/usr/local/opnsense/mvc/script/run_migrations.php made changes @ 2025-03-15T02:35:43.844400 ((system))
This commit is contained in:
(system)
System Administrator
parent
1a99b130e3
commit
18e75335ec
78
config.xml
78
config.xml
@ -1,35 +1,35 @@
|
||||
<?xml version="1.0"?>
|
||||
<opnsense>
|
||||
<theme>opnsense</theme>
|
||||
<sysctl version="1.0.0">
|
||||
<sysctl version="1.0.1">
|
||||
<item uuid="3e6aaa97-52d5-4c00-abaf-9c571b1c128a">
|
||||
<tunable>vfs.read_max</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
|
||||
</item>
|
||||
<item uuid="ae8d1d50-dc6d-49ce-9772-219a08816731">
|
||||
<tunable>net.inet.ip.portrange.first</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>Set the ephemeral port range to be lower.</descr>
|
||||
</item>
|
||||
<item uuid="e0cb18b9-4029-41d0-a327-2e12ea7e02d8">
|
||||
<tunable>net.inet.tcp.blackhole</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>Drop packets to closed TCP ports without returning a RST</descr>
|
||||
</item>
|
||||
<item uuid="56718c77-8222-46c7-97aa-216cfe68a73b">
|
||||
<tunable>net.inet.udp.blackhole</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
|
||||
</item>
|
||||
<item uuid="1de7ad00-090f-4ce2-81ff-0650b0857a5d">
|
||||
<tunable>net.inet.ip.random_id</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>Randomize the ID field in IP packets</descr>
|
||||
</item>
|
||||
<item uuid="79ce9844-d41c-4dff-adb5-f8ae3a0bcbdc">
|
||||
<tunable>net.inet.ip.sourceroute</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>
|
||||
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
|
||||
It can also be used to probe for information about your internal networks. These functions come enabled
|
||||
@ -38,7 +38,7 @@
|
||||
</item>
|
||||
<item uuid="7c341be1-a50b-4fb3-9321-cbfee546c372">
|
||||
<tunable>net.inet.ip.accept_sourceroute</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>
|
||||
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
|
||||
It can also be used to probe for information about your internal networks. These functions come enabled
|
||||
@ -47,7 +47,7 @@
|
||||
</item>
|
||||
<item uuid="7bfbc692-e8b4-46fa-96f5-eb21883e7297">
|
||||
<tunable>net.inet.icmp.log_redirect</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>
|
||||
This option turns off the logging of redirect packets because there is no limit and this could fill
|
||||
up your logs consuming your whole hard drive.
|
||||
@ -55,132 +55,132 @@
|
||||
</item>
|
||||
<item uuid="14a58970-1cfc-43f3-a7f8-c2ce13fdb617">
|
||||
<tunable>net.inet.tcp.drop_synfin</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
|
||||
</item>
|
||||
<item uuid="189b1f7b-6097-4e25-9976-c8d3a65ff489">
|
||||
<tunable>net.inet6.ip6.redirect</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>Enable sending IPv6 redirects</descr>
|
||||
</item>
|
||||
<item uuid="c3a10277-b4ec-4b75-9550-a0378c4d2bb4">
|
||||
<tunable>net.inet6.ip6.use_tempaddr</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
|
||||
</item>
|
||||
<item uuid="799d08de-e567-413b-abb0-42cecf7fa784">
|
||||
<tunable>net.inet6.ip6.prefer_tempaddr</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>Prefer privacy addresses and use them over the normal addresses</descr>
|
||||
</item>
|
||||
<item uuid="34c2769b-287a-4ca0-9ffd-4f33718a45b7">
|
||||
<tunable>net.inet.tcp.syncookies</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
|
||||
</item>
|
||||
<item uuid="b11f856f-ef08-4a2a-a00e-9ade0b8f6046">
|
||||
<tunable>net.inet.tcp.recvspace</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
|
||||
</item>
|
||||
<item uuid="63523e71-e760-4bff-93d1-342e255eb199">
|
||||
<tunable>net.inet.tcp.sendspace</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
|
||||
</item>
|
||||
<item uuid="8346d8e1-f503-4051-8a6a-434690856edc">
|
||||
<tunable>net.inet.tcp.delayed_ack</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
|
||||
</item>
|
||||
<item uuid="66722d67-259b-40e2-93cb-61ced4cf79cb">
|
||||
<tunable>net.inet.udp.maxdgram</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>Maximum outgoing UDP datagram size</descr>
|
||||
</item>
|
||||
