tunable>
35
			<value>default</value>
36
		</item>
37
		<item>
38
			<descr><![CDATA[Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)]]></descr>
39
			<tunable>net.inet.tcp.drop_synfin</tunable>
40
			<value>default</value>
41
		</item>
42
		<item>
43
			<descr><![CDATA[Enable sending IPv4 redirects]]></descr>
44
			<tunable>net.inet.ip.redirect</tunable>
45
			<value>default</value>
46
		</item>
47
		<item>
48
			<descr><![CDATA[Enable sending IPv6 redirects]]></descr>
49
			<tunable>net.inet6.ip6.redirect</tunable>
50
			<value>default</value>
51
		</item>
52
		<item>
53
			<descr><![CDATA[Generate SYN cookies for outbound SYN-ACK packets]]></descr>
54
			<tunable>net.inet.tcp.syncookies</tunable>
55
			<value>default</value>
56
		</item>
57
		<item>
58
			<descr><![CDATA[Maximum incoming/outgoing TCP datagram size (receive)]]></descr>
59
			<tunable>net.inet.tcp.recvspace</tunable>
60
			<value>default</value>
61
		</item>
62
		<item>
63
			<descr><![CDATA[Maximum incoming/outgoing TCP datagram size (send)]]></descr>
64
			<tunable>net.inet.tcp.sendspace</tunable>
65
			<value>default</value>
66
		</item>
67
		<item>
68
			<descr><![CDATA[IP Fastforwarding]]></descr>
69
			<tunable>net.inet.ip.fastforwarding</tunable>
70
			<value>default</value>
71
		</item>
72
		<item>
73
			<descr><![CDATA[Do not delay ACK to try and piggyback it onto a data packet]]></descr>
74
			<tunable>net.inet.tcp.delayed_ack</tunable>
75
			<value>default</value>
76
		</item>
77
		<item>
78
			<descr><![CDATA[Maximum outgoing UDP datagram size]]></descr>
79
			<tunable>net.inet.udp.maxdgram</tunable>
80
			<value>default</value>
81
		</item>
82
		<item>
83
			<descr><![CDATA[Handling of non-IP packets which are not passed to pfil (see if_bridge(4))]]></descr>
84
			<tunable>net.link.bridge.pfil_onlyip</tunable>
85
			<value>default</value>
86
		</item>
87
		<item>
88
			<descr><![CDATA[Set to 0 to disable filtering on the incoming and outgoing member interfaces.]]></descr>
89
			<tunable>net.link.bridge.pfil_member</tunable>
90
			<value>default</value>
91
		</item>
92
		<item>
93
			<descr><![CDATA[Set to 1 to enable filtering on the bridge interface]]></descr>
94
			<tunable>net.link.bridge.pfil_bridge</tunable>
95
			<value>default</value>
96
		</item>
97
		<item>
98
			<descr><![CDATA[Allow unprivileged access to tap(4) device nodes]]></descr>
99
			<tunable>net.link.tap.user_open</tunable>
100
			<value>default</value>
101
		</item>
102
		<item>
103
			<descr><![CDATA[Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())]]></descr>
104
			<tunable>kern.randompid</tunable>
105
			<value>default</value>
106
		</item>
107
		<item>
108
			<descr><![CDATA[Maximum size of the IP input queue]]></descr>
109
			<tunable>net.inet.ip.intr_queue_maxlen</tunable>
110
			<value>default</value>
111
		</item>
112
		<item>
113
			<descr><![CDATA[Disable CTRL+ALT+Delete reboot from keyboard.]]></descr>
114
			<tunable>hw.syscons.kbd_reboot</tunable>
115
			<value>default</value>
116
		</item>
117
		<item>
118
			<descr><![CDATA[Enable TCP Inflight mode]]></descr>
119
