opnsense Disable the pf ftp proxy handler. debug.pfftpproxy default Increase UFS read-ahead speeds to match the state of hard drives and NCQ. vfs.read_max default Set the ephemeral port range to be lower. net.inet.ip.portrange.first default Drop packets to closed TCP ports without returning a RST net.inet.tcp.blackhole default Do not send ICMP port unreachable messages for closed UDP ports net.inet.udp.blackhole default Randomize the ID field in IP packets (default is 0: sequential IP IDs) net.inet.ip.random_id default Source routing is another way for an attacker to try to reach non-routable addresses behind your box. It can also be used to probe for information about your internal networks. These functions come enabled as part of the standard FreeBSD core system. net.inet.ip.sourceroute default Source routing is another way for an attacker to try to reach non-routable addresses behind your box. It can also be used to probe for information about your internal networks. These functions come enabled as part of the standard FreeBSD core system. net.inet.ip.accept_sourceroute default Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect packets without returning a response. net.inet.icmp.drop_redirect default This option turns off the logging of redirect packets because there is no limit and this could fill up your logs consuming your whole hard drive. net.inet.icmp.log_redirect default Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway) net.inet.tcp.drop_synfin default Enable sending IPv4 redirects net.inet.ip.redirect default Enable sending IPv6 redirects net.inet6.ip6.redirect default Enable privacy settings for IPv6 (RFC 4941) net.inet6.ip6.use_tempaddr default Prefer privacy addresses and use them over the normal addresses net.inet6.ip6.prefer_tempaddr default Generate SYN cookies for outbound SYN-ACK packets net.inet.tcp.syncookies default Maximum incoming/outgoing TCP datagram size (receive) net.inet.tcp.recvspace default Maximum incoming/outgoing TCP datagram size (send) net.inet.tcp.sendspace default Do not delay ACK to try and piggyback it onto a data packet net.inet.tcp.delayed_ack default Maximum outgoing UDP datagram size net.inet.udp.maxdgram default Handling of non-IP packets which are not passed to pfil (see if_bridge(4)) net.link.bridge.pfil_onlyip default Set to 1 to additionally filter on the physical interface for locally destined packets net.link.bridge.pfil_local_phys default Set to 0 to disable filtering on the incoming and outgoing member interfaces. net.link.bridge.pfil_member