11.2opnsenseDisable the pf ftp proxy handler.debug.pfftpproxydefaultIncrease UFS read-ahead speeds to match current state of hard drives and NCQ. More information here: http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.htmlvfs.read_maxdefaultSet the ephemeral port range to be lower.net.inet.ip.portrange.firstdefaultDrop packets to closed TCP ports without returning a RSTnet.inet.tcp.blackholedefaultDo not send ICMP port unreachable messages for closed UDP portsnet.inet.udp.blackholedefaultRandomize the ID field in IP packets (default is 0: sequential IP IDs)net.inet.ip.random_iddefaultDrop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)net.inet.tcp.drop_synfindefaultEnable sending IPv4 redirectsnet.inet.ip.redirectdefaultEnable sending IPv6 redirectsnet.inet6.ip6.redirectdefaultEnable privacy settings for IPv6 (RFC 4941)net.inet6.ip6.use_tempaddrdefaultPrefer privacy addresses and use them over the normal addressesnet.inet6.ip6.prefer_tempaddrdefaultGenerate SYN cookies for outbound SYN-ACK packetsnet.inet.tcp.syncookiesdefaultMaximum incoming/outgoing TCP datagram size (receive)net.inet.tcp.recvspacedefaultMaximum incoming/outgoing TCP datagram size (send)net.inet.tcp.sendspacedefaultIP Fastforwardingnet.inet.ip.fastforwardingdefaultDo not delay ACK to try and piggyback it onto a data packetnet.inet.tcp.delayed_ackdefaultMaximum outgoing UDP datagram sizenet.inet.udp.maxdgramdefaultHandling of non-IP packets which are not passed to pfil (see if_bridge(4))net.link.bridge.pfil_onlyipdefaultSet to 0 to disable filtering on the incoming and outgoing member interfaces.net.link.bridge.pfil_memberdefaultSet to 1 to enable filtering on the bridge interfacenet.link.bridge.pfil_bridgedefaultAllow unprivileged access to tap(4) device nodesnet.link.tap.user_opendefaultRandomize PIDs (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())kern.randompiddefaultMaximum size of the IP input queuenet.inet.ip.intr_queue_maxlendefaultDisable CTRL+ALT+Delete reboot from keyboard.hw.syscons.kbd_rebootdefaultEnable TCP extended debuggingnet.inet.tcp.log_debugdefaultSet ICMP Limitsnet.inet.icmp.icmplimdefaultTCP Offload Enginenet.inet.tcp.tsodefaultUDP Checksumsnet.inet.udp.checksumdefaultMaximum socket buffer sizekern.ipc.maxsockbufdefaultnormalOPNsenselocaldomainallAll Userssystem19980adminsSystem Administratorssystem19990page-allrootSystem