			<tunable>net.inet.tcp.inflight.enable</tunable>
120
			<value>default</value>
121
		</item>
122
		<item>
123
			<descr><![CDATA[Enable TCP extended debugging]]></descr>
124
			<tunable>net.inet.tcp.log_debug</tunable>
125
			<value>default</value>
126
		</item>
127
		<item>
128
			<descr><![CDATA[Set ICMP Limits]]></descr>
129
			<tunable>net.inet.icmp.icmplim</tunable>
130
			<value>default</value>
131
		</item>
132
		<item>
133
			<descr><![CDATA[TCP Offload Engine]]></descr>
134
			<tunable>net.inet.tcp.tso</tunable>
135
			<value>default</value>
136
		</item>
137
		<item>
138
			<descr><![CDATA[Maximum socket buffer size]]></descr>
139
			<tunable>kern.ipc.maxsockbuf</tunable>
140
			<value>default</value>
141
		</item>
142
	</sysctl>
143
	<system>
144
		<optimization>normal</optimization>
145
		<hostname>pfSense</hostname>
146
		<domain>localdomain</domain>
147
		<dnsserver/>
148
		<dnsallowoverride/>
149
		<group>
150
			<name>all</name>
151
			<description><![CDATA[All Users]]></description>
152
			<scope>system</scope>
153
			<gid>1998</gid>
154
			<member>0</member>
155
		</group>
156
		<group>
157
			<name>admins</name>
158
			<description><![CDATA[System Administrators]]></description>
159
			<scope>system</scope>
160
			<gid>1999</gid>
161
			<member>0</member>
162
			<priv>page-all</priv>
163
		</group>
164
		<user>
165
			<name>admin</name>
166
			<descr><![CDATA[System Administrator]]></descr>
167
			<scope>system</scope>
168
			<groupname>admins</groupname>
169
			<password>$1$dSJImFph$GvZ7.1UbuWu.Yb8etC0re.</password>
170
			<uid>0</uid>
171
			<priv>user-shell-access</priv>
172
		</user>
173
		<nextuid>2000</nextuid>
174
		<nextgid>2000</nextgid>
175
		<timezone>Etc/UTC</timezone>
176
		<time-update-interval>300</time-update-interval>
177
		<timeservers>0.pfsense.pool.ntp.org</timeservers>
178
		<webgui>
179
			<protocol>https</protocol>
180
			<ssl-certref>5225da0698320</ssl-certref>
181
		</webgui>
182
		<disablenatreflection>yes</disablenatreflection>
183
		<disablesegmentationoffloading/>
184
		<disablelargereceiveoffloading/>
185
		<enablesshd/>
186
	</system>
187
	<interfaces>
188
		<wan>
189
			<enable/>
190
			<if>em0</if>
191
			<mtu/>
192
			<ipaddr>dhcp</ipaddr>
193
			<subnet/>
194
			<gateway/>
195
			<blockbogons/>
196
			<dhcphostname/>
197
			<media/>
198
			<mediaopt/>
199
		</wan>
200
		<lan>
201
			<enable/>
202
			<if>em1</if>
203
			<ipaddr>192.168.1.1</ipaddr>
204
			<subnet>24</subnet>
205
			<media/>
206
			<mediaopt/>
207
		</lan>
208
		<opt1>
209
			<if>em2</if>
210
			<descr><![CDATA[OPT1]]></descr>
211
		</opt1>
212
	</interfaces>
213
	<staticroutes/>
214
	<dhcpd>
215
		<lan>
216
			<enable/>
217
			<range>
218
				<from>192.168.1.100</from>
219
				<to>192.168.1.199</to>
220
			</range>
221
		</lan>
222
	</dhcpd>
223
	<pptpd>
224
		<mode/>
225
		<redir/>
226
		<localip/>
227
		<remoteip/>
228
	</pptpd>
229
	<dnsmasq>
230
		<enable/>
231
	</dnsmasq>
232
	<snmpd>
233
		<syslocation/>
234
		<syscontact/>
235
		<rocommunity>public</rocommunity>
236
	</snmpd>
237
	<diag>
238
		<ipv6nat>
239
			<ipaddr/>
240
		</ipv6nat>
