2004-11-07 04:06:49 +01:00
<?xml version="1.0"?>
2004-12-12 02:44:44 +01:00
<!-- pfSense default system configuration -->
2005-01-22 00:31:30 +01:00
<pfsense >
2013-09-14 16:17:43 +02:00
<version > 9.9</version>
2004-11-07 04:06:49 +01:00
<lastchange > </lastchange>
2009-06-26 02:57:36 +02:00
<theme > pfsense_ng</theme>
2007-05-27 00:00:36 +02:00
<sysctl >
2011-01-17 22:29:04 +01:00
<item >
<descr > <![CDATA[Disable the pf ftp proxy handler.]]> </descr>
<tunable > debug.pfftpproxy</tunable>
<value > default</value>
</item>
2010-11-20 20:40:15 +01:00
<item >
2011-01-10 22:09:41 +01:00
<descr > <![CDATA[Increase UFS read-ahead speeds to match current state of hard drives and NCQ. More information here: http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html]]> </descr>
2010-11-20 20:40:15 +01:00
<tunable > vfs.read_max</tunable>
<value > default</value>
2010-11-20 20:42:27 +01:00
</item>
2007-07-05 18:13:38 +02:00
<item >
2011-01-10 22:09:41 +01:00
<descr > <![CDATA[Set the ephemeral port range to be lower.]]> </descr>
2007-07-05 18:13:38 +02:00
<tunable > net.inet.ip.portrange.first</tunable>
2009-12-06 06:48:32 +01:00
<value > default</value>
2007-07-05 18:13:38 +02:00
</item>
2007-05-27 00:34:48 +02:00
<item >
2011-01-10 22:09:41 +01:00
<descr > <![CDATA[Drop packets to closed TCP ports without returning a RST]]> </descr>
2007-05-27 00:34:48 +02:00
<tunable > net.inet.tcp.blackhole</tunable>
2009-12-06 06:48:32 +01:00
<value > default</value>
2007-05-27 00:34:48 +02:00
</item>
<item >
2011-01-10 22:09:41 +01:00
<descr > <![CDATA[Do not send ICMP port unreachable messages for closed UDP ports]]> </descr>
2007-05-27 00:34:48 +02:00
<tunable > net.inet.udp.blackhole</tunable>
2009-12-06 06:48:32 +01:00
<value > default</value>
2007-05-27 00:34:48 +02:00
</item>
<item >
2011-01-10 22:09:41 +01:00
<descr > <![CDATA[Randomize the ID field in IP packets (default is 0: sequential IP IDs)]]> </descr>
2007-05-27 00:34:48 +02:00
<tunable > net.inet.ip.random_id</tunable>
2009-12-06 06:48:32 +01:00
<value > default</value>
2007-05-27 00:34:48 +02:00
</item>
<item >
2011-01-10 22:09:41 +01:00
<descr > <![CDATA[Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)]]> </descr>
2007-05-27 00:34:48 +02:00
<tunable > net.inet.tcp.drop_synfin</tunable>
2009-12-06 06:48:32 +01:00
<value > default</value>
2007-05-27 00:34:48 +02:00
</item>
<item >
2011-01-10 22:09:41 +01:00
<descr > <![CDATA[Enable sending IPv4 redirects]]> </descr>
2007-05-27 00:34:48 +02:00
<tunable > net.inet.ip.redirect</tunable>
2009-12-06 06:48:32 +01:00
<value > default</value>
2007-05-27 00:34:48 +02:00
</item>
<item >
2011-01-10 22:09:41 +01:00
<descr > <![CDATA[Enable sending IPv6 redirects]]> </descr>
2007-05-27 00:34:48 +02:00
<tunable > net.inet6.ip6.redirect</tunable>
2009-12-06 06:48:32 +01:00
<value > default</value>
2007-06-27 21:37:11 +02:00
</item>
2013-01-21 15:14:37 +01:00
<item >