Administratorsystemadmins$6$$Y8Et6wWDdXO2tJZRabvSfQvG2Lc8bAS6D9COIsMXEJ2KjA27wqDuAyd/CdazBQc3H3xQX.JXMKxJeRz2OqTkl.0user-shell-access623639353464326463336162326638643534663338336564383661663162613320002000Africa/Abidjan0.nl.pool.ntp.orghttps155a674a3abc802yes1hadphadphadpmonthly1en_USnonenonenonenone1enabledenabled115200serial8.8.8.811em1172.18.0.101dhcpv624WANGW01em0192.168.1.1024track664wan0PFSYNCem2110.0.0.1241192.168.1.10192.168.1.245192.168.1.20192.168.1.1192.168.1.1publicadvancedwan127.0.0.0/850011Auto created rule for ISAKMP - localhost to WANManual Outbound NAT Switchwan127.0.0.0/81Auto created rule - localhost to WANManual Outbound NAT Switch192.168.1.0/24Auto created rule for ISAKMP - LAN to WAN172.18.0.1000wan11500Manual Outbound NAT Switchroot@192.168.1.127192.168.1.0/24Auto created rule - LAN to WAN172.18.0.1000wan1Manual Outbound NAT Switchroot@192.168.1.100wan10.0.0.1/3250011Auto created rule for ISAKMP - PFSYNC to WANManual Outbound NAT Switchwan10.0.0.1/321Auto created rule - PFSYNC to WANManual Outbound NAT Switchpasswaninetkeep statecarp11root@192.168.1.127root@192.168.1.127passinetDefault allow LAN to any rulelanlanpassinet6Default allow LAN IPv6 to any rulelanlanpassopt1inetkeep state11root@192.168.1.100root@192.168.1.1001,310-5***rootadjkerntz -a131**root/usr/local/etc/rc.update_bogons*/60****root/usr/local/sbin/expiretable -v -t 3600 sshlockout11***root/usr/local/etc/rc.dyndns.update*/60****root/usr/local/sbin/expiretable -v -t 3600 virusprot3012***root/usr/local/etc/rc.update_urltablesICMPicmpICMPTCPtcpGeneric TCPHTTPhttpGeneric HTTP/200HTTPShttpsGeneric HTTPS/200SMTPsendGeneric SMTP220 *system_information-container:col1:show,captive_portal_status-container:col1:close,carp_status-container:col1:close,cpu_graphs-container:col1:close,gateways-container:col1:close,gmirror_status-container:col1:close,installed_packages-container:col1:close,interface_statistics-container:col1:close,interface_list-container:col2:show,ipsec-container:col2:close,load_balancer_status-container:col2:close,log-container:col2:close,picture-container:col2:close,rss-container:col2:close,services_status-container:col2:close,traffic_graphs-container:col2:closeroot@192.168.1.127: Updated High Availability configurationroot@192.168.1.12755a674a3abc80webConfigurator defaultLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZiekNDQTFlZ0F3SUJBZ0lKQU40cUlaTHV4VXcrTUEwR0NTcUdTSWIzRFFFQkN3VUFNRTR4Q3pBSkJnTlYKQkFZVEFrNU1NUlV3RXdZRFZRUUlEQXhhZFdsa0xVaHZiR3hoYm1ReEZUQVRCZ05WQkFjTURFMXBaR1JsYkdoaApjbTVwY3pFUk1BOEdBMVVFQ2d3SVQxQk9jMlZ1YzJVd0hoY05NVFV3TnpFMU1UUTFOak01V2hjTk1UWXdOekUwCk1UUTFOak01V2pCT01Rc3dDUVlEVlFRR0V3Sk9UREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXcKRXdZRFZRUUhEQXhOYVdSa1pXeG9ZWEp1YVhNeEVUQVBCZ05WQkFvTUNFOVFUbk5sYm5ObE1JSUNJakFOQmdrcQpoa2lHOXcwQkFRRUZBQU9DQWc4QU1JSUNDZ0tDQWdFQW4wUlorR05lVGg2Qk1YckNPQ04rc0kzZXJYWWhuWDRSCm8yallCQ3VzeVZoSjFQK2p6VHNzcEhnUkhRNWpLZVhyc21iL3drQ2dxVzVFSUx3QWx2eUVLL0VQTm1hMlE2Q3QKSVBMckZzdEFYV0hRWTVYdWQwMDNySjFyWVFKem8wY1p6ak1rM3dCNzkyZDBGaUREbk5sMDY5allDb0wyd1BaRgplZlVjVm9nMDh5MGxXemNPTkY2TldjcmNNZzdBNHBEZTdacXJQMm9Ud1Arcy9sOFMySlZVbU90OGh3Z3NsYmo1CmRFbHlnS0RXWXZyeTR3YzFzbWo3Yk00OXV0VW9JQmI1OUk0VmlrNzdUSklzN1FscjdpUGE1akJRclhiSElldHYKSnUvQXZpaTcwUjR5cmZFUy9yMm5uQkZOQ2FhS3dnbmgyYjBOZUwzTFBtUHN2Y1pEZm92a2l3dWwwWTVXR0FzVQpvN3lHZ0Fmd0t5SjdKSEJLZjVmTm1MdXRlb2w2cU9xblROTlFoMDNHNVFyWXVPWlU5blJLMDdRN1JiUC9taXhMClJEMEhwd3ZRbjBRR21yS3kxeWRwOFJtZnlxOWhvRWVuamVBV0xtT1p6eVZncHRrQzJod0RmalNLcWdkK3lWOXEKemJiSHpscy9ueFEvazVWZGRJZXBHOTRad0RFTFNqZFNzaXlnazNOQ2N5QXk4VXJRNnV0dWZLMTBGaXhKK2JFWQpMZW8veEhJcC8yWFJQYmVRSUpxRllrSm81WmRMSVk4dXNvQ0ZOcEtBeTRRTkoyRnZBSDUxK0JZQTRzK1hHSnZDCmw3SWdaVHI3a0F1WU9ncGZHWVZTWFFyT1FZMVFBYmE4eUZSYi8vcG1RMko3K3NxSDRlZ2puZ0lWZEltUTJlR2UKdzZRNVlURmtMRzBDQXdFQUFhTlFNRTR3SFFZRFZSME9CQllFRkVyY0tCaDBhVE1aVjRiUzRKNCtMWWZTejVRTwpNQjhHQTFVZEl3UVlNQmFBRkVyY0tCaDBhVE1aVjRiUzRKNCtMWWZTejVRT01Bd0dBMVVkRXdRRk1BTUJBZjh3CkRRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFBYzZKYU5pbTUyclh0c0lnekR4WVBjZjRiaWgwZlR6SHFqM0hTM1UKb0RvRmFOcG9ISTVFWjRCdTFlS2VnVVpqSEpMdTc2cWFkSnJvTkZ0cy83Zy8wdmliRW1venhqUzAxZUE2eUZRbAp0ZkRSSU5GU0puV05ZcnN4RHh6dHp4NGtYZ2QxcFlwbkNoUitDemord1ppNjhSWC9TTlpEOE1HSmIzVHJLT2FICnMyUGVoVTFRcTNqL25IT05TbEdwOHl3ZzRwVlBUUlZ6Y240anQ0NHc0RVNlWWtRTE1vZlhVeVluSzBxOWpaM0UKekE2UEtoWlhwNzFIYnJwYkNLRk5IaG14WDNFakFDS0VSRlN3QlFnRWs5QlBOdTI4YTgzS0FqVXhnNmIvbnJRMwpIbTIvdmdBQmJKQ3lWNUVvTU1NYlZOcUI3QXZ3MGJzQ2hYczk4dW9zcURtaWdld3dpaUJ5aGtBOWVjUnVOTW9hCmk2bDRacy9hTUhlYnRtRlI5Nmp0ZVoxY1RQazAvNEM3T2x2WE02VnhoWmhWMHZOb1ZyWExGZkw4eXI2TGlnUW4KWVRzUStMTlUrUUNyR1p6Mkl0ai9VNU5YZjZodFJQcTltVlh0ZmJQUDVPUmJYd3E3dmMrU3I0TDhCaXJkVE4rTApZWkd2bklSclBjVlBzTWZnOUp1cnFQRFpheG1KNEVUOHNxbEl1eEpySnY1SXNIbXJpRGNyUkx0NWlzQ1Zkbkc0CkNya1NPd1RLWmhPMUV2a1N1R0NVREJhT1BBdi82WUFRK3ZiQzdycnBtTit4TmM1R2xUcGRKS3c2YnNhVit5QzMKczJOeUJiNE5PS0VwamhubzZvZ0swMDBuL1FnMk9IMzB6VDlEWXQvZHg2UTA5Njd3QUIzZjFWWHphZFV2Z24xcQpESkZZCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRUUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Nzd2dna25BZ0VBQW9JQ0FRQ2ZSRm40WTE1T0hvRXgKZXNJNEkzNndqZDZ0ZGlHZGZoR2phTmdFSzZ6SldFblUvNlBOT3l5a2VCRWREbU1wNWV1eVp2L0NRS0NwYmtRZwp2QUNXL0lRcjhRODJaclpEb0swZzh1c1d5MEJkWWRCamxlNTNUVGVzbld0aEFuT2pSeG5PTXlUZkFIdjNaM1FXCklNT2MyWFRyMk5nS2d2YkE5a1Y1OVJ4V2lEVHpMU1ZiTnc0MFhvMVp5dHd5RHNEaWtON3RtcXMvYWhQQS82eisKWHhMWWxWU1k2M3lIQ0N5VnVQbDBTWEtBb05aaSt2TGpCeld5YVB0c3pqMjYxU2dnRnZuMGpoV0tUdnRNa2l6dApDV3Z1STlybU1GQ3Rkc2NoNjI4bTc4QytLTHZSSGpLdDhSTCt2YWVjRVUwSnBvckNDZUhadlExNHZjcytZK3k5CnhrTitpK1NMQzZYUmpsWVlDeFNqdklhQUIvQXJJbnNrY0VwL2w4Mll1NjE2aVhxbzZxZE0wMUNIVGNibEN0aTQKNWxUMmRFclR0RHRGcy8rYUxFdEVQUWVuQzlDZlJBYWFzckxYSjJueEdaL0tyMkdnUjZlTjRCWXVZNW5QSldDbQoyUUxhSEFOK05JcXFCMzdKWDJyTnRzZk9XeitmRkQrVGxWMTBoNmtiM2huQU1RdEtOMUt5TEtDVGMwSnpJREx4ClN0RHE2MjU4clhRV0xFbjVzUmd0NmovRWNpbi9aZEU5dDVBZ21vVmlRbWpsbDBzaGp5NnlnSVUya29ETGhBMG4KWVc4QWZuWDRGZ0RpejVjWW04S1hzaUJsT3Z1UUM1ZzZDbDhaaFZKZENzNUJqVkFCdHJ6SVZGdi8rbVpEWW52Ngp5b2ZoNkNPZUFoVjBpWkRaNFo3RHBEbGhNV1FzYlFJREFRQUJBb0lDQUFDWnFsa2tUcnV1bzhBQy9XNW11OWlBCmdHRlkrNkZ6VXkreGVuYnhqekluRWdncWVueVFoNGVMS0UxYXU0Yng1ZVNEUE4ySGp0TjBwZThWcGs3clhyZ24Kclc0QUR4bk1KanJrajN4RGdkZVlRY2ZPVGRySFFMbDIwbXZJTFpWazlEVHh2bWJVd3FMWkVmZnZZYTFhcUhVbgpHUkZaRXdNQktwdmVENkJIM1NNNWZWV05ySkVIOWpKcmNFOEQvVGdkWWFtMWxvV2pxYlZsZ1Vwb0kxTUxwUWo2CmdqcWtEajcyTm9KNHNHVEp0bVVqR3YwK0RyYkFiSW9wY05RZWI0dEhhdVBBRVZhM0czMWJZNjMxQmlJY29udVIKblF3NlVWL1FXbGZrT1c2K0NvOHNOUGF3M09oMjRJWFhEdHBGZFdwcnpSMGIrRXdITXhmbUdvTlFsdnFJSG5GaQpNUnlQbk15bmpvV2RBbjN4MjBmQTByNVduUHZ6bC9CQUVTR2JhbzJFaTVWeUFId3NKWlpIMCt3MzNjM3hWTmRUCkJOc3l4ekp2YUxwYk4wbEVYSWxORTVaZDVGYTFKNnpYM0RFVk5wQVdqWU1BcFc4U01KUnRGOXA1eW40b3kyQmYKb3R0T2hyK09aUWRpNlcwUFV6T2lzYkViTjVCc2lwSUpySFpxOXZBSVlxaTlaTGwvMHJETkVobmEzYk9kMDI5WAo2ekV3VnMwTkwrQ1A2OW4ybWxYNlhuS3ZMT0NsNGc4ZTRaMEJ5VDhvY09lVGVRMFY4Vm1nVVBnUjQ5ZkdRREo1Ck1wMUZOL0MxTlprdDlXNFF5cXh1TFJTdHdoRmFycm5jY3hQZWpvZWVPdlJySTJJNE0yUFJtaDF5ZlpWNERQZEMKZjVwNVBRWDZ0MUhuVm1jM29USkJBb0lCQVFET2ZPNDBUSjZ3YmgzSllYMXB4T3V1UkM2TGRyQ3c4R24yd2JWTQp6THVKaElNbS81ME5TMmlPYmNoQXI1WkpSV29ndCtJMUt0Mm9PM09PMmEyQU56eVo0SzNySG5sYUVuYkZIVldGCm9rL1Z1L3NxeUpzVWJWaGszUEMvMUhhWGNWdlFVNWs2MVMyaisvRGJKR1RKck13