241
	</diag>
242
	<bridge/>
243
	<syslog/>
244
	<nat>
245
		<ipsecpassthru>
246
			<enable/>
247
		</ipsecpassthru>
248
	</nat>
249
	<filter>
250
		<rule>
251
			<type>pass</type>
252
			<descr><![CDATA[Default allow LAN to any rule]]></descr>
253
			<interface>lan</interface>
254
			<source>
255
				<network>lan</network>
256
			</source>
257
			<destination>
258
				<any/>
259
			</destination>
260
		</rule>
261
		<rule>
262
			<type>pass</type>
263
			<interface>wan</interface>
264
			<source>
265
				<any/>
266
			</source>
267
			<destination>
268
				<any/>
269
			</destination>
270
			<statetype>keep state</statetype>
271
			<os/>
272
			<descr><![CDATA[Allow all via pfSsh.php]]></descr>
273
		</rule>
274
	</filter>
275
	<shaper/>
276
	<ipsec>
277
		<preferoldsa/>
278
		<phase1>
279
			<ikeid>1</ikeid>
280
			<interface>vip205</interface>
281
			<remote-gateway>192.168.1.100</remote-gateway>
282
			<mode>aggressive</mode>
283
			<myid_type>myaddress</myid_type>
284
			<myid_data/>
285
			<peerid_type>peeraddress</peerid_type>
286
			<peerid_data/>
287
			<encryption-algorithm>
288
				<name>3des</name>
289
			</encryption-algorithm>
290
			<hash-algorithm>sha1</hash-algorithm>
291
			<dhgroup>2</dhgroup>
292
			<lifetime>28800</lifetime>
293
			<pre-shared-key>as;ldkafjslekfj;asdf</pre-shared-key>
294
			<private-key/>
295
			<certref></certref>
296
			<caref></caref>
297
			<authentication_method>pre_shared_key</authentication_method>
298
			<generate_policy/>
299
			<proposal_check/>
300
			<descr><![CDATA[test]]></descr>
301
			<nat_traversal>on</nat_traversal>
302
			<dpd_delay>10</dpd_delay>
303
			<dpd_maxfail>5</dpd_maxfail>
304
		</phase1>
305
	</ipsec>
306
	<aliases/>
307
	<proxyarp/>
308
	<cron>
309
		<item>
310
			<minute>0</minute>
311
			<hour>*</hour>
312
			<mday>*</mday>
313
			<month>*</month>
314
			<wday>*</wday>
315
			<who>root</who>
316
			<command>/usr/bin/nice -n20 newsyslog</command>
317
		</item>
318
		<item>
319
			<minute>1,31</minute>
320
			<hour>0-5</hour>
321
			<mday>*</mday>
322
			<month>*</month>
323
			<wday>*</wday>
324
			<who>root</who>
325
			<command>/usr/bin/nice -n20 adjkerntz -a</command>
326
		</item>
327
		<item>
328
			<minute>1</minute>
329
			<hour>3</hour>
330
			<mday>1</mday>
331
			<month>*</month>
332
			<wday>*</wday>
333
			<who>root</who>
334
			<command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh</command>
335
		</item>
336
		<item>
337
			<minute>*/60</minute>
338
			<hour>*</hour>
339
			<mday>*</mday>
340
			<month>*</month>
341
			<wday>*</wday>
342
			<who>root</who>
343
			<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout</command>
344
		</item>
345
		<item>
346
			<minute>1</minute>
347
			<hour>1</hour>
348
			<mday>*</mday>
349
			<month>*</month>
350
			<wday>*</wday>
351
			<who>root</who>
352
			<command>/usr/bin/nice -n20 /etc/rc.dyndns.update</command>
353
		</item>
354
		<item>
355
			<minute>*/60</minute>
356
			<hour>*</hour>
357
			<mday>*</mday>
358
			<month>*</month>
359
			<wday>*</wday>
360
			<who>root</who>
361
			<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot</command>
