11.2 opnsense Disable the pf ftp proxy handler. debug.pfftpproxy default Increase UFS read-ahead speeds to match current state of hard drives and NCQ. More information here: http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html vfs.read_max default Set the ephemeral port range to be lower. net.inet.ip.portrange.first default Drop packets to closed TCP ports without returning a RST net.inet.tcp.blackhole default Do not send ICMP port unreachable messages for closed UDP ports net.inet.udp.blackhole default Randomize the ID field in IP packets (default is 0: sequential IP IDs) net.inet.ip.random_id default Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway) net.inet.tcp.drop_synfin default Enable sending IPv4 redirects net.inet.ip.redirect default Enable sending IPv6 redirects net.inet6.ip6.redirect default Enable privacy settings for IPv6 (RFC 4941) net.inet6.ip6.use_tempaddr default Prefer privacy addresses and use them over the normal addresses net.inet6.ip6.prefer_tempaddr default Generate SYN cookies for outbound SYN-ACK packets net.inet.tcp.syncookies default Maximum incoming/outgoing TCP datagram size (receive) net.inet.tcp.recvspace default Maximum incoming/outgoing TCP datagram size (send) net.inet.tcp.sendspace default IP Fastforwarding net.inet.ip.fastforwarding default Do not delay ACK to try and piggyback it onto a data packet net.inet.tcp.delayed_ack default Maximum outgoing UDP datagram size net.inet.udp.maxdgram default Handling of non-IP packets which are not passed to pfil (see if_bridge(4)) net.link.bridge.pfil_onlyip default Set to 0 to disable filtering on the incoming and outgoing member interfaces. net.link.bridge.pfil_member default Set to 1 to enable filtering on the bridge interface net.link.bridge.pfil_bridge default Allow unprivileged access to tap(4) device nodes net.link.tap.user_open default Randomize PIDs (see src/sys/kern/kern_fork.c: sysctl_kern_randompid()) kern.randompid default Maximum size of the IP input queue net.inet.ip.intr_queue_maxlen default Disable CTRL+ALT+Delete reboot from keyboard. hw.syscons.kbd_reboot default Enable TCP extended debugging net.inet.tcp.log_debug default Set ICMP Limits net.inet.icmp.icmplim default TCP Offload Engine net.inet.tcp.tso default UDP Checksums net.inet.udp.checksum default Maximum socket buffer size kern.ipc.maxsockbuf default normal OPNsense localdomain all All Users system 1998 0 admins System Administrators system 1999 0 page-all root System Administrator system admins $6$$Y8Et6wWDdXO2tJZRabvSfQvG2Lc8bAS6D9COIsMXEJ2KjA27wqDuAyd/CdazBQc3H3xQX.JXMKxJeRz2OqTkl. 