<descr > <![CDATA[Enable privacy settings for IPv6 (RFC 4941)]]> </descr>
<tunable > net.inet6.ip6.use_tempaddr</tunable>
<value > default</value>
</item>
<item >
<descr > <![CDATA[Prefer privacy addresses and use them over the normal addresses]]> </descr>
<tunable > net.inet6.ip6.prefer_tempaddr</tunable>
<value > default</value>
</item>
2007-05-27 00:34:48 +02:00
<item >
2011-01-10 22:09:41 +01:00
<descr > <![CDATA[Generate SYN cookies for outbound SYN-ACK packets]]> </descr>
2007-05-27 00:34:48 +02:00
<tunable > net.inet.tcp.syncookies</tunable>
2009-12-06 06:48:32 +01:00
<value > default</value>
2007-05-27 00:34:48 +02:00
</item>
2007-05-27 00:00:36 +02:00
<item >
2011-01-10 22:09:41 +01:00
<descr > <![CDATA[Maximum incoming/outgoing TCP datagram size (receive)]]> </descr>
2007-05-27 00:00:36 +02:00
<tunable > net.inet.tcp.recvspace</tunable>
2009-12-06 06:48:32 +01:00
<value > default</value>
2007-05-27 00:00:36 +02:00
</item>
<item >
2011-01-10 22:09:41 +01:00
<descr > <![CDATA[Maximum incoming/outgoing TCP datagram size (send)]]> </descr>
2007-05-27 00:00:36 +02:00
<tunable > net.inet.tcp.sendspace</tunable>
2009-12-06 06:48:32 +01:00
<value > default</value>
2007-05-27 00:00:36 +02:00
</item>
<item >
2011-01-10 22:09:41 +01:00
<descr > <![CDATA[IP Fastforwarding]]> </descr>
2007-05-27 00:00:36 +02:00
<tunable > net.inet.ip.fastforwarding</tunable>
2009-12-06 06:48:32 +01:00
<value > default</value>
2007-05-27 00:00:36 +02:00
</item>
<item >
2011-01-10 22:09:41 +01:00
<descr > <![CDATA[Do not delay ACK to try and piggyback it onto a data packet]]> </descr>
2007-05-27 00:00:36 +02:00
<tunable > net.inet.tcp.delayed_ack</tunable>
2009-12-06 06:48:32 +01:00
<value > default</value>
2007-05-27 00:00:36 +02:00
</item>
<item >
2011-01-10 22:09:41 +01:00
<descr > <![CDATA[Maximum outgoing UDP datagram size]]> </descr>
2007-05-27 00:00:36 +02:00
<tunable > net.inet.udp.maxdgram</tunable>
2009-12-06 06:48:32 +01:00
<value > default</value>
2007-05-27 00:00:36 +02:00
</item>
<item >
2011-01-10 22:09:41 +01:00
<descr > <![CDATA[Handling of non-IP packets which are not passed to pfil (see if_bridge(4))]]> </descr>
2007-05-27 00:00:36 +02:00
<tunable > net.link.bridge.pfil_onlyip</tunable>
2009-12-06 06:48:32 +01:00
<value > default</value>
2007-05-27 00:00:36 +02:00
</item>
2008-09-01 21:38:34 +02:00
<item >
2011-01-10 22:09:41 +01:00
<descr > <![CDATA[Set to 0 to disable filtering on the incoming and outgoing member interfaces.]]> </descr>
2010-03-27 03:05:25 +01:00
<tunable > net.link.bridge.pfil_member</tunable>
<value > default</value>
2008-09-01 21:38:34 +02:00
</item>
<item >
2011-01-10 22:09:41 +01:00
<descr > <![CDATA[Set to 1 to enable filtering on the bridge interface]]> </descr>
2010-03-27 03:05:25 +01:00
<tunable > net.link.bridge.pfil_bridge</tunable>
<value > default</value>
2008-09-01 21:38:34 +02:00
</item>
2007-05-27 00:00:36 +02:00
<item >
2011-01-10 22:09:41 +01:00
<descr > <![CDATA[Allow unprivileged access to tap(4) device nodes]]> </descr>