362
		</item>
363
		<item>
364
			<minute>30</minute>
365
			<hour>12</hour>
366
			<mday>*</mday>
367
			<month>*</month>
368
			<wday>*</wday>
369
			<who>root</who>
370
			<command>/usr/bin/nice -n20 /etc/rc.update_urltables</command>
371
		</item>
372
	</cron>
373
	<wol/>
374
	<rrd>
375
		<enable/>
376
	</rrd>
377
	<load_balancer>
378
		<monitor_type>
379
			<name>ICMP</name>
380
			<type>icmp</type>
381
			<descr><![CDATA[ICMP]]></descr>
382
			<options/>
383
		</monitor_type>
384
		<monitor_type>
385
			<name>TCP</name>
386
			<type>tcp</type>
387
			<descr><![CDATA[Generic TCP]]></descr>
388
			<options/>
389
		</monitor_type>
390
		<monitor_type>
391
			<name>HTTP</name>
392
			<type>http</type>
393
			<descr><![CDATA[Generic HTTP]]></descr>
394
			<options>
395
				<path>/</path>
396
				<host/>
397
				<code>200</code>
398
			</options>
399
		</monitor_type>
400
		<monitor_type>
401
			<name>HTTPS</name>
402
			<type>https</type>
403
			<descr><![CDATA[Generic HTTPS]]></descr>
404
			<options>
405
				<path>/</path>
406
				<host/>
407
				<code>200</code>
408
			</options>
409
		</monitor_type>
410
		<monitor_type>
411
			<name>SMTP</name>
412
			<type>send</type>
413
			<descr><![CDATA[Generic SMTP]]></descr>
414
			<options>
415
				<send/>
416
				<expect>220 *</expect>
417
			</options>
418
		</monitor_type>
419
	</load_balancer>
420
	<widgets>
421
		<sequence>system_information-container:col1:show,captive_portal_status-container:col1:close,carp_status-container:col1:close,cpu_graphs-container:col1:close,gateways-container:col1:close,gmirror_status-container:col1:close,installed_packages-container:col1:close,interface_statistics-container:col1:close,interfaces-container:col2:show,ipsec-container:col2:close,load_balancer_status-container:col2:close,log-container:col2:close,picture-container:col2:close,rss-container:col2:close,services_status-container:col2:close,traffic_graphs-container:col2:close</sequence>
422
	</widgets>
423
	<revision>
424
		<time>1378212428</time>
425
		<description><![CDATA[admin@172.27.33.176: /vpn_ipsec_phase1.php made unknown change]]></description>
426
		<username>admin@172.27.33.176</username>
427
	</revision>
428
	<openvpn/>
429
	<l7shaper>
430
		<container/>
431
	</l7shaper>
432
	<dnshaper/>
433
	<cert>
434
		<refid>5225da0698320</refid>
435
		<descr><![CDATA[webConfigurator default]]></descr>
436
		<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVLRENDQTVHZ0F3SUJBZ0lKQUkyK0E0NzA2cGlSTUEwR0NTcUdTSWIzRFFFQkJRVUFNSUcvTVFzd0NRWUQKVlFRR0V3SlZVekVTTUJBR0ExVUVDQk1KVTI5dFpYZG9aWEpsTVJFd0R3WURWUVFIRXdoVGIyMWxZMmwwZVRFVQpNQklHQTFVRUNoTUxRMjl0Y0dGdWVVNWhiV1V4THpBdEJnTlZCQXNUSms5eVoyRnVhWHBoZEdsdmJtRnNJRlZ1CmFYUWdUbUZ0WlNBb1pXY3NJSE5sWTNScGIyNHBNU1F3SWdZRFZRUURFeHREYjIxdGIyNGdUbUZ0WlNBb1pXY3MKSUZsUFZWSWdibUZ0WlNreEhEQWFCZ2txaGtpRzl3MEJDUUVXRFVWdFlXbHNJRUZrWkhKbGMzTXdIaGNOTVRNdwpPVEF6TVRJME5UVTRXaGNOTVRrd01qSTBNVEkwTlRVNFdqQ0J2ekVMTUFrR0ExVUVCaE1DVlZNeEVqQVFCZ05WCkJBZ1RDVk52YldWM2FHVnlaVEVSTUE4R0ExVUVCeE1JVTI5dFpXTnBkSGt4RkRBU0JnTlZCQW9UQzBOdmJYQmgKYm5sT1lXMWxNUzh3TFFZRFZRUUxFeVpQY21kaGJtbDZZWFJwYjI1aGJDQlZibWwwSUU1aGJXVWdLR1ZuTENCegpaV04wYVc5dUtURWtNQ0lHQTFVRUF4TWJRMjl0Ylc5dUlFNWhiV1VnS0dWbkxDQlpUMVZTSUc1aGJXVXBNUnd3CkdnWUpLb1pJaHZjTkFRa0JGZzFGYldGcGJDQkJaR1J5WlhOek1JR2ZNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0R04KQURDQmlRS0JnUUQ0S2tiejA0SjJYNTRMZEplRmMvRFdBZFJ5NmlTMTI4ajFmUTh4cXR4L0VQYlZYTmhraDBjSQo4QjQxcWY4aStYQkhqaEwwYWdmaGxObmVrKysyYVZIeHdVZ2g0RG9hazRWNlBPdWg4YklyVzVFMHhoekM2WlQ2CnFkS0c4VENsRGFYYjRJQUVGV053eTZSb3VockNzdml2Uy9sbThWcXJhYjdKRndLMXpLc1hzUUlEQVFBQm80SUIKS0RDQ0FTUXdIUVlEVlIwT0JCWUVGTmZFTTlFMkQxSXBhN1dYcENBVmlLY29NN3VtTUlIMEJnTlZIU01FZ2V3dwpnZW1BRk5mRU05RTJEMUlwYTdXWHBDQVZpS2NvTTd1bW9ZSEZwSUhDTUlHL01Rc3dDUVlEVlFRR0V3SlZVekVTCk1CQUdBMVVFQ0JNSlUyOXRaWGRvWlhKbE1SRXdEd1lEVlFRSEV3aFRiMjFsWTJsMGVURVVNQklHQTFVRUNoTUwKUTI5dGNHRnVlVTVoYldVeEx6QXRCZ05WQkFzVEprOXlaMkZ1YVhwaGRHbHZibUZzSUZWdWFYUWdUbUZ0WlNBbwpaV2NzSUhObFkzUnBiMjRwTVNRd0lnWURWUVFERXh0RGIyMXRiMjRnVG1GdFpTQW9aV2NzSUZsUFZWSWdibUZ0ClpTa3hIREFhQmdrcWhraUc5dzBCQ1FFV0RVVnRZV2xzSUVGa1pISmxjM09DQ1FDTnZnT085T3FZa1RBTUJnTlYKSFJNRUJUQURBUUgvTUEwR0NTcUdTSWIzRFFFQkJRVUFBNEdCQUljZ0JDTndXZWliNzNDVHNpbVZDTEdUVmJiZQowbW1CMHk5VE1UTzQrMmxIZDFLalJUNU5WenZETFRNNVpwemxDWlNJeDlSOEROcExidHh2aXNzWjBET3FBa2lhCnN2c0llYmF6aFBlMXRZWFI4dWh5YXlBUG4vdTZUMEpQSFp3a09sZWY5K3plZlpjUmIrQ2VpaU9Pa2pCRTBuY2YKSFhKSkVvelAzS3NzM09USQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==</crt>
437
		<prv>R2VuZXJhdGluZyBSU0EgcHJpdmF0ZSBrZXksIDEwMjQgYml0IGxvbmcgbW9kdWx1cwouKysrKysrCi4uLi4uLi4rKysrKysKZSBpcyA2NTUzNyAoMHgxMDAwMSkKLS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlDV3dJQkFBS0JnUUQ0S2tiejA0SjJYNTRMZEplRmMvRFdBZFJ5NmlTMTI4ajFmUTh4cXR4L0VQYlZYTmhrCmgwY0k4QjQxcWY4aStYQkhqaEwwYWdmaGxObmVrKysyYVZIeHdVZ2g0RG9hazRWNlBPdWg4YklyVzVFMHhoekMKNlpUNnFkS0c4VENsRGFYYjRJQUVGV053eTZSb3VockNzdml2Uy9sbThWcXJhYjdKRndLMXpLc1hzUUlEQVFBQgpBb0dBQzNGM29CcXFzMmFwVlFIbFVzUUw0UEpvcDN2Z2dYcEhBL3JtVG5ZQWdPTjVYbEZQc1NNRHhZZTgvT0IvCjRVNzdQSEZ5c2s2SlduK1FwRkRTQnVsSVcvUThkU2RweUQ2NVZsNjMyQ0pZMFh6eGJCNTZYY3N2UkZPM0tSSnoKMFAvTWZlYVdYVGNjWjZBT1ZqTTBvd1hyaHRZc1oyTnhUdG02YWFSZHV4WkJobGtDUVFEL0ZmS0didzV6OEl2NgpWbEdFSWQvL2l0SUp2cHUySktEZXhWbzhYN01GOWFpZUlUYi8xRGQ4RGRQQ1d6RnZQMEMrNjQ3MGR0OTZtLzJhCi8xM0ZEN0tyQWtFQStRMzYxeFo0VjdKUlhsbkdLVi9hWDZ6VytDSW5hSXhZM09KcHUxazFmbFFQRkpwMGhSS2kKZS9zSFhpM1gzZ1h5anRBS2ZVRWY0WG1YNmRwanVKcC9Fd0pBUHBCWmZaTjdqZ0F2dE9TNjlaZUJZeUhmUmppVAo1R2F6ZGpBZFk3VnRLVWNKWms5ck4vQUs4OGhJYWVFSURPc01yRWNHTnZ0NDhJK1Y4aEEwSllNbUpRSkFhMmZMCkFJMHhNdWkwekpLOHNjVWpvTlVpRS9wdXNsaXNUZjNhaVRBc3NLRkJxNm44akJNQVBhV0JoTzBTUmk2Y2IxaHEKM1orRFJ6S3YvK3J0eklQY1B3SkFlYWpIT3hjdm9DRGlOcmZ5dUFGOWJRUXlVZ3NjZWxUNWNjNlhMMVZjZTA0TgpxTlZFS01CZmQ3NXFPS3NURFZxa3JudmJSaHJRRzRMRTNlM0UxNTR3UFE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=</prv>
438
	</cert>
439
	<virtualip>
440
		<vip>
441
			<mode>carp</mode>
442
			<interface>lan</interface>
443
			<vhid>205</vhid>
444
			<advskew>0</advskew>
445
			<advbase>1</advbase>
446
			<password>aewriawlfj</password>
447
			<descr/>
448
			<type>single</type>
449
			<subnet_bits>24</subnet_bits>
450
			<subnet>192.168.1.50</subnet>
451
		</vip>
452
	</virtualip>
453
</pfsense>
    (1-1/1)