<item uuid="7ae77c54-1693-45dd-82ac-9a5d9bf6e515">
|
||||
<tunable>net.link.bridge.pfil_onlyip</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
|
||||
</item>
|
||||
<item uuid="91a783d4-817b-4ace-9700-65356a82072b">
|
||||
<tunable>net.link.bridge.pfil_local_phys</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
|
||||
</item>
|
||||
<item uuid="1fc3262a-960b-4f49-b201-edd77a1e2b31">
|
||||
<tunable>net.link.bridge.pfil_member</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
|
||||
</item>
|
||||
<item uuid="174014af-fc1f-4688-8bcb-13225678595e">
|
||||
<tunable>net.link.bridge.pfil_bridge</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>Set to 1 to enable filtering on the bridge interface</descr>
|
||||
</item>
|
||||
<item uuid="154c3822-97de-424c-beb0-fd4245d9a6c2">
|
||||
<tunable>net.link.tap.user_open</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>Allow unprivileged access to tap(4) device nodes</descr>
|
||||
</item>
|
||||
<item uuid="e5bddcc7-0035-4a1d-b460-d2eba1a95452">
|
||||
<tunable>kern.randompid</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
|
||||
</item>
|
||||
<item uuid="5661389c-894a-4fd4-a679-fbbbc0de2b31">
|
||||
<tunable>hw.syscons.kbd_reboot</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
|
||||
</item>
|
||||
<item uuid="b30dfecf-6bcb-42ff-8083-f57ee708007f">
|
||||
<tunable>net.inet.tcp.log_debug</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>Enable TCP extended debugging</descr>
|
||||
</item>
|
||||
<item uuid="f9354f0f-0a41-4b18-b555-e8a21340f18f">
|
||||
<tunable>net.inet.icmp.icmplim</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>Set ICMP Limits</descr>
|
||||
</item>
|
||||
<item uuid="abd3bf28-643c-4461-a79f-da011acd5b0f">
|
||||
<tunable>net.inet.tcp.tso</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>TCP Offload Engine</descr>
|
||||
</item>
|
||||
<item uuid="e76f5d08-35ee-4419-89f1-7ff2c05f59c5">
|
||||
<tunable>net.inet.udp.checksum</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>UDP Checksums</descr>
|
||||
</item>
|
||||
<item uuid="2db68529-e007-464f-91bf-c83630e777d4">
|
||||
<tunable>kern.ipc.maxsockbuf</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>Maximum socket buffer size</descr>
|
||||
</item>
|
||||
<item uuid="ea141674-53d8-4ec1-a579-6a787047e744">
|
||||
<tunable>vm.pmap.pti</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>Page Table Isolation (Meltdown mitigation, requires reboot.)</descr>
|
||||
</item>
|
||||
<item uuid="e8fcbef7-703d-4b40-9caf-f4fb9297e4fe">
|
||||
<tunable>hw.ibrs_disable</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)</descr>
|
||||
</item>
|
||||
<item uuid="8d9f827c-1873-4b1d-b243-4d68b70377ca">
|
||||
<tunable>security.bsd.see_other_gids</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>Hide processes running as other groups</descr>
|
||||
</item>
|
||||
<item uuid="231d927d-5270-4752-bb23-bfe9d7f9f978">
|
||||
<tunable>security.bsd.see_other_uids</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>Hide processes running as other users</descr>
|
||||
</item>
|
||||
<item uuid="128fb208-8e18-4c7d-8647-dbb14e6874ee">
|
||||
<tunable>net.inet.ip.redirect</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
|
||||
and for the sender directly reachable, route and next hop is known.
|
||||
</descr>
|
||||
@ -196,7 +196,7 @@
|
||||
</item>
|
||||
<item uuid="8e0b3bbf-56b2-4a1b-9326-cbd8fa5804ad">
|
||||
<tunable>net.local.dgram.maxdgram</tunable>
|
||||
<value>default</value>
|
||||
<value/>
|
||||
<descr>Maximum outgoing UDP datagram size</descr>
|
||||
</item>
|
||||
</sysctl>
|
||||
@ -1017,9 +1017,9 @@
|
||||
<interfacesstatisticsfilter>opt2</interfacesstatisticsfilter>
|
||||
</widgets>
|
||||
<revision>
|
||||
<username>(root)</username>
|
||||
<time>1740792094.3677</time>
|
||||
<description>Updated plugin interface configuration</description>
|
||||
<username>(system)</username>
|
||||
<description>/usr/local/opnsense/mvc/script/run_migrations.php made changes</description>
|
||||
<time>1742002543.8444</time>
|
||||
</revision>
|
||||
<OPNsense>
|
||||
<wireguard>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user