2007-05-27 00:00:36 +02:00
<tunable > net.link.tap.user_open</tunable>
2009-12-06 06:48:32 +01:00
<value > default</value>
2007-05-27 00:00:36 +02:00
</item>
<item >
2011-01-10 22:09:41 +01:00
<descr > <![CDATA[Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())]]> </descr>
2007-05-27 00:00:36 +02:00
<tunable > kern.randompid</tunable>
2009-12-06 06:48:32 +01:00
<value > default</value>
2007-05-27 00:00:36 +02:00
</item>
2007-08-22 20:01:11 +02:00
<item >
2011-01-10 22:09:41 +01:00
<descr > <![CDATA[Maximum size of the IP input queue]]> </descr>
2007-08-22 20:01:11 +02:00
<tunable > net.inet.ip.intr_queue_maxlen</tunable>
2009-12-06 06:48:32 +01:00
<value > default</value>
2007-08-22 20:01:11 +02:00
</item>
2008-02-02 20:36:31 +01:00
<item >
2011-01-10 22:09:41 +01:00
<descr > <![CDATA[Disable CTRL+ALT+Delete reboot from keyboard.]]> </descr>
2008-02-02 20:36:31 +01:00
<tunable > hw.syscons.kbd_reboot</tunable>
2009-12-06 06:48:32 +01:00
<value > default</value>
2008-07-19 04:16:29 +02:00
</item>
2008-08-11 20:00:28 +02:00
<item >
2011-01-10 22:09:41 +01:00
<descr > <![CDATA[Enable TCP extended debugging]]> </descr>
2008-08-11 20:00:28 +02:00
<tunable > net.inet.tcp.log_debug</tunable>
2009-12-06 06:48:32 +01:00
<value > default</value>
2008-09-01 21:38:34 +02:00
</item>
<item >
2011-01-10 22:09:41 +01:00
<descr > <![CDATA[Set ICMP Limits]]> </descr>
2008-09-01 21:38:34 +02:00
<tunable > net.inet.icmp.icmplim</tunable>
2009-12-06 06:48:32 +01:00
<value > default</value>
2008-11-04 05:33:11 +01:00
</item>
<item >
2011-01-10 22:09:41 +01:00
<descr > <![CDATA[TCP Offload Engine]]> </descr>
2008-11-04 05:33:11 +01:00
<tunable > net.inet.tcp.tso</tunable>
2009-12-06 06:48:32 +01:00
<value > default</value>
2008-11-04 05:33:11 +01:00
</item>
2013-05-08 09:19:01 +02:00
<item >
<descr > <![CDATA[UDP Checksums]]> </descr>
<tunable > net.inet.udp.checksum</tunable>
<value > default</value>
</item>
2011-01-04 18:27:23 +01:00
<item >
2011-01-10 22:09:41 +01:00
<descr > <![CDATA[Maximum socket buffer size]]> </descr>
2011-01-04 18:27:23 +01:00
<tunable > kern.ipc.maxsockbuf</tunable>
<value > default</value>
</item>
2014-11-10 20:29:22 +01:00
<item >
<descr > <![CDATA[Reply ICMP from source interface]]> </descr>
<tunable > net.inet.icmp.reply_from_interface</tunable>
<value > default</value>
</item>
2007-05-27 00:00:36 +02:00
</sysctl>
2004-11-07 04:06:49 +01:00
<system >
2005-01-24 23:37:27 +01:00
<optimization > normal</optimization>
2004-11-07 04:23:00 +01:00
<hostname > pfSense</hostname>
2010-04-06 09:16:39 +02:00
<domain > localdomain</domain>
2011-01-10 22:09:41 +01:00
<dnsserver />
2004-11-07 04:06:49 +01:00
<dnsallowoverride />
2008-07-25 04:28:31 +02:00
<group >
<name > all</name>
2011-01-10 22:09:41 +01:00
<description > <![CDATA[All Users]]> </description>
2008-07-25 04:28:31 +02:00
<scope > system</scope>
<gid > 1998</gid>
2008-08-01 08:30:34 +02:00