0 user-shell-access 6236393534643264633361623266386435346633383365643836616631626133 2000 2000 Africa/Abidjan 0.nl.pool.ntp.org https 1 549a859fe5a0a 2 yes 1 hadp hadp hadp monthly 1 1 enabled enabled 115200 serial en_US 8.8.8.8 1 none none none none 1 em1 172.18.0.102 dhcpv6 24 WANGW 0 1 em0 192.168.1.20 24 track6 64 wan 0 PFSYNC em2 1 10.0.0.2 24 1 192.168.1.10 192.168.1.245 192.168.1.10 192.168.1.1 192.168.1.1 public advanced wan 127.0.0.0/8 500 1 1 Auto created rule for ISAKMP - localhost to WAN Manual Outbound NAT Switch wan 127.0.0.0/8 1 Auto created rule - localhost to WAN Manual Outbound NAT Switch 192.168.1.0/24 Auto created rule for ISAKMP - LAN to WAN 172.18.0.100 0 wan 1 1 500 Manual Outbound NAT Switch root@192.168.1.127 192.168.1.0/24 Auto created rule - LAN to WAN 172.18.0.100 0 wan 1 Manual Outbound NAT Switch root@192.168.1.100 wan 10.0.0.1/32 500 1 1 Auto created rule for ISAKMP - PFSYNC to WAN Manual Outbound NAT Switch wan 10.0.0.1/32 1 Auto created rule - PFSYNC to WAN Manual Outbound NAT Switch pass wan inet keep state carp 1 1 root@192.168.1.127 root@192.168.1.127 pass inet Default allow LAN to any rule lan lan pass inet6 Default allow LAN IPv6 to any rule lan lan pass opt1 inet keep state 1 1 root@192.168.1.100 root@192.168.1.100 1,31 0-5 * * * root adjkerntz -a 1 3 1 * * root /usr/local/etc/rc.update_bogons */60 * * * * root /usr/local/sbin/expiretable -v -t 3600 sshlockout 1 1 * * * root /usr/local/etc/rc.dyndns.update */60 * * * * root /usr/local/sbin/expiretable -v -t 3600 virusprot 30 12 * * * root /usr/local/etc/rc.update_urltables ICMP icmp ICMP TCP tcp Generic TCP HTTP http Generic HTTP / 200 HTTPS https Generic HTTPS / 200 SMTP send Generic SMTP 220 * system_information-container:col1:show,captive_portal_status-container:col1:close,carp_status-container:col1:close,cpu_graphs-container:col1:close,gateways-container:col1:close,gmirror_status-container:col1:close,installed_packages-container:col1:close,interface_statistics-container:col1:close,interface_list-container:col2:show,ipsec-container:col2:close,load_balancer_status-container:col2:close,log-container:col2:close,picture-container:col2:close,rss-container:col2:close,services_status-container:col2:close,traffic_graphs-container:col2:close (system)@10.0.0.1: Merged in config (staticroutes,gateways,virtualip,schedules,filter,nat,dhcpd sections) from XMLRPC client. (system)@10.0.0.1 549a859fe5a0a webConfigurator default LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZiekNDQTFlZ0F3SUJBZ0lKQUo0Y2VGS2U1RGF0TUEwR0NTcUdTSWIzRFFFQkN3VUFNRTR4Q3pBSkJnTlYKQkFZVEFrNU1NUlV3RXdZRFZRUUlEQXhhZFdsa0xVaHZiR3hoYm1ReEZUQVRCZ05WQkFjTURFMXBaR1JsYkdoaApjbTVwY3pFUk1BOEdBMVVFQ2d3SVQxQk9jMlZ1YzJVd0hoY05NVFF4TWpJME1Ea3lNVE00V2hjTk1UVXhNakkwCk1Ea3lNVE00V2pCT01Rc3dDUVlEVlFRR0V3Sk9UREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXcKRXdZRFZRUUhEQXhOYVdSa1pXeG9ZWEp1YVhNeEVUQVBCZ05WQkFvTUNFOVFUbk5sYm5ObE1JSUNJakFOQmdrcQpoa2lHOXcwQkFRRUZBQU9DQWc4QU1JSUNDZ0tDQWdFQXovalZKNlRSZUJDUDV5UFo4aU5IL0h6aSt0UUh5UEd1CmVMUVkxb2c4TWJVa1JYZm94bGtKN0VxQTQzR2ZRRXphZzdsQ3c0Q1dBMVRqYnNNdmFpUnZFaFBta3IwYTZlUUgKOU1HdDl2cjdUZGlTdmxSei9zZUc5bkR4Q2JRSnh6OUs5NEtpQWl3aE1rcUhyYmpBNVBGTFlrNGVVRW13NU9WSAp5ajZjSU55eit2alFGKy9rY3MwZ3k1VGF4V0tvcnZVM1RtNFJOTm9rblE3Mmd5R2Z2T3Bydi9ibnEvQ3pYRWovCmsrNmM5bzQ5MTRhZ2Z6RmJYQ0s5c3M2Z1VRZFlDNHBBcTAzSHllMk9EUHhWRnVCS3JuN01kd3RNdUFTc1ViUmIKL1A1UTRmdjNzSmhhZGhrd05MaE15LzNUNkpvZ0pzN29DUVI1WEZPUXFJMVpKcWlkRWp2MFB5aW02bGhHVXVEZQpTa2wrekhnMzAvZFY5Y05HblhlRzBkdGNLN3p5OVdIc3Z3bzNqUU12aXY2bDVjekEySGFGQzQvWmJQU21GRVdaCnpIZ2Fmam9KSjhMMVNoUWtDU1JGV2s4SHFqdG92ajRoR0lBSTBtb1h0eUtQNTQwT1EvQ2wzelJMM1MydmMrb0gKamtnQmRrWWIvTjIzbkUxb1UvbkhnRHgvalhmOHQ1Zm9XNXpJZ1RMdm1QN01RSWhhVWIxbk01ZjRzVU1hVk00cQpZN2g4UURRUElsT3NrUk9lYXRsNkZFSnVMQWRpVkcrNGY0b21DK1Azc1JOK2RxRTZUSVF4NENJSG5GMXZTZ2Q3ClYrOHptL0M3SnhQdXNRR1R6L3JraG5LeFB6T2VxMzNKSU90a2s2REwwOXNrbGs3RmlxWnhNaFVwVjRSM2FTSFIKVW1GOTJQb2FVeEVDQXdFQUFhTlFNRTR3SFFZRFZSME9CQllFRkNkeG1Pdytya1c3UFg3RXBOQWxidENjaWNnMgpNQjhHQTFVZEl3UVlNQmFBRkNkeG1Pdytya1c3UFg3RXBOQWxidENjaWNnMk1Bd0dBMVVkRXdRRk1BTUJBZjh3CkRRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFNSUtMd2tjalcrRWxNVS82VXZORFh0ZnppOTVualQ1ZmJsby94RGoKdDFXUDlVbkd4bmF6aFl2eUs5bEdLdFJUSGRaRER3bSthemJicklmOXFSdUo4ZzdSZ1VxSTZoWHQ2VjkremlDYgpNdVcvZnBvMmxDVlNPYUZsV2dnMzVHblZyeTJDNU5iZi9ZeXJFSi9VaU1Ed2Q4QUZyaStITHNkMU4xWGh3M1grCk53M0JlTEx6QmcvaFF5Wi9ZZ08wVW9ma0h6SFQ1T2UyeHM3a2xMUFZab2dGT3JCM0lJYmkrdFBWN1RuK3RGUmYKWFJ4ZkR6R0xwcTlIb1dxVDFtU0xjVjRGem5iUUhnSmoveitsVGxMRFc0OG83WGpWSUIyTnRNUjJVc1BEN24wOAo0aGZJcUNWbWFmT1lFUFplYk45VUNJdG54SXJ4NUFzRjZVRGVGK2Y1Tnh4ZnNkdENxMmd2SXM5WUsxN3BiZXZlCkZ2QkZYWUt0dnVJRTRwSDU2OGhGT0dtdDVSM3RDcTByeGVQanQ2cERTc1Q2cFRmUE9qMlZUSUNMaEU3MFBXQUkKTVZkOWRMd2I1bm9FaHYvK20zU083aGZlVll4MHZURGlNOGNvV3hoZ3VacUdhVUZmQjNwNjQyNEFMaGtTVXd3eApuSGxTbHZjYW1KRTB3bmdkT1pXM243TnU2YUM5QTRWaStlTkNONUZ3UWVma0VMVTVDcmlVNkttOUg1elJoaFZECmZBMUN2N1NZNEYreWxBZ0pjc2s0aGpoMWxYc2x1YWY1SzNwSHZFYVREZng3R0JvRXhxZWgvYitiZEZNMU5PZnUKb1FKU3NmT3poS2ZrMTB5QWNZa0dBcFVjRkVrb1Y4MFp3dk5uVW5tenB6WlBncGxON0MrOHI2M1hFQ3JWSGs4OApUNlJ6Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRRFArTlVucE5GNEVJL24KSTlueUkwZjhmT0w2MUFmSThhNTR0QmpXaUR3eHRTUkZkK2pHV1Fuc1NvRGpjWjlBVE5xRHVVTERnSllEVk9OdQp3eTlxSkc4U0UrYVN2UnJwNUFmMHdhMzIrdnROMkpLK1ZIUCt4NGIyY1BFSnRBbkhQMHIzZ3FJQ0xDRXlTb2V0CnVNRGs4VXRpVGg1UVNiRGs1VWZLUHB3ZzNMUDYrTkFYNytSeXpTRExsTnJGWXFpdTlUZE9iaEUwMmlTZER2YUQKSVorODZtdS85dWVyOExOY1NQK1Q3cHoyamozWGhxQi9NVnRjSXIyeXpxQlJCMWdMaWtDclRjZko3WTRNL0ZVVwo0RXF1ZnN4M0MweTRCS3hSdEZ2OC9sRGgrL2V3bUZwMkdUQTB1RXpML2RQb21pQW16dWdKQkhsY1U1Q29qVmttCnFKMFNPL1EvS0ticVdFWlM0TjVLU1g3TWVEZlQ5MVgxdzBhZGQ0YlIyMXdydlBMMVlleS9DamVOQXkrSy9xWGwKek1EWWRvVUxqOWxzOUtZVVJabk1lQnArT2drbnd2VktGQ1FKSkVWYVR3ZXFPMmkrUGlFWWdBalNhaGUzSW8vbgpqUTVEOEtYZk5FdmRMYTl6NmdlT1NBRjJSaHY4M2JlY1RXaFQrY2VBUEgrTmQveTNsK2hibk1pQk11K1kvc3hBCmlGcFJ2V2N6bC9peFF4cFV6aXBqdUh4QU5BOGlVNnlSRTU1cTJYb1VRbTRzQjJKVWI3aC9paVlMNC9leEUzNTIKb1RwTWhESGdJZ2VjWFc5S0IzdFg3ek9iOExzbkUrNnhBWlBQK3VTR2NyRS9NNTZyZmNrZzYyU1RvTXZUMnlTVwpUc1dLcG5FeUZTbFhoSGRwSWRGU1lYM1kraHBURVFJREFRQUJBb0lDQUNwaUg2NlFuRS9Ic0V2K3RtL3VXTUZRCkFrSHo3Qkk3anI3eWxRMURmbUR5OVkxaXZvR05xOFFIK3ZSZk40RTNLR0VuNUQ5TGVVYjhpYzBNNGlEVGcvOC8KSndKSW42K0MxVXhBSEYvMURqbnpKUlM4eVZibStzNUdmaGpvSkFZREZCZ1UrMGRPRHdYY3dvSFk0UmJIUmdHbQp3ZTdDMWRZUUUrMVhqU0gxV0lpUkpIZDhZQ1kxUDdXOWhFZ3Ryd3JZMW9pWlRkQmpsSXFkZmdlRFZyWjlYN0FqCmRWdEpGb1I4Sy9uTjZ4Y2tMZDQ2aFlMbVlDUUt3SFlzUGVmRmcxLzJzTzg0VHJzTU9xTFMyZFJycVV5ZWNyVGcKREthRDdVcEpZMlhQdmxRUHNZNi92Yy9MbWxOa0srSjJ2RFR2RkJaVW5GMGFHRkdFaGpxVGM5TzVFU21pSmtoSwp4N0ZMME9sTGxmbXlLV0lzSWhhbW9sZTVYWm9VZWxqckxDSGJXdUhsOG5tb2puMTl4cDN1TVA5WHY2MUtmelJTCm1HdjNGbkRGWC9pNVRkZExxUGVMUThpaUYxZXE4OGkrTWRVZDFVb2lteXlQdXZhcWFndjhBM3VaektwYzd3clMKMHZWSGc2ekRmTmNsL0NIMGh6SXZYNXU5QzFiMmdiTXdJbFpwV3JnL2JvaE9SMGNPTVdlZGh4STFOTmFmbDZYNwpMZGNXbzZvRElKT0FHWWpua0R1OGI4OXdVem85WUZRQkpvMU03WFRTdnh0cmF4TnBHUnIxR2VHeXd3MGJ4Z3dsCkV4UkxZM0hhU0dnSlcxanpNMzZhWFkvdi84RU1TVGZsWEFLSWxSWHF3QndUVWcvV1ZTNDJyb0VyRzZ5bjZjbi8KckF5bS9IWS9IR2lXVmdKdjY1Y0JBb0lCQVFEb2N4citOL01JQ281RkJTdUtmcmtSREYzdE9vVUlkQ1p1TGoxMwpKVzREOVgxNkY0NHlqcHowaHcrMENGVURwK1dJTTNGS3VhOWMwT2tNRXhoaCtqRDcvNFlYdkpMbE00dnlxWkRqCm0wOVY4cUxhb1NCbHBlTjRwbzVTcnhSNGovTHNYdk4ySFg2OFJ5a1hLNzR0UVZXU1JtNThuMVRVcm9ORktYNnQKekVPdmtCZ0RKd09GNnF0ZmlwcGl3cVozZXIrL0VOaTJydzVmYkh3YXRmMjROTXFOTmhJRDhwN1dEVDlCL0NBSQo2RXdJWDVrUTdOZFduVU5PR0RnTlBDRndPWXFrdlVmMlAyRzFqRE5EZGh5alBJczVhVUQwS01XZVh4Ym5veDMrClo2NkNmeUlzWUowQU5zeWJOVFhCY3dMcE5nRmJTNnZmNjR1Wm0xSDZ0WW5kZU9pNUFvSUJBUURsQ3QzdHJmcTEKelpPSWhKWURMNEdmZ0pqREFmeFZPaUN6c2dOS1BFcmIyYXRQR3pQZGdjNitLVStHNmZJS2xXaUxiZU55RDlGNgpJdHU3QnJKQlBvT3hDNTVPSW16czQrTUdFSmxqUWIzZzh3NTRRWGZNZGszcGpydCtjd290VGtlaXF3MCtrUytLClZuYkZSL1ZFVGNKaThnQkM0eVFRZGZTNk00SDBHeHVlbktpTysxSjdqdm5Cb1M4NkZOKzArWFRLTUVGWXhJR1IKYkc1amZGUzF5eGxhY2Fza3grS3lMc2VpQkNIYTJXQlhCSmxMb2tQaC9KV0ZOZmN2c2M3S1RvTWY2K3hRcHJqQQpjdEU0Y053dGNDa0xJR3RzSEc4YXhaclA2QWJtR1ZpSFA3NXVaUXNYSzZ4NXV2QWZsNG1XVUJXaU5sNzkyRnVwCmIwZVRNM3A0U2VFWkFvSUJBSGJKazhyRUpzTStPYlFWejBsb053VDZUK21TVlRlYnU2UGtwMjZDeHpUb3VDV3oKY2V4dUt0RmZUK3dOc2Z3N1NiWVBxOTZuQTNHb0pPQVJ4ZzBUd1FLV2N4MGdOZVZCTVV4aDBQUXZneHlGOFNsTwoyL0oyRXNldVBkOE5MNlhvMGhodThYV3ozdmN5V2xKSC9WaTlJWkN0dzNxV0pkREdHYmszV2xCUXFXcEhkYTN1CnV3TXRpRVE3M1dlSTEyOEpZSUd3aHo3Y09Ma1ZCRnJXRkFHVm9Na0hENi9LeGRiWFVETlZONzIxa0YxYkZTcXMKRGVOcVhHSEZTS2VpeWVmQzBCSWQxRytIdGxRRGdKTUNBZUo5Wnh5QXFEdmR0aGVYdW1uSFZ1V1NjSUNwblhvVwpLVVZadTdlNU9tNVFhdlZvcnNyTDRkcDlVWXErNytieDdMRXNQNmtDZ2dFQVJRdGRrMFNiQ3lzSmltSE5odkJQCk52SGhHd2dDTlA3czFMNlkxMHdObFBDcy80L0h0c0ptdkZSZnNOL2RJdXVmTkVqUUE1WlpJMlJXc0s1NEZjcnUKai9SY3FGa2dWTmp0bXVwdUVzbkNuNGtsbDRMRXhsSHpjckNnUEtJWk0wY2h1UnV2Um1rbDE2SHc4OCtaVkJuTQp1MThRVFJtRHlhS0ZQNHcvWklLM2RMenM0dzFIOUE5Sm91RWdCM1k3YWFhNVdpbnB5UVNUdW03aGFBUVcxU2FBCllnOVo5Q0I5YWhGSUJNTVNJWkxkdzkyVENJWEZ5TjRIaEx5YjR6aktpWm5aVlVvZFZzS3Jkdmdsc2NuejFZNjIKRUxDWk1XSHc3RFVkVWdjejdURSt5cWFnbFU3SVpSZTVTb2piMGVvd2c2dG9taG1oMFF2anRkUGgwN0gwL1VYbwpJUUtDQVFFQTRlaHM3M2IzUnlxNGw1RWZOTVhxNmlkeEEraXMzbi9vbnpMN2RZdXhNaG04RG1nYVg4V3hDckNLCmQzY3ZtMDNYWld4QUlsdEhNRk52Rzh5Sk0yb1hEQ3VmclNhOGhHYkdCM2hBclZXNWdXRUdvdCtvSS82Z1grV2EKcEE0TWZ0THRCbFFYVE1va3FvdktMbnZDQ3JqWEtuUW5YV1ZBNENlYUp4alNPNkhlNWxLaXlqZHhod3hYWTJPbAowV1ltN0xTM01pUkVHc1VvMFdTeHNwSmtkMVpwcGRleThkWDloVmVrV0t1UDZwcVJZZXQvZkV4b205U1ZxcmJkCkFINUVZbzNRM3l5VURzY2NOQXRJK0xHY3hFQmp0c21UVEFFV2ZWZ3hXNE5XZnJIQVNWbmFiWDdrSy9EOFQ5TG0KNXIrMGFXaG1La0xpUXdNcmRQSlNZT1VFTkh1S25nPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= wan 172.18.0.250 WANGW 1 inet WAN Gateway 1 1 carp wan 1 100 1 opnsense VIP WANx single 24 172.18.0.100 carp lan 3 100 1 opnsense VIP LAN single 24 192.168.1.1 10.0.0.1 opt1 on