default Set to 1 to enable filtering on the bridge interface net.link.bridge.pfil_bridge default Allow unprivileged access to tap(4) device nodes net.link.tap.user_open default Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid()) kern.randompid default Maximum size of the IP input queue net.inet.ip.intr_queue_maxlen default Disable CTRL+ALT+Delete reboot from keyboard. hw.syscons.kbd_reboot default Enable TCP extended debugging net.inet.tcp.log_debug default Set ICMP Limits net.inet.icmp.icmplim default TCP Offload Engine net.inet.tcp.tso default UDP Checksums net.inet.udp.checksum default Maximum socket buffer size kern.ipc.maxsockbuf default Page Table Isolation (Meltdown mitigation, requires reboot.) vm.pmap.pti default Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation) hw.ibrs_disable default Hide processes running as other groups security.bsd.see_other_gids default Hide processes running as other users security.bsd.see_other_uids default normal fw nuestrared.org on admins System Administrators system 1999 0 page-all root System Administrator system admins $2y$10$eE36wle/4Ma00KlIY62XzO8dvMPlJCsY5H2H8J/Ej2crzlPEjtvWq 0 2000 2000 America/Bogota 0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org https

5c7caf43d381f

8443

5 1

yes 1 1 2 1 1 1 hadp hadp hadp monthly 60 aesni 1 1 admins 1 enabled 2222 0 OPNsense-Backup 192.168.100.1 8.8.8.8 en_US os-arp-scan,os-pppoe,os-acme-client,os-freeradius,os-iperf 5c7ca8d772787 radius RadiusAuthNosRed 10.132.1.1 nw2gqat60 5 1812 1813 5c7ca90c59ead voucher VaucherAuthNosred 1 115200 video vtnet0 1 1 1 192.168.100.254 24 GW_WAN vtnet1 1 1 10.132.1.1 16 1 nuestrared.org hmac-md5 10.132.60.10 10.132.80.245 on nuestrared.org 10.132.1.2 Domain nuestrared fw nuestrared.org A 10.132.1.1 Firewall NuestraRED.org public automatic pass inet Default allow LAN to any rule lan lan pass inet6 Default allow LAN IPv6 to any rule lan lan ICMP icmp ICMP TCP tcp Generic TCP HTTP http Generic HTTP / 200 HTTPS https Generic HTTPS / 200 SMTP send Generic SMTP 220 * 0.opnsense.pool.ntp.org on lan system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show 2 root@10.132.1.10 1554439445.3676 /api/captiveportal/settings/addZone/ made changes 0 0 0 wan 192.168.0.0/16,10.0.0.0/8,172.16.0.0/12 W0D23 4 ac 0 0 lan md5 0 LDAPS dc=example,dc=domain,dc=com (uid=%{%{Stripped-User-Name}:-%{User-Name}}) (objectClass=posixGroup) 1 authnosred nw2gqat60 10.132.0.0/16 1 0 0 1 1 1 1 1 files 1 1 1 1 kleper ferkaton76 Usuario Kleper lan wan v9 0 AcmeClient 