<member > 0</member>
2008-07-25 04:28:31 +02:00
</group>
2008-02-20 02:11:21 +01:00
<group >
<name > admins</name>
2011-01-10 22:09:41 +01:00
<description > <![CDATA[System Administrators]]> </description>
2008-02-20 02:11:21 +01:00
<scope > system</scope>
2008-07-25 04:28:31 +02:00
<gid > 1999</gid>
2008-08-01 08:30:34 +02:00
<member > 0</member>
<priv > page-all</priv>
2008-02-20 02:11:21 +01:00
</group>
<user >
<name > admin</name>
2011-01-10 22:09:41 +01:00
<descr > <![CDATA[System Administrator]]> </descr>
2008-02-20 02:11:21 +01:00
<scope > system</scope>
<groupname > admins</groupname>
<password > $1$dSJImFph$GvZ7.1UbuWu.Yb8etC0re.</password>
<uid > 0</uid>
2008-08-01 08:30:34 +02:00
<priv > user-shell-access</priv>
2008-02-20 02:11:21 +01:00
</user>
2008-07-25 04:28:31 +02:00
<nextuid > 2000</nextuid>
<nextgid > 2000</nextgid>
2004-11-07 04:06:49 +01:00
<timezone > Etc/UTC</timezone>
<time-update-interval > 300</time-update-interval>
2008-02-18 19:07:44 +01:00
<timeservers > 0.pfsense.pool.ntp.org</timeservers>
2004-11-07 04:06:49 +01:00
<webgui >
2009-12-03 23:38:15 +01:00
<protocol > https</protocol>
2004-11-07 04:06:49 +01:00
</webgui>
2009-12-03 23:38:40 +01:00
<disablenatreflection > yes</disablenatreflection>
2004-11-07 04:06:49 +01:00
<!-- <disableconsolemenu/> -->
<!-- <disablefirmwarecheck/> -->
<!-- <shellcmd></shellcmd> -->
<!-- <earlyshellcmd></earlyshellcmd> -->
<!-- <harddiskstandby></harddiskstandby> -->
2010-08-04 17:04:09 +02:00
<disablesegmentationoffloading />
<disablelargereceiveoffloading />
2011-05-06 15:08:04 +02:00
<ipv6allow />
2013-02-09 21:41:11 +01:00
<powerd_ac_mode > hadp</powerd_ac_mode>
<powerd_battery_mode > hadp</powerd_battery_mode>
2014-10-06 00:35:08 +02:00
<powerd_normal_mode > hadp</powerd_normal_mode>
2013-01-06 23:59:54 +01:00
<bogons >
<interval > monthly</interval>
</bogons>
2013-09-03 18:00:01 +02:00
<kill_states />
2004-11-07 04:06:49 +01:00
</system>
<interfaces >
<wan >
2010-03-27 03:00:51 +01:00
<enable />
2009-05-14 03:59:20 +02:00
<if > vr1</if>
2004-11-07 04:06:49 +01:00
<mtu > </mtu>
<ipaddr > dhcp</ipaddr>
2011-08-18 12:50:11 +02:00
<ipaddrv6 > dhcp6</ipaddrv6>
2004-11-07 04:06:49 +01:00
<!-- *or* ipv4 - address *or* 'pppoe' *or* 'pptp' *or* 'bigpond' -->
<subnet > </subnet>
<gateway > </gateway>
<blockpriv />
2008-11-30 01:01:50 +01:00
<blockbogons />
2004-11-07 04:06:49 +01:00
<dhcphostname > </dhcphostname>
<media > </media>
<mediaopt > </mediaopt>
2011-05-06 15:08:04 +02:00
<dhcp6-duid > </dhcp6-duid>
<dhcp6-ia-pd-len > 0</dhcp6-ia-pd-len>
2004-11-07 04:06:49 +01:00
<!--
<wireless >
*see below (opt[n])*
</wireless>
-->
</wan>
2008-08-30 04:35:32 +02:00
<lan >
2010-03-27 03:00:51 +01:00
<enable />
2009-05-14 03:59:20 +02:00
<if > vr0</if>
2008-08-30 04:35:32 +02:00
<ipaddr > 192.168.1.1</ipaddr>
<subnet > 24</subnet>
2012-04-03 06:11:48 +02:00
<ipaddrv6 > track6</ipaddrv6>
2011-05-06 15:08:04 +02:00
<subnetv6 > 64</subnetv6>
