From d93d45e9a669d3f07bec99c1c719c1202ebb92b1 Mon Sep 17 00:00:00 2001 From: kleper Date: Fri, 5 Apr 2019 08:01:46 -0500 Subject: [PATCH] Mejoras portal cautivo --- ...onfig-fw.nuestrared.org-20190404235132.xml | 1114 ----------------- portalcautivo2/css/captiveportal-all.css | 5 + .../css/captiveportal-bootstrap.min.css | 7 + portalcautivo2/css/signin.css | 81 +- portalcautivo2/index.html | 84 +- .../js/captiveportal-bootstrap.min.js | 7 + portalcautivo2/js/captiveportal-jquery.min.js | 5 + 7 files changed, 137 insertions(+), 1166 deletions(-) delete mode 100644 opnsensebk/config-fw.nuestrared.org-20190404235132.xml create mode 100644 portalcautivo2/css/captiveportal-all.css create mode 100644 portalcautivo2/css/captiveportal-bootstrap.min.css create mode 100644 portalcautivo2/js/captiveportal-bootstrap.min.js create mode 100644 portalcautivo2/js/captiveportal-jquery.min.js diff --git a/opnsensebk/config-fw.nuestrared.org-20190404235132.xml b/opnsensebk/config-fw.nuestrared.org-20190404235132.xml deleted file mode 100644 index 638e8e1..0000000 --- a/opnsensebk/config-fw.nuestrared.org-20190404235132.xml +++ /dev/null @@ -1,1114 +0,0 @@ - - - opnsense - - - Disable the pf ftp proxy handler. - debug.pfftpproxy - default - - - Increase UFS read-ahead speeds to match the state of hard drives and NCQ. - vfs.read_max - default - - - Set the ephemeral port range to be lower. - net.inet.ip.portrange.first - default - - - Drop packets to closed TCP ports without returning a RST - net.inet.tcp.blackhole - default - - - Do not send ICMP port unreachable messages for closed UDP ports - net.inet.udp.blackhole - default - - - Randomize the ID field in IP packets (default is 0: sequential IP IDs) - net.inet.ip.random_id - default - - - - Source routing is another way for an attacker to try to reach non-routable addresses behind your box. - It can also be used to probe for information about your internal networks. These functions come enabled - as part of the standard FreeBSD core system. - - net.inet.ip.sourceroute - default - - - - Source routing is another way for an attacker to try to reach non-routable addresses behind your box. - It can also be used to probe for information about your internal networks. These functions come enabled - as part of the standard FreeBSD core system. - - net.inet.ip.accept_sourceroute - default - - - - Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects - to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect - packets without returning a response. - - net.inet.icmp.drop_redirect - default - - - - This option turns off the logging of redirect packets because there is no limit and this