From 18e75335ec78120e487909f0a4457e827b949ffb Mon Sep 17 00:00:00 2001
From: "(system)" <(system)@OPNsense.localdomain>
Date: Sat, 15 Mar 2025 02:35:44 +0100
Subject: [PATCH] /usr/local/opnsense/mvc/script/run_migrations.php made
 changes @ 2025-03-15T02:35:43.844400 ((system))

---
 config.xml | 78 +++++++++++++++++++++++++++---------------------------
 1 file changed, 39 insertions(+), 39 deletions(-)

diff --git a/config.xml b/config.xml
index b91e8ef..c51455f 100644
--- a/config.xml
+++ b/config.xml
@@ -1,35 +1,35 @@
 <?xml version="1.0"?>
 <opnsense>
   <theme>opnsense</theme>
-  <sysctl version="1.0.0">
+  <sysctl version="1.0.1">
     <item uuid="3e6aaa97-52d5-4c00-abaf-9c571b1c128a">
       <tunable>vfs.read_max</tunable>
-      <value>default</value>
+      <value/>
       <descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
     </item>
     <item uuid="ae8d1d50-dc6d-49ce-9772-219a08816731">
       <tunable>net.inet.ip.portrange.first</tunable>
-      <value>default</value>
+      <value/>
       <descr>Set the ephemeral port range to be lower.</descr>
     </item>
     <item uuid="e0cb18b9-4029-41d0-a327-2e12ea7e02d8">
       <tunable>net.inet.tcp.blackhole</tunable>
-      <value>default</value>
+      <value/>
       <descr>Drop packets to closed TCP ports without returning a RST</descr>
     </item>
     <item uuid="56718c77-8222-46c7-97aa-216cfe68a73b">
       <tunable>net.inet.udp.blackhole</tunable>
-      <value>default</value>
+      <value/>
       <descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
     </item>
     <item uuid="1de7ad00-090f-4ce2-81ff-0650b0857a5d">
       <tunable>net.inet.ip.random_id</tunable>
-      <value>default</value>
+      <value/>
       <descr>Randomize the ID field in IP packets</descr>
     </item>
     <item uuid="79ce9844-d41c-4dff-adb5-f8ae3a0bcbdc">
       <tunable>net.inet.ip.sourceroute</tunable>
-      <value>default</value>
+      <value/>
       <descr>
         Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
         It can also be used to probe for information about your internal networks. These functions come enabled
@@ -38,7 +38,7 @@
     </item>
     <item uuid="7c341be1-a50b-4fb3-9321-cbfee546c372">
       <tunable>net.inet.ip.accept_sourceroute</tunable>
-      <value>default</value>
+      <value/>
       <descr>
         Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
         It can also be used to probe for information about your internal networks. These functions come enabled
@@ -47,7 +47,7 @@
     </item>
     <item uuid="7bfbc692-e8b4-46fa-96f5-eb21883e7297">
       <tunable>net.inet.icmp.log_redirect</tunable>
-      <value>default</value>
+      <value/>
       <descr>
         This option turns off the logging of redirect packets because there is no limit and this could fill
         up your logs consuming your whole hard drive.
@@ -55,132 +55,132 @@
     </item>
     <item uuid="14a58970-1cfc-43f3-a7f8-c2ce13fdb617">
       <tunable>net.inet.tcp.drop_synfin</tunable>
-      <value>default</value>
+      <value/>
       <descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
     </item>
     <item uuid="189b1f7b-6097-4e25-9976-c8d3a65ff489">
       <tunable>net.inet6.ip6.redirect</tunable>
-      <value>default</value>
+      <value/>
       <descr>Enable sending IPv6 redirects</descr>
     </item>
     <item uuid="c3a10277-b4ec-4b75-9550-a0378c4d2bb4">
       <tunable>net.inet6.ip6.use_tempaddr</tunable>
-      <value>default</value>
+      <value/>
       <descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
     </item>
     <item uuid="799d08de-e567-413b-abb0-42cecf7fa784">
       <tunable>net.inet6.ip6.prefer_tempaddr</tunable>
-      <value>default</value>
+      <value/>
       <descr>Prefer privacy addresses and use them over the normal addresses</descr>
     </item>
     <item uuid="34c2769b-287a-4ca0-9ffd-4f33718a45b7">
       <tunable>net.inet.tcp.syncookies</tunable>
-      <value>default</value>
+      <value/>
       <descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
     </item>
     <item uuid="b11f856f-ef08-4a2a-a00e-9ade0b8f6046">
       <tunable>net.inet.tcp.recvspace</tunable>
-      <value>default</value>
+      <value/>
       <descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
     </item>
     <item uuid="63523e71-e760-4bff-93d1-342e255eb199">
       <tunable>net.inet.tcp.sendspace</tunable>
-      <value>default</value>
+      <value/>
       <descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
     </item>
     <item uuid="8346d8e1-f503-4051-8a6a-434690856edc">
       <tunable>net.inet.tcp.delayed_ack</tunable>
-      <value>default</value>
+      <value/>
       <descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
     </item>
     <item uuid="66722d67-259b-40e2-93cb-61ced4cf79cb">