2008-08-30 04:35:32 +02:00
<media > </media>
<mediaopt > </mediaopt>
2012-04-02 17:14:52 +02:00
<track6-interface > wan</track6-interface>
<track6-prefix-id > 0</track6-prefix-id>
2008-08-30 04:35:32 +02:00
<!--
<wireless >
*see below (opt[n])*
</wireless>
-->
</lan>
2004-11-07 04:06:49 +01:00
<!--
<opt [ n ] >
<enable />
<descr > </descr>
<if > </if>
<ipaddr > </ipaddr>
<subnet > </subnet>
<media > </media>
<mediaopt > </mediaopt>
<bridge > lan|wan|opt[n]</bridge>
<wireless >
<mode > hostap *or* bss *or* ibss</mode>
<ssid > </ssid>
<channel > </channel>
<wep >
<enable />
<key >
<txkey />
<value > </value>
</key>
</wep>
</wireless>
< /opt[n]>
-->
</interfaces>
<!--
<vlans >
<vlan >
<tag > </tag>
<if > </if>
<descr > </descr>
</vlan>
</vlans>
-->
<staticroutes >
<!--
<route >
<interface > lan|opt[n]|pptp</interface>
<network > xxx.xxx.xxx.xxx/xx</network>
<gateway > xxx.xxx.xxx.xxx</gateway>
<descr > </descr>
</route>
-->
</staticroutes>
<dhcpd >
<lan >
<enable />
<range >
<from > 192.168.1.100</from>
<to > 192.168.1.199</to>
</range>
<!--
<winsserver > xxx.xxx.xxx.xxx</winsserver>
<defaultleasetime > </defaultleasetime>
<maxleasetime > </maxleasetime>
<gateway > xxx.xxx.xxx.xxx</gateway>
<domain > </domain>
<dnsserver > </dnsserver>
2007-05-08 16:47:07 +02:00
<ntpserver > xxx.xxx.xxx.xxx</ntpserver>
2004-11-07 04:06:49 +01:00
<next-server > </next-server>
<filename > </filename>
2014-03-03 06:47:39 +01:00
<filename32 > </filename32>
<filename64 > </filename64>
2004-11-07 04:06:49 +01:00
-->
</lan>
<!--
<opt [ n ] >
...
< /opt[n]>
-->
<!--
<staticmap >
<mac > xx:xx:xx:xx:xx:xx</mac>
<ipaddr > xxx.xxx.xxx.xxx</ipaddr>
<descr > </descr>
</staticmap>
-->
</dhcpd>
<pptpd >
<mode > <!-- off *or* server *or* redir --> </mode>
2011-01-10 22:09:41 +01:00
<redir />
<localip />
<remoteip />
2004-11-07 04:06:49 +01:00
<!-- <accounting/> -->
<!--
<user >
<name > </name>
<password > </password>
</user>
-->
</pptpd>
<dnsmasq >
<enable />
<!--
<hosts >
<host > </host>
<domain > </domain>
<ip > </ip>
<descr > </descr>
</hosts>
-->
</dnsmasq>
<snmpd >
<!-- <enable/> -->
2011-01-10 22:09:41 +01:00
<syslocation />
<syscontact />
2004-11-07 04:06:49 +01:00
<rocommunity > public</rocommunity>
</snmpd>
<diag >
<ipv6nat >
<!-- <enable/> -->
2011-01-10 22:09:41 +01:00
<ipaddr />
2004-11-07 04:06:49 +01:00
</ipv6nat>
</diag>
<bridge >
<!-- <filteringbridge/> -->
</bridge>
<syslog >
<!--
<reverse />
<enable />
<remoteserver > xxx.xxx.xxx.xxx</remoteserver>
<filter />
<dhcp />
<system />
<nologdefaultblock />
-->
</syslog>
<!--
<captiveportal >
<enable />
<interface > lan|opt[n]</interface>
<idletimeout > minutes</idletimeout>
<timeout > minutes</timeout>
<page >
<htmltext > </htmltext>
<errtext > </errtext>
</page>
<httpslogin />
<httpsname > </httpsname>
<redirurl > </redirurl>
<radiusip > </radiusip>
<radiusport > </radiusport>
<radiuskey > </radiuskey>
<nomacfilter />
</captiveportal>
-->
<nat >