could fill - up your logs consuming your whole hard drive. - - net.inet.icmp.log_redirect - default - - - Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway) - net.inet.tcp.drop_synfin - default - - - Enable sending IPv4 redirects - net.inet.ip.redirect - default - - - Enable sending IPv6 redirects - net.inet6.ip6.redirect - default - - - Enable privacy settings for IPv6 (RFC 4941) - net.inet6.ip6.use_tempaddr - default - - - Prefer privacy addresses and use them over the normal addresses - net.inet6.ip6.prefer_tempaddr - default - - - Generate SYN cookies for outbound SYN-ACK packets - net.inet.tcp.syncookies - default - - - Maximum incoming/outgoing TCP datagram size (receive) - net.inet.tcp.recvspace - default - - - Maximum incoming/outgoing TCP datagram size (send) - net.inet.tcp.sendspace - default - - - Do not delay ACK to try and piggyback it onto a data packet - net.inet.tcp.delayed_ack - default - - - Maximum outgoing UDP datagram size - net.inet.udp.maxdgram - default - - - Handling of non-IP packets which are not passed to pfil (see if_bridge(4)) - net.link.bridge.pfil_onlyip - default - - - Set to 1 to additionally filter on the physical interface for locally destined packets - net.link.bridge.pfil_local_phys - default - - - Set to 0 to disable filtering on the incoming and outgoing member interfaces. - net.link.bridge.pfil_member - default - - - Set to 1 to enable filtering on the bridge interface - net.link.bridge.pfil_bridge - default - - - Allow unprivileged access to tap(4) device nodes - net.link.tap.user_open - default - - - Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid()) - kern.randompid - default - - - Maximum size of the IP input queue - net.inet.ip.intr_queue_maxlen - default - - - Disable CTRL+ALT+Delete reboot from keyboard. - hw.syscons.kbd_reboot - default - - - Enable TCP extended debugging - net.inet.tcp.log_debug - default - - - Set ICMP Limits - net.inet.icmp.icmplim - default - - - TCP Offload Engine - net.inet.tcp.tso - default - - - UDP Checksums - net.inet.udp.checksum - default - - - Maximum socket buffer size - kern.ipc.maxsockbuf - default - - - Page Table Isolation (Meltdown mitigation, requires reboot.) - vm.pmap.pti - default - - - Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation) - hw.ibrs_disable - default - - - Hide processes running as other groups - security.bsd.see_other_gids - default - - - Hide processes running as other users - security.bsd.see_other_uids - default - - - - normal - fw - nuestrared.org - on - - admins - System Administrators - system - 1999 - 0 - page-all - - - root - System Administrator - system - admins - $2y$10$eE36wle/4Ma00KlIY62XzO8dvMPlJCsY5H2H8J/Ej2crzlPEjtvWq - 0 - - 2000 - 2000 - America/Bogota - 0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org - - https - 5c7caf43d381f - 8443 - - - 5 - 1 - - yes - 1 - 1 - 2 - 1 - 1 - 1 - - hadp - hadp - hadp - - monthly - - - 60 - aesni - 1 - 1 - - admins - 1 - - enabled - 2222 - - - - 0 - - - - - OPNsense-Backup - - - 192.168.100.1 - 8.8.8.8 - en_US - - os-arp-scan,os-pppoe,os-acme-client,os-freeradius,os-iperf - - - 5c7ca8d772787 - radius - RadiusAuthNosRed - 10.132.1.1 - nw2gqat60 - 5 - 1812 - 1813 - - - 5c7ca90c59ead - voucher - VaucherAuthNosred - 1 - - - - 115200 - video - - - - vtnet0 - - 1 - 1 - - 1 - 192.168.100.254 - 24 - GW_WAN - - - vtnet1 - - 1 - 1 - - 10.132.1.1 - 16 - - - - - 1 - nuestrared.org - hmac-md5 - - - - - 10.132.60.10 - 10.132.80.245 - - - - - - - - on - - nuestrared.org - 10.132.1.2 - Domain nuestrared - - - fw - nuestrared.org - A - 10.132.1.1 - - - Firewall NuestraRED.org - - - - - - public - - - - - - - automatic - - - - - - pass - inet - Default allow LAN to any rule - lan - - lan - - - - - - - pass - inet6 - Default allow LAN IPv6 to any rule - lan - - lan - - - - - - - - - - - - ICMP - icmp - ICMP - - - - TCP - tcp - Generic TCP - - - - HTTP - http - Generic HTTP - - / - - 200 - - - - HTTPS - https - Generic HTTPS - - / - - 200 - - - - SMTP - send - Generic SMTP - - - 220 * - - - - - 0.opnsense.pool.ntp.org - on - lan - - - system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show - 2 - - - root@10.132.1.10 - - /api/captiveportal/settings/addZone/ made changes - - - - - - - - - - - - - - 0 - 0 - 0 - wan - 192.168.0.0/16,10.0.0.0/8,172.16.0.0/12 - - - W0D23 - 4 - ac - 0 - 0 - - - - - - - - - - - - - lan - - - - - - md5 - 0 - - - - - - LDAPS - - - - dc=example,dc=domain,dc=com - (uid=%{%{Stripped-User-Name}:-%{User-Name}}) - (objectClass=posixGroup) - - - - - 1 - authnosred - nw2gqat60 - 10.132.0.0/16 - - - - - 1 - 0 - 0 - 1 - 1 - 1 - 1 - 1 - files - 1 - 1 - 1 - - - - - 1 - kleper - ferkaton76 - Usuario Kleper - - - - - - - - - - - - - - - - - - - - - - - lan - wan - v9 - - - - 0 - - - - - - AcmeClient - 1 - 0 - 0 - * - * - * - root - acmeclient cron-auto-renew - - AcmeClient Cronjob for Certificate AutoRenewal - - - - - - 1 - 1 - 99c58055-2319-49fe-b941-ad1030604bcf - prod - 43580 - 600 - 0 - - - - - normal - - - - 5c7cab505cb087.20055669 - 1 - NuestraRED.org - Acme NuestraRED Firewall - correo@nuestrared.org - letsencrypt - LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS1FJQkFBS0NBZ0VBNEkyMmNxT2wxNzkzVjA2ZUtOOGpMTHlKcm1BdzdNV01EcGgrWmF1cWJ1cHFXODl6CnRiRm5vN3VJTm1QWEl2eHR1MGxNb1hmeDFHWStxUDVlOVVXU1BJQXhaelpsU2FhTkJFRkRSRzZUeXh2UGFZVzIKeFVpenNvOEJVNVR5cDdJT3VqeVFreXVEaVg4K2haQStsRmxlamlaT3B0ZmZ0OGwrT2VjY0hrZXozMmh6TytPKwo4N280VytPMUdLaXdlSTVqVldBeXpIc2lzdFQ0enlaOE9qNGNKOGRVcnVSb0g1Qk1TaWk5Rk1vd3hHaDhvNkJHCmhTeGhNaCtCTTcrdGFRN1Uxekptc0FQSTRWVFluMTVYcUxWMG9TNnhaTy9Id2dQSWJvTjhIRHMzNEVGU3F4V2gKUWI4R3FadG90YlJIeEliQmsxWHJqZGl0aHFDREp1eWdNWEFDUksxZnBvdkQxRWdaRkxXQTVKTWJURTIyUkhPSwpzT25OUllldUQyNXhTNXpOZnB5c1pEOFpUb2JWcUcwTDBlS09TdGhzditJdDdBZGgrd1VsRGFFaW00M1UxVXhPCjNqMkp5UEphMzBjczd2MkEyUE5MTDByVDNCb1JEWG5MeU00NHRESkRDc284UjJ4d01zR3dYd21HenlXZUVnT20KTTdqek8waVhNaTFHR0tncDNvNG5yczVpTzVFeVRoWkRGaGhPSmN0OXBGSm92MVlZUGRHa3BFT3FZL1cwZ05xNgpNTGJlQXc0Z0VSWGpGY3dWZUNBeVBKQXl3dGVrVlovS3RKQU54TDh0K1RlNXJPVlJNbCtoTWVrYlMyWE4rUjJCCmZ1S3hMK0RBZDh5WlJqMVBvd0xPYmpvSHBBZmkxQlMxRjA3SWtEb1hlbHJ3TlNjMzZxMXQ4UTRERFpVQ0F3RUEKQVFLQ0FnQkx4d2Jld09MaVg3YUNQQUdiZ1ZGNWMxWnpCZnI4cTkyTHYySklKUm9xdStpUWV2MXRQeVRlV0JhcgpaQjNockpYTE1mMHVNQy9ub1dsYjFodHRZY0Ryc2NiNk1aMFVzYU84MzlrM2FxbHRUVUU5TnVacXhSSC9HOHN5CnpYemxvbXpkNURwVnI4Vi96UFRvVmJrSWp2QWR3RWVpZmc3OUVuNEtSRGQwOEhWKzJ0eW9SVDdYT094ejllL1QKRm5vVzlOWUlwYUgrNXo3YVlveGtPM1NJb3hVVlIyc0lhZ1BKUXdTN3NldTg3RTV3dVdIMlJjd0dmT2QvNXFuUApNTXZ3UEJVUFdlN1ZUekdtK043eFNRRUQ2ZGdsM0gvNHRBSVJNdjJjYmJxZ1BFdXEzZUJyNDZ5N1p4OTBkUUZzCjhCMlg4SEc2cXJBRytpdjAxbzNyd01aK2FISWE0UjRCRXpPa1ZWRTliNWs3amV1WHB3a1F2NzM1alJ5cDBocWgKTEVNSldrblFVN1lyUkF2TnJhM0tUaXladSs2QkRSeHJjMkR0eVpxbVl5dml4amlzRVNFQXpUM1Mrb2hYV2RJcgpLekw5a2JEN1k1NDBJSXFnbTJQM1pzZ2JNWGNoSTFQMjkyWnQzNkl2ZlVueXF6aW1XaXhibnFuaHRYMzFBUllPCnhOUkJYRVUyOEZUdVUzQ1BQMmluZE5LeVhRaVhCSWtpTEE3anRrWWNBZW84NDRRaFR2aUplWUdwOGtlN1RzN3MKeW0vSm9nN1FpWjhrQlUydGhPUUdFeGpySS82TktlTEMrajFSeXFFZHQ1QjZNaFdGYkt4UXc5WnlWdHZwOFc0VgpCUjQyNnJKMWNzMzFaazBsbDBXaEFUSWpEWmJzdkJucUtVQUY4dVc2UEd5VzdCbkhNUUtDQVFFQTlCYzVzdXhLCjJUejJXOXRBWDgxOEFUQTdjZnRWWHh1NDFEQmFJenNSWUxidVMxWXJJQ2tRZWdwZmFrNVJITkpmek5sUVlGaXQKWUl1NWY1VWpxM0ZNZFRYQXp5VUxSRUEydDk0R3ZmMVpCYW13emRUV2NaZjV2MktNQmdJYk05QlRSQkFGNnJoRQpLNWpTMG9GcmN5Sy9GMUlIOHIzbkgwVFVtSHNYSnNHaG1OMVpyUzZTdW52dzBKZGtHNmN0UUd3V0UzcjNWODYyCi9KaUdQeWxIR09BZ2dGSzBBKzlJTHZKVUZMMG1EeEhHUkw0M3lFd3B6bXUvVmhqQ3pnTE9scUJjb295V3FDTDMKeExQaDNqWEV1QVBOUVYvakJkbnpVaEJ6VXQ2eGl1YWIwNTV2bjd6Umk1NlBtY1duRTM5RWs5aHVOTlNUWmlWcgp3V3VoNVZSeExIYVRud0tDQVFFQTY0SjJMNW94WnpPd1ZCczEwKzdndEpuREZPM0FRZm1QZmxUNHJOQUZreVR1CjVNY1NQNWQyZVdCMzNqaWVpYm1MbjJZbGVVTktHdWpHelZsbERQRTVmN2pZOXpyRWtlZUhqZHZZUGdPTFczT00KMkVKeVBIalppSnNla1RIaEtpVjlTT1FNZVZBQVo2LzdnMGpoZUZsbEs5b3A0dW12RnlsbEZCWFBiYVJMaDhxYgpVU21tSk52WDFUWFo4UXZJYjN4V09RRVI4c08wMnRmOHZ2OXQzSk5MVnhSaEVud245dUt1d25KNjNudURkUmZKCjJtMEZ5WlVwS21ObFhKcVcrVVRWVk9NclQ5UU9jWGdoYU1NTjkzTXN6OUUvUUtQb2tiYUpBVnR0Q3hJN0w4RFoKVVBqS3kxMlpLOUhMUnJmdFQzTWpnM0swaXpNb3ZwdVA2LzhwWWRkeVN3S0NBUUJyNU94TFM2bVdOeDFLNHpLawpabWMrK3p2N21UWldjU0dWSWI1bVBsRGpLRmxURWNiRVU0S0YvNW5IbXRDOTVid1ZCNlpBd0ZIN0VDZ3gzaEhEClViU1RSdXh3WkJhRDE4S1lLZHRmRmVMSTN3WlpKWkNZNjYyb3pIM0tsaG5DSUg3OTRmdExrcUlIaDJrQlJkWGkKTWVTNEFUbWtNZzg4d2ljYk02VzdLdklzYVFPZnlxdHZKU1FBZ0RydkFrbTlaVW1vMkwwR29rZytoWWtwMkN3bQpNY1FNRlFLZmpxQ2dwOXRFdzR0VU0rNHBLcy9yaU1jZUNJQ3VKUW5QR0d5TEpsMXNPS3JMclpGSjhKMlJwTURNCitsazdZWkF2WVBUdVBIbE5rMFIxZXBROHlaYmJ6Qkh3SG1tcGRqWHhKMXQvNHJac1FkN1owd2E3bThFWFp1a1QKMTJKUEFvSUJBUUM1Z2xka0libytoNm1pWnBpYzZ6SlhNRE5KZmdtT0xtMUlYdGhQRDhFRWFmZy9mMHV4aWJaSgozNklzQ2o5ZlR5ZGJGTlA1MC9aQWdoRnUyYmJPWGdrandWQXVWajFXaktEckxqd0VoVGcxZml4NGdNYUpPY3hvClhYL1RjUTNpN0FybTZyT2tyMDdTWGYzcEtQUnBuMGtoSk1VUHQzRXk5bWxuUzlMTGs3bm5LY0gwU2JGVW9WTSsKNEI5ZlR4L0FLWm1sWjJGaTc2TzdLcDB0T2ZpbzRlRmJvM0xmWTZyN1B3M1hudU9IOHBUWEhEams5REcxMnVmRgpPdXd4NkpkNW5DM0tvdktQL0FLd2dLY1laV1RRQVFwUVhJdk5lQThQRUZDVklCWWh2V2Vmc3ZHN1pXNGdpUWJKClRJVXBuR0d5em9ndjE1KzljanZyQUpCNm5kQlVBS2hIQW9JQkFRQ0FDcVFBVHRtcWJab2tkS0xnb0Y0TDYwZjQKS0Urc2thNlJLVm9URFI2azQycWRzYVhkdnhlR3g5dFh2TUxiUVlsL0pxSzZUL3o3YUhPeSsvblk0R1FGcFhlNwpLMW5qWnRwWnA5cjRKQW5pMmI5U09nVFdqanZvZHlYQ3RLYXExcGVjVG5ZSlpLSkMzdHc2cktkL3lWL0xvRzh4CjkxYjFQUmFGKzVnL2s5dXBwdDJ0aDd3VzM3MU03d0lKRmtWajNodzhvdXhxbXN5YjZEWmJkTytVSXhoT0tGSksKQVg4cjdUTnU4bWVuc0k0WS9pL1RVc0NuK1VxbGN2MjUyMGNyNGJmeTJzNlZ5YUUrYVpKcW5ReTBNSTRrVmhCTgpTNm5MbkpoRHNqU2x0NlNqeTZjdXlMZDdkOXN1NG0rKzhuMjNFNXVJMGlrem8wSG9hcjZLMXFUYllBYk0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K - 1551674297 - - - - - 5c7cab9aa643d0.89304687 - 1 - fw.nuestrared.org - Certificado Firewall - - e49750e6-4d42-4047-94e7-abed03a2075a - b6df93fa-c08c-4829-90f9-8c9f9f870f8a - key_4096 - 0 - - 1 - 60 - 5c7caf43d381f - 1551675203 - - - - - - - 5c7cab7c72b502.94225746 - 1 - DreamhostAPI - Dominios en Dreamhost - dns01 - opnsense - 1 - wan - - 1 - - dns_dreamhost - 120 - - - - - - - - - - - - - - - - - - - - - - - 1 - - - - - - - 9ZZB2XMH5X43TYMM - - - - - - - - - - - - - - - - - - - - - 1 - - - - - cloudflare - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 5c7caeb7f09452.55378870 - 1 - RenewFirewall - - restart_gui - - - - - - - - - 1 - 120 - 120 - 127.0.0.1 - 25 - root - nosred2018 - 0 - auto - 1 - syslog facility log_daemon - - - - 0 - root - TWbu5i5T0lm4LBLjnkSp - 2812 - - - 5 - 1 - - - 0 - root@localhost.local - 0 - - - 10 - - - - 1 - $HOST - system - - - - 300 -
- - - - 0079eb63-53b6-4ec9-9fe8-4148ccd9f856,cf5e41d6-6721-49d0-aa32-1dbd614a92eb,dbb00b9b-ffcb-4833-94ef-15e4aaf43059,543e1993-5cf2-4db3-b625-3452d6c54c8e - - - - 1 - RootFs - filesystem - - - / - 300 -
- - - - d45c8e90-5796-4e47-b159-67d4bf5b17dc - - - - 0 - carp_status_change - custom - - - /usr/local/opnsense/scripts/OPNsense/Monit/carp_status - 300 -