       <tunable>net.inet.udp.maxdgram</tunable>
-      <value>default</value>
+      <value/>
       <descr>Maximum outgoing UDP datagram size</descr>
     </item>
     <item uuid="7ae77c54-1693-45dd-82ac-9a5d9bf6e515">
       <tunable>net.link.bridge.pfil_onlyip</tunable>
-      <value>default</value>
+      <value/>
       <descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
     </item>
     <item uuid="91a783d4-817b-4ace-9700-65356a82072b">
       <tunable>net.link.bridge.pfil_local_phys</tunable>
-      <value>default</value>
+      <value/>
       <descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
     </item>
     <item uuid="1fc3262a-960b-4f49-b201-edd77a1e2b31">
       <tunable>net.link.bridge.pfil_member</tunable>
-      <value>default</value>
+      <value/>
       <descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
     </item>
     <item uuid="174014af-fc1f-4688-8bcb-13225678595e">
       <tunable>net.link.bridge.pfil_bridge</tunable>
-      <value>default</value>
+      <value/>
       <descr>Set to 1 to enable filtering on the bridge interface</descr>
     </item>
     <item uuid="154c3822-97de-424c-beb0-fd4245d9a6c2">
       <tunable>net.link.tap.user_open</tunable>
-      <value>default</value>
+      <value/>
       <descr>Allow unprivileged access to tap(4) device nodes</descr>
     </item>
     <item uuid="e5bddcc7-0035-4a1d-b460-d2eba1a95452">
       <tunable>kern.randompid</tunable>
-      <value>default</value>
+      <value/>
       <descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
     </item>
     <item uuid="5661389c-894a-4fd4-a679-fbbbc0de2b31">
       <tunable>hw.syscons.kbd_reboot</tunable>
-      <value>default</value>
+      <value/>
       <descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
     </item>
     <item uuid="b30dfecf-6bcb-42ff-8083-f57ee708007f">
       <tunable>net.inet.tcp.log_debug</tunable>
-      <value>default</value>
+      <value/>
       <descr>Enable TCP extended debugging</descr>
     </item>
     <item uuid="f9354f0f-0a41-4b18-b555-e8a21340f18f">
       <tunable>net.inet.icmp.icmplim</tunable>
-      <value>default</value>
+      <value/>
       <descr>Set ICMP Limits</descr>
     </item>
     <item uuid="abd3bf28-643c-4461-a79f-da011acd5b0f">
       <tunable>net.inet.tcp.tso</tunable>
-      <value>default</value>
+      <value/>
       <descr>TCP Offload Engine</descr>
     </item>
     <item uuid="e76f5d08-35ee-4419-89f1-7ff2c05f59c5">
       <tunable>net.inet.udp.checksum</tunable>
-      <value>default</value>
+      <value/>
       <descr>UDP Checksums</descr>
     </item>
     <item uuid="2db68529-e007-464f-91bf-c83630e777d4">
       <tunable>kern.ipc.maxsockbuf</tunable>
-      <value>default</value>
+      <value/>
       <descr>Maximum socket buffer size</descr>
     </item>
     <item uuid="ea141674-53d8-4ec1-a579-6a787047e744">
       <tunable>vm.pmap.pti</tunable>
-      <value>default</value>
+      <value/>
       <descr>Page Table Isolation (Meltdown mitigation, requires reboot.)</descr>
     </item>
     <item uuid="e8fcbef7-703d-4b40-9caf-f4fb9297e4fe">
       <tunable>hw.ibrs_disable</tunable>
-      <value>default</value>
+      <value/>
       <descr>Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)</descr>
     </item>
     <item uuid="8d9f827c-1873-4b1d-b243-4d68b70377ca">
       <tunable>security.bsd.see_other_gids</tunable>
-      <value>default</value>
+      <value/>
       <descr>Hide processes running as other groups</descr>
     </item>
     <item uuid="231d927d-5270-4752-bb23-bfe9d7f9f978">
       <tunable>security.bsd.see_other_uids</tunable>
-      <value>default</value>
+      <value/>
       <descr>Hide processes running as other users</descr>
     </item>
     <item uuid="128fb208-8e18-4c7d-8647-dbb14e6874ee">
       <tunable>net.inet.ip.redirect</tunable>
-      <value>default</value>
+      <value/>
       <descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
         and for the sender directly reachable, route and next hop is known.
       </descr>
@@ -196,7 +196,7 @@
     </item>
     <item uuid="8e0b3bbf-56b2-4a1b-9326-cbd8fa5804ad">
       <tunable>net.local.dgram.maxdgram</tunable>
-      <value>default</value>
+      <value/>
       <descr>Maximum outgoing UDP datagram size</descr>
     </item>
   </sysctl>
@@ -1017,9 +1017,9 @@
     <interfacesstatisticsfilter>opt2</interfacesstatisticsfilter>
   </widgets>
   <revision>
-    <username>(root)</username>
-    <time>1740792094.3677</time>
-    <description>Updated plugin interface configuration</description>
+    <username>(system)</username>
+    <description>/usr/local/opnsense/mvc/script/run_migrations.php made changes</description>
+    <time>1742002543.8444</time>
   </revision>
   <OPNsense>
     <wireguard>