2013-11-13 10:45:09 +01:00
<outbound >
<mode > automatic</mode>
<!--
<rule >
<interface > </interface>
<source >
<network > xxx.xxx.xxx.xxx/xx</network>
</source>
<destination >
<not />
<any />
*or*
<network > xxx.xxx.xxx.xxx/xx</network>
</destination>
<target > xxx.xxx.xxx.xxx</target>
<descr > </descr>
</rule>
-->
</outbound>
2004-11-07 04:06:49 +01:00
<!--
<rule >
<interface > </interface>
<external-address > </external-address>
<protocol > </protocol>
<external-port > </external-port>
<target > </target>
<local-port > </local-port>
<descr > </descr>
</rule>
-->
<!--
<onetoone >
<interface > </interface>
<external > xxx.xxx.xxx.xxx</external>
<internal > xxx.xxx.xxx.xxx</internal>
<subnet > </subnet>
<descr > </descr>
</onetoone>
-->
<!--
<servernat >
<ipaddr > </ipaddr>
<descr > </descr>
</servernat>
-->
</nat>
<filter >
<!-- <tcpidletimeout></tcpidletimeout> -->
<rule >
<type > pass</type>
2011-05-06 15:08:04 +02:00
<ipprotocol > inet</ipprotocol>
2011-01-10 22:09:41 +01:00
<descr > <![CDATA[Default allow LAN to any rule]]> </descr>
2004-11-07 04:06:49 +01:00
<interface > lan</interface>
2014-04-14 22:46:05 +02:00
<tracker > 0100000101</tracker>
2004-11-07 04:06:49 +01:00
<source >
<network > lan</network>
</source>
<destination >
<any />
</destination>
</rule>
2011-05-06 15:08:04 +02:00
<rule >
<type > pass</type>
<ipprotocol > inet6</ipprotocol>
<descr > <![CDATA[Default allow LAN IPv6 to any rule]]> </descr>
<interface > lan</interface>
2014-04-14 22:46:05 +02:00
<tracker > 0100000102</tracker>
2011-05-06 15:08:04 +02:00
<source >
<network > lan</network>
</source>
<destination >
<any />
</destination>
</rule>
2004-11-07 04:06:49 +01:00
<!-- rule syntax:
<rule >
<disabled />
2009-08-14 22:53:54 +02:00
<id > [0-9]*</id>
2004-11-07 04:06:49 +01:00
<type > pass|block|reject</type>
2011-05-06 15:08:04 +02:00
<ipprotocol > inet|inet6</ipprotocol>
2004-11-07 04:06:49 +01:00
<descr > ...</descr>
<interface > lan|opt[n]|wan|pptp</interface>
<protocol > tcp|udp|tcp/udp|...</protocol>
<icmptype > </icmptype>
<source >
<not />
2004-11-07 04:23:00 +01:00
2004-11-07 04:06:49 +01:00
<address > xxx.xxx.xxx.xxx(/xx) or alias</address>
*or*
<network > lan|opt[n]|pptp</network>
*or*
<any />
2004-11-07 04:23:00 +01:00
2004-11-07 04:06:49 +01:00
<port > a[-b]</port>
</source>
<destination >
*same as for source*
</destination>
<frags />
<log />
</rule>
-->
</filter>
<shaper >
<!-- <enable/> -->
2005-09-28 05:04:57 +02:00
<!-- <schedulertype>hfsc</schedulertype> -->
2004-11-07 04:06:49 +01:00
<!-- rule syntax:
<rule >
<disabled />
<descr > </descr>
2004-11-07 04:23:00 +01:00
2004-11-07 04:06:49 +01:00
<targetpipe > number (zero based)</targetpipe>
*or*
<targetqueue > number (zero based)</targetqueue>
2004-11-07 04:23:00 +01:00
2004-11-07 04:06:49 +01:00
<interface > lan|wan|opt[n]|pptp</interface>
<protocol > tcp|udp</protocol>
<direction > in|out</direction>
<source >
<not />
2004-11-07 04:23:00 +01:00