- - - - a0a620e0-6474-4906-809f-3c612f193d91 - - - - 0 - gateway_alert - custom - - - /usr/local/opnsense/scripts/OPNsense/Monit/gateway_alert - 300 -
- - - - 2b0582ff-d02c-482a-97b8-603902f5906f - - - - Ping - Custom - failed ping - alert - - - - NetworkLink - Custom - failed link - alert - - - - NetworkSaturation - Custom - saturation is greater than 75% - alert - - - - MemoryUsage - Custom - memory usage is greater than 75% - alert - - - - CPUUsage - Custom - cpu usage is greater than 75% - alert - - - - LoadAvg1 - Custom - loadavg (1min) is greater than 8 - alert - - - - LoadAvg5 - Custom - loadavg (5min) is greater than 6 - alert - - - - LoadAvg15 - Custom - loadavg (15min) is greater than 4 - alert - - - - SpaceUsage - Custom - space usage is greater than 75% - alert - - - - ChangedStatus - Custom - changed status - alert - - - - NonZeroStatus - Custom - status != 0 - alert - - - - - - 0 - - - - 1 - 1 - - - - - - 1 - on - strip - 1 - 1 - correo@nuestrared.org - nuestrared.org - - - 0 - /var/squid/cache - 256 - 2 - 256 - 16 - 256 - 1 - 1 - - - - 0 - 2048 - 1024 - 1024 - 256 - - - 0 - - 0 - username - password - - - - - - - lan - 3128 - 3129 - 0 - 0 - 5c7caf43d2e5f - .nuestrared.org - 16 - 8 - 0 - 3401 - public - - 2121 - 0 - 1 - 0 - - 10.132.0.0/16 - - - - - - - 80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http - 443:https - - - - 1 - shallalist - http://www.shallalist.de/Downloads/shallalist.tar.gz - - - finance/moneylending,automobile/boats,porn,ringtones,drugs,socialnet,dynamic,anonvpn,library,science/astronomy,costtraps,finance/insurance,chat,politics,searchengines,shopping,aggressive,hospitals,urlshortener,adv,weapons,updatesites,recreation/restaurants,radiotv,alcohol,isp,finance/trading,webmail,sex/lingerie,religion,tracker,music,automobile/planes,hobby/gardening,recreation/humor,hobby/games-misc,redirector,gamble,fortunetelling,jobsearch,finance/banking,hobby/cooking,webtv,government,models,automobile/bikes,downloads,hobby/pets,warez,homestyle,recreation/martialarts,spyware,recreation/wellness,news,hobby/games-online,recreation/travel,webphone,sex/education,finance/other,automobile/cars,dating,remotecontrol,forum,violence,imagehosting,podcasts,movies,webradio,military,hacking,finance/realestate,science/chemistry,education/schools,recreation/sports - 1 - Shallalist Blacklist - - - - - - - 0 - icap://[::1]:1344/avscan - icap://[::1]:1344/avscan - 1 - 0 - 0 - X-Username - 1 - 1024 - 60 - - - - - OPNsense proxy authentication - 2 - 5 - - - - - - - - 1 - 0 - lan - RadiusAuthNosRed,VaucherAuthNosred - 1 - - 15 - 30 - 1 - 5c7caf43d381f - fw.nuestrared.org - - - 0 - 0 -