1 0 0 * * * root acmeclient cron-auto-renew AcmeClient Cronjob for Certificate AutoRenewal 1 1 99c58055-2319-49fe-b941-ad1030604bcf prod 43580 600 0 normal 5c7cab505cb087.20055669 1 NuestraRED.org Acme NuestraRED Firewall correo@nuestrared.org letsencrypt LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS1FJQkFBS0NBZ0VBNEkyMmNxT2wxNzkzVjA2ZUtOOGpMTHlKcm1BdzdNV01EcGgrWmF1cWJ1cHFXODl6CnRiRm5vN3VJTm1QWEl2eHR1MGxNb1hmeDFHWStxUDVlOVVXU1BJQXhaelpsU2FhTkJFRkRSRzZUeXh2UGFZVzIKeFVpenNvOEJVNVR5cDdJT3VqeVFreXVEaVg4K2haQStsRmxlamlaT3B0ZmZ0OGwrT2VjY0hrZXozMmh6TytPKwo4N280VytPMUdLaXdlSTVqVldBeXpIc2lzdFQ0enlaOE9qNGNKOGRVcnVSb0g1Qk1TaWk5Rk1vd3hHaDhvNkJHCmhTeGhNaCtCTTcrdGFRN1Uxekptc0FQSTRWVFluMTVYcUxWMG9TNnhaTy9Id2dQSWJvTjhIRHMzNEVGU3F4V2gKUWI4R3FadG90YlJIeEliQmsxWHJqZGl0aHFDREp1eWdNWEFDUksxZnBvdkQxRWdaRkxXQTVKTWJURTIyUkhPSwpzT25OUllldUQyNXhTNXpOZnB5c1pEOFpUb2JWcUcwTDBlS09TdGhzditJdDdBZGgrd1VsRGFFaW00M1UxVXhPCjNqMkp5UEphMzBjczd2MkEyUE5MTDByVDNCb1JEWG5MeU00NHRESkRDc284UjJ4d01zR3dYd21HenlXZUVnT20KTTdqek8waVhNaTFHR0tncDNvNG5yczVpTzVFeVRoWkRGaGhPSmN0OXBGSm92MVlZUGRHa3BFT3FZL1cwZ05xNgpNTGJlQXc0Z0VSWGpGY3dWZUNBeVBKQXl3dGVrVlovS3RKQU54TDh0K1RlNXJPVlJNbCtoTWVrYlMyWE4rUjJCCmZ1S3hMK0RBZDh5WlJqMVBvd0xPYmpvSHBBZmkxQlMxRjA3SWtEb1hlbHJ3TlNjMzZxMXQ4UTRERFpVQ0F3RUEKQVFLQ0FnQkx4d2Jld09MaVg3YUNQQUdiZ1ZGNWMxWnpCZnI4cTkyTHYySklKUm9xdStpUWV2MXRQeVRlV0JhcgpaQjNockpYTE1mMHVNQy9ub1dsYjFodHRZY0Ryc2NiNk1aMFVzYU84MzlrM2FxbHRUVUU5TnVacXhSSC9HOHN5CnpYemxvbXpkNURwVnI4Vi96UFRvVmJrSWp2QWR3RWVpZmc3OUVuNEtSRGQwOEhWKzJ0eW9SVDdYT094ejllL1QKRm5vVzlOWUlwYUgrNXo3YVlveGtPM1NJb3hVVlIyc0lhZ1BKUXdTN3NldTg3RTV3dVdIMlJjd0dmT2QvNXFuUApNTXZ3UEJVUFdlN1ZUekdtK043eFNRRUQ2ZGdsM0gvNHRBSVJNdjJjYmJxZ1BFdXEzZUJyNDZ5N1p4OTBkUUZzCjhCMlg4SEc2cXJBRytpdjAxbzNyd01aK2FISWE0UjRCRXpPa1ZWRTliNWs3amV1WHB3a1F2NzM1alJ5cDBocWgKTEVNSldrblFVN1lyUkF2TnJhM0tUaXladSs2QkRSeHJjMkR0eVpxbVl5dml4amlzRVNFQXpUM1Mrb2hYV2RJcgpLekw5a2JEN1k1NDBJSXFnbTJQM1pzZ2JNWGNoSTFQMjkyWnQzNkl2ZlVueXF6aW1XaXhibnFuaHRYMzFBUllPCnhOUkJYRVUyOEZUdVUzQ1BQMmluZE5LeVhRaVhCSWtpTEE3anRrWWNBZW84NDRRaFR2aUplWUdwOGtlN1RzN3MKeW0vSm9nN1FpWjhrQlUydGhPUUdFeGpySS82TktlTEMrajFSeXFFZHQ1QjZNaFdGYkt4UXc5WnlWdHZwOFc0VgpCUjQyNnJKMWNzMzFaazBsbDBXaEFUSWpEWmJzdkJucUtVQUY4dVc2UEd5VzdCbkhNUUtDQVFFQTlCYzVzdXhLCjJUejJXOXRBWDgxOEFUQTdjZnRWWHh1NDFEQmFJenNSWUxidVMxWXJJQ2tRZWdwZmFrNVJITkpmek5sUVlGaXQKWUl1NWY1VWpxM0ZNZFRYQXp5VUxSRUEydDk0R3ZmMVpCYW13emRUV2NaZjV2MktNQmdJYk05QlRSQkFGNnJoRQpLNWpTMG9GcmN5Sy9GMUlIOHIzbkgwVFVtSHNYSnNHaG1OMVpyUzZTdW52dzBKZGtHNmN0UUd3V0UzcjNWODYyCi9KaUdQeWxIR09BZ2dGSzBBKzlJTHZKVUZMMG1EeEhHUkw0M3lFd3B6bXUvVmhqQ3pnTE9scUJjb295V3FDTDMKeExQaDNqWEV1QVBOUVYvakJkbnpVaEJ6VXQ2eGl1YWIwNTV2bjd6Umk1NlBtY1duRTM5RWs5aHVOTlNUWmlWcgp3V3VoNVZSeExIYVRud0tDQVFFQTY0SjJMNW94WnpPd1ZCczEwKzdndEpuREZPM0FRZm1QZmxUNHJOQUZreVR1CjVNY1NQNWQyZVdCMzNqaWVpYm1MbjJZbGVVTktHdWpHelZsbERQRTVmN2pZOXpyRWtlZUhqZHZZUGdPTFczT00KMkVKeVBIalppSnNla1RIaEtpVjlTT1FNZVZBQVo2LzdnMGpoZUZsbEs5b3A0dW12RnlsbEZCWFBiYVJMaDhxYgpVU21tSk52WDFUWFo4UXZJYjN4V09RRVI4c08wMnRmOHZ2OXQzSk5MVnhSaEVud245dUt1d25KNjNudURkUmZKCjJtMEZ5WlVwS21ObFhKcVcrVVRWVk9NclQ5UU9jWGdoYU1NTjkzTXN6OUUvUUtQb2tiYUpBVnR0Q3hJN0w4RFoKVVBqS3kxMlpLOUhMUnJmdFQzTWpnM0swaXpNb3ZwdVA2LzhwWWRkeVN3S0NBUUJyNU94TFM2bVdOeDFLNHpLawpabWMrK3p2N21UWldjU0dWSWI1bVBsRGpLRmxURWNiRVU0S0YvNW5IbXRDOTVid1ZCNlpBd0ZIN0VDZ3gzaEhEClViU1RSdXh3WkJhRDE4S1lLZHRmRmVMSTN3WlpKWkNZNjYyb3pIM0tsaG5DSUg3OTRmdExrcUlIaDJrQlJkWGkKTWVTNEFUbWtNZzg4d2ljYk02VzdLdklzYVFPZnlxdHZKU1FBZ0RydkFrbTlaVW1vMkwwR29rZytoWWtwMkN3bQpNY1FNRlFLZmpxQ2dwOXRFdzR0VU0rNHBLcy9yaU1jZUNJQ3VKUW5QR0d5TEpsMXNPS3JMclpGSjhKMlJwTURNCitsazdZWkF2WVBUdVBIbE5rMFIxZXBROHlaYmJ6Qkh3SG1tcGRqWHhKMXQvNHJac1FkN1owd2E3bThFWFp1a1QKMTJKUEFvSUJBUUM1Z2xka0libytoNm1pWnBpYzZ6SlhNRE5KZmdtT0xtMUlYdGhQRDhFRWFmZy9mMHV4aWJaSgozNklzQ2o5ZlR5ZGJGTlA1MC9aQWdoRnUyYmJPWGdrandWQXVWajFXaktEckxqd0VoVGcxZml4NGdNYUpPY3hvClhYL1RjUTNpN0FybTZyT2tyMDdTWGYzcEtQUnBuMGtoSk1VUHQzRXk5bWxuUzlMTGs3bm5LY0gwU2JGVW9WTSsKNEI5ZlR4L0FLWm1sWjJGaTc2TzdLcDB0T2ZpbzRlRmJvM0xmWTZyN1B3M1hudU9IOHBUWEhEams5REcxMnVmRgpPdXd4NkpkNW5DM0tvdktQL0FLd2dLY1laV1RRQVFwUVhJdk5lQThQRUZDVklCWWh2V2Vmc3ZHN1pXNGdpUWJKClRJVXBuR0d5em9ndjE1KzljanZyQUpCNm5kQlVBS2hIQW9JQkFRQ0FDcVFBVHRtcWJab2tkS0xnb0Y0TDYwZjQKS0Urc2thNlJLVm9URFI2azQycWRzYVhkdnhlR3g5dFh2TUxiUVlsL0pxSzZUL3o3YUhPeSsvblk0R1FGcFhlNwpLMW5qWnRwWnA5cjRKQW5pMmI5U09nVFdqanZvZHlYQ3RLYXExcGVjVG5ZSlpLSkMzdHc2cktkL3lWL0xvRzh4CjkxYjFQUmFGKzVnL2s5dXBwdDJ0aDd3VzM3MU03d0lKRmtWajNodzhvdXhxbXN5YjZEWmJkTytVSXhoT0tGSksKQVg4cjdUTnU4bWVuc0k0WS9pL1RVc0NuK1VxbGN2MjUyMGNyNGJmeTJzNlZ5YUUrYVpKcW5ReTBNSTRrVmhCTgpTNm5MbkpoRHNqU2x0NlNqeTZjdXlMZDdkOXN1NG0rKzhuMjNFNXVJMGlrem8wSG9hcjZLMXFUYllBYk0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K 1551674297 5c7cab9aa643d0.89304687 1 fw.nuestrared.org Certificado Firewall e49750e6-4d42-4047-94e7-abed03a2075a b6df93fa-c08c-4829-90f9-8c9f9f870f8a key_4096 0 1 60 5c7caf43d381f 1551675203 5c7cab7c72b502.94225746 1 DreamhostAPI Dominios en Dreamhost dns01 opnsense 1 wan 1 dns_dreamhost 120 1 9ZZB2XMH5X43TYMM 1 cloudflare 5c7caeb7f09452.55378870 1 RenewFirewall restart_gui 1 120 120 127.0.0.1 25 root nosred2018 0 auto 1 syslog facility log_daemon 0 root TWbu5i5T0lm4LBLjnkSp 2812 5 1 0 root@localhost.local 0 10 1 $HOST system 300