2004-11-07 04:06:49 +01:00
<address > xxx.xxx.xxx.xxx(/xx)</address>
*or*
<network > lan|opt[n]|pptp</network>
*or*
<any />
2004-11-07 04:23:00 +01:00
2004-11-07 04:06:49 +01:00
<port > a[-b]</port>
</source>
<destination >
*same as for source*
</destination>
2004-11-07 04:23:00 +01:00
2004-11-07 04:06:49 +01:00
<iplen > from[-to]</iplen>
<iptos > (!)lowdelay,throughput,reliability,mincost,congestion</iptos>
<tcpflags > (!)fin,syn,rst,psh,ack,urg</tcpflags>
</rule>
<pipe >
<descr > </descr>
<bandwidth > </bandwidth>
<delay > </delay>
<mask > source|destination</mask>
</pipe>
<queue >
<descr > </descr>
<targetpipe > number (zero based)</targetpipe>
<weight > </weight>
<mask > source|destination</mask>
</queue>
-->
</shaper>
<ipsec >
<!-- <enable/> -->
<!-- syntax:
<tunnel >
<disabled />
<auto />
<descr > </descr>
<interface > lan|wan|opt[n]</interface>
<local-subnet >
<address > xxx.xxx.xxx.xxx(/xx)</address>
*or*
<network > lan|opt[n]</network>
</local-subnet>
<remote-subnet > xxx.xxx.xxx.xxx/xx</remote-subnet>
<remote-gateway > </remote-gateway>
<p1 >
<mode > </mode>
<myident >
<myaddress />
*or*
<address > xxx.xxx.xxx.xxx</address>
*or*
<fqdn > the.fq.dn</fqdn>
</myident>
<encryption-algorithm > </encryption-algorithm>
<hash-algorithm > </hash-algorithm>
<dhgroup > </dhgroup>
<lifetime > </lifetime>
<pre-shared-key > </pre-shared-key>
</p1>
<p2 >
<protocol > </protocol>
<encryption-algorithm-option > </encryption-algorithm-option>
<hash-algorithm-option > </hash-algorithm-option>
<pfsgroup > </pfsgroup>
<lifetime > </lifetime>
</p2>
</tunnel>
<mobileclients >
<enable />
<p1 >
<mode > </mode>
<myident >
<myaddress />
*or*
<address > xxx.xxx.xxx.xxx</address>
*or*
<fqdn > the.fq.dn</fqdn>
</myident>
<encryption-algorithm > </encryption-algorithm>
<hash-algorithm > </hash-algorithm>
<dhgroup > </dhgroup>
<lifetime > </lifetime>
</p1>
<p2 >
<protocol > </protocol>
<encryption-algorithm-option > </encryption-algorithm-option>
<hash-algorithm-option > </hash-algorithm-option>
<pfsgroup > </pfsgroup>
<lifetime > </lifetime>
</p2>
</mobileclients>
<mobilekey >
<ident > </ident>
<pre-shared-key > </pre-shared-key>
</mobilekey>
-->
</ipsec>
<aliases >
<!--
<alias >
<name > </name>
<address > xxx.xxx.xxx.xxx(/xx)</address>
<descr > </descr>
</alias>
-->
</aliases>
<proxyarp >
<!--
<proxyarpnet >
<network > xxx.xxx.xxx.xxx/xx</network>
*or*
<range >
<from > xxx.xxx.xxx.xxx</from>
<to > xxx.xxx.xxx.xxx</to>
</range>
</proxyarpnet>
-->
</proxyarp>
2007-01-29 05:09:12 +01:00
<cron >
<item >
<minute > 1,31</minute>
<hour > 0-5</hour>
<mday > *</mday>
<month > *</month>
<wday > *</wday>
<who > root</who>
<command > /usr/bin/nice -n20 adjkerntz -a</command>
</item>
<item >
<minute > 1</minute>
2007-11-28 20:51:27 +01:00
<hour > 3</hour>
2007-01-29 05:09:12 +01:00
<mday > 1</mday>
<month > *</month>
<wday > *</wday>
<who > root</who>
<command > /usr/bin/nice -n20 /etc/rc.update_bogons.sh</command>
</item>
<item >