U3pucUg1Y3VJZS9mYVBZTVAKY0w2a2hmWExoMWtTZFZNMmY1V0lpNDFOTXhnSHRQNW4rQnlrU1JBaEVtNEQvV1RObW9MWGxQYk9sZTVvTkd0VgpWeEduTk53d3c2RW5aamd6UHg5OGV1bi9GSmJZR2pBWFpWQUluRlo5YTVSTW1WUllObjJaUVVXWjBLWjk1dHc2CmIrL3dTRTdUR3M3dXhkODBIbkRmVVlmVy9ZMjRHSnBvUHhKdnU1RUQ0NFV4U25DUkFvSUJBUURGZE0zZlhTWVIKNnNCNXhiU0dHUDhXYTZiQlFSWFJObnBzYmFtNDR0cWZONGE3NzA4cTkycHZ4US8xYlpzYXFZYTkwZTdCeWlhawpCYkdsT04vLzRra25yRFBNQjlOeHZRenpERnpueUZSNGpiZmJNdXZMNkhVRW9TMm9QZnljNDlhMzdZbXFaekRVCnZOS09HWmgzWkRtNGpVbmNEMW9lUm5PUlZXZzRDWEpkT1c2WGpHSTdTdXhXb01lVklKY2NuOENHR1NiRFN6MXoKZlg5cmVCU3Ara0M3QXRwYnhYT2h2cngyKzViZEovRWkvTzNDSnBOYUViRzMxT0s2ak1xOW1Kak0xcXFaNjJIUAorMXVUYlViYTlqYXNvaVZKL3A1SXMrOWZYVGdaZFNLYlhnbDVLdzQ4dm0yRWRWTmxlc3gwTWkzZFRia2d6ZTBHCjB3SkV6NVY5Rkt3ZEFvSUJBRm5KSndia3ZpZjNhY3BVTXVWWDlDY3RqSk9tQTRTY3RXYlBxaGIvK3hmNzM4K0kKWEhFWWRobGdrUy9YYWVEb1p4SmRBdWFkZ2c2UjgxaU5QSTFBOTMvdG01SmVDT1Jxbk94dktlM1d1eUkwQUM0RgpWckdXTGxhRlg4WDZDNnNrWm9qNm9PbGRJdUJvUDczNllEejFmek02Unp0cVo0c3NaSVNvTktIMUkyQ0V3M0ZCCnBEQ0xoYWh2NThTYzhjODh4Vmtza1djQ0V1bzR2dU95a05YNVMraS9JOSs3N1dtODloS25vSGhXU04zTTlXWGEKMnVzMzNuNGlGMzNZTUlGeklYaE1RdGNaZmFpUTJtYms3WEkxUmVDcHFRbUh3VXoxMWo5dXNCcFU3Qjh1UWVBMwppdjEyV3V6ZHc3VEhUZXJsQzhlZUl4M3JOd2dRcGlqcnVOSExEWkVDZ2dFQUNXNHNydkJKOHkwZENEUFREVnlBClFsZmQzUGo0eThjb1RhbG5JN2RoN1p5L1NKYURWMi85bTF6MENDcTE3NjROQzEvTllXQUFQSEV4TE16c2xkSCsKNEhBdkFSMldrYVlQeWtQYTVBOERTY2FxODBNWlUrSEVSUFpWc2VWVC9VSThiUWhoUE13MDN0UXQwaStTd3BEOAoyTDJXdTNYWVBmM3JZeE9MS0xINnprMEI1U2NGUWdPd0Nlc2YzUlZ6WWlDWEYxQjRNM2VTZGNPV3BGRlYyMUJpCmF3d1YxYkEyZDVFZWV5aEU2a2NRRXpXMVBVS09Zd3paU2doVzA4WUpvTWg2ODcyRTVGa0RrT1ZXV0ZJdHdpTmsKTlJhQlpXbE5zZmMyQlgzMFFmTUFOaDlsb0czWC9qcXlERk4yS2pDVk55OTJWVTF5L0FnWnUrdXovZ2xVQUdkTwpXUUtDQVFBNFB1d09oRzlKTjlUUlJrVTVpcG85a2V0MUpJQUgyUjFaR2dBMElWZWp3Z3FjOUhnc0VnbjZPZ0ZjClRoSElQNm5nZTFCMHh6d3plVXNnUGx3ZVN1L0FTQ0xXbHd6bmhFcVpZcnZaRDNJSXBqdDRybmZLMUQ3Q2dRUTkKSmlNcm9aOWhianMxckVqb0U0Wm52VUgxSm1KVk55S3VwMkkwbmlaZ3BLanM5SFhXTDhySEFGdXVac2QzNVhPNwpvZXZCWVJsVG9jZnduUGRZT1pTN3BsWVFPUmc1TVZYN2dzeU11elllSXRxUEgrdGRGZ0REL0EzYzBRd1FPMTJ4CmFnSXVWa00rOUxrdzFoQ25QOGRGTHc5Y21lc2NTejRBcUEyREtOMGtQcjhNY3l5dFdQa3NZTGpkVC9VNWlQaTQKYm55a3UrckY3ZEpkcGw3L1dMY1RjS05lQXozbwotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==wan172.18.0.250WANGW1inetWAN Gateway11carpwan101opnsenseVIP WANxsingle24172.18.0.100carplan301opnsenseVIP LANsingle24192.168.1.1ononon10.0.0.2opt110.0.0.2rootopnsenseononon