0079eb63-53b6-4ec9-9fe8-4148ccd9f856,cf5e41d6-6721-49d0-aa32-1dbd614a92eb,dbb00b9b-ffcb-4833-94ef-15e4aaf43059,543e1993-5cf2-4db3-b625-3452d6c54c8e 1 RootFs filesystem / 300

d45c8e90-5796-4e47-b159-67d4bf5b17dc 0 carp_status_change custom /usr/local/opnsense/scripts/OPNsense/Monit/carp_status 300

a0a620e0-6474-4906-809f-3c612f193d91 0 gateway_alert custom /usr/local/opnsense/scripts/OPNsense/Monit/gateway_alert 300

2b0582ff-d02c-482a-97b8-603902f5906f Ping Custom failed ping alert NetworkLink Custom failed link alert NetworkSaturation Custom saturation is greater than 75% alert MemoryUsage Custom memory usage is greater than 75% alert CPUUsage Custom cpu usage is greater than 75% alert LoadAvg1 Custom loadavg (1min) is greater than 8 alert LoadAvg5 Custom loadavg (5min) is greater than 6 alert LoadAvg15 Custom loadavg (15min) is greater than 4 alert SpaceUsage Custom space usage is greater than 75% alert ChangedStatus Custom changed status alert NonZeroStatus Custom status != 0 alert 0 1 1 1 on strip 1 1 correo@nuestrared.org nuestrared.org 0 /var/squid/cache 256 2 256 16 256 1 1 0 2048 1024 1024 256 0 0 username password lan 3128 3129 0 0 5c7caf43d2e5f .nuestrared.org 16 8 0 3401 public 2121 0 1 0 10.132.0.0/16 80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http 443:https 1 shallalist http://www.shallalist.de/Downloads/shallalist.tar.gz finance/moneylending,automobile/boats,porn,ringtones,drugs,socialnet,dynamic,anonvpn,library,science/astronomy,costtraps,finance/insurance,chat,politics,searchengines,shopping,aggressive,hospitals,urlshortener,adv,weapons,updatesites,recreation/restaurants,radiotv,alcohol,isp,finance/trading,webmail,sex/lingerie,religion,tracker,music,automobile/planes,hobby/gardening,recreation/humor,hobby/games-misc,redirector,gamble,fortunetelling,jobsearch,finance/banking,hobby/cooking,webtv,government,models,automobile/bikes,downloads,hobby/pets,warez,homestyle,recreation/martialarts,spyware,recreation/wellness,news,hobby/games-online,recreation/travel,webphone,sex/education,finance/other,automobile/cars,dating,remotecontrol,forum,violence,imagehosting,podcasts,movies,webradio,military,hacking,finance/realestate,science/chemistry,education/schools,recreation/sports 1 Shallalist Blacklist 0 icap://[::1]:1344/avscan icap://[::1]:1344/avscan 1 0 0 X-Username 1 1024 60 OPNsense proxy authentication 2 5 1 0 lan RadiusAuthNosRed,VaucherAuthNosred 1 15 30 1 5c7caf43d381f fw.nuestrared.org 0 0