<minute > */60</minute>
<hour > *</hour>
<mday > *</mday>
<month > *</month>
<wday > *</wday>
<who > root</who>
<command > /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout</command>
</item>
<item >
<minute > 1</minute>
<hour > 1</hour>
<mday > *</mday>
<month > *</month>
<wday > *</wday>
<who > root</who>
<command > /usr/bin/nice -n20 /etc/rc.dyndns.update</command>
</item>
<item >
<minute > */60</minute>
<hour > *</hour>
<mday > *</mday>
<month > *</month>
<wday > *</wday>
<who > root</who>
<command > /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot</command>
</item>
<item >
2011-01-10 22:09:41 +01:00
<minute > 30</minute>
<hour > 12</hour>
2007-01-29 05:09:12 +01:00
<mday > *</mday>
<month > *</month>
<wday > *</wday>
<who > root</who>
2011-01-10 22:09:41 +01:00
<command > /usr/bin/nice -n20 /etc/rc.update_urltables</command>
2007-01-29 05:09:12 +01:00
</item>
</cron>
2004-11-07 04:06:49 +01:00
<wol >
<!--
<wolentry >
<interface > lan|opt[n]</interface>
<mac > xx:xx:xx:xx:xx:xx</mac>
<descr > </descr>
</wolentry>
-->
</wol>
2008-12-23 11:26:43 +01:00
<rrd >
<enable />
</rrd>
2009-11-02 22:27:52 +01:00
<load_balancer >
<monitor_type >
<name > ICMP</name>
<type > icmp</type>
2011-01-10 22:09:41 +01:00
<descr > <![CDATA[ICMP]]> </descr>
<options />
2009-11-02 22:27:52 +01:00
</monitor_type>
<monitor_type >
<name > TCP</name>
<type > tcp</type>
2011-01-10 22:09:41 +01:00
<descr > <![CDATA[Generic TCP]]> </descr>
<options />
2009-11-02 22:27:52 +01:00
</monitor_type>
<monitor_type >
<name > HTTP</name>
<type > http</type>
2011-01-10 22:09:41 +01:00
<descr > <![CDATA[Generic HTTP]]> </descr>
2009-11-02 22:27:52 +01:00
<options >
<path > /</path>
<host />
<code > 200</code>
</options>
</monitor_type>
<monitor_type >
<name > HTTPS</name>
<type > https</type>
2011-01-10 22:09:41 +01:00
<descr > <![CDATA[Generic HTTPS]]> </descr>
2009-11-02 22:27:52 +01:00
<options >
<path > /</path>
<host />
<code > 200</code>
</options>
</monitor_type>
<monitor_type >
<name > SMTP</name>
<type > send</type>
2011-01-10 22:09:41 +01:00
<descr > <![CDATA[Generic SMTP]]> </descr>
2009-11-02 22:27:52 +01:00
<options >
2011-11-01 20:14:29 +01:00
<send > </send>
<expect > 220 *</expect>
2009-11-02 22:27:52 +01:00
</options>
</monitor_type>
</load_balancer>
2009-11-21 23:05:21 +01:00
<widgets >
<sequence > system_information-container:col1:show,captive_portal_status-container:col1:close,carp_status-container:col1:close,cpu_graphs-container:col1:close,gateways-container:col1:close,gmirror_status-container:col1:close,installed_packages-container:col1:close,interface_statistics-container:col1:close,interfaces-container:col2:show,ipsec-container:col2:close,load_balancer_status-container:col2:close,log-container:col2:close,picture-container:col2:close,rss-container:col2:close,services_status-container:col2:close,traffic_graphs-container:col2:close</sequence>
</widgets>
2010-01-27 00:59:43 +01:00
</pfsense>