steini/Opnsense
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

/usr/local/opnsense/mvc/script/run_migrations.php made changes @ 2025-03-15T02:35:43.844400 ((system))

Browse Source
This commit is contained in:
(system) 2025-03-15 02:35:44 +01:00 committed by System Administrator
parent 1a99b130e3
commit 18e75335ec
1 changed files with 39 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
config.xml
View File

@ -1,35 +1,35 @@
<?xml version="1.0"?> <?xml version="1.0"?>
<opnsense> <opnsense>
<theme>opnsense</theme> <theme>opnsense</theme>
<sysctl version="1.0.0"> <sysctl version="1.0.1">
<item uuid="3e6aaa97-52d5-4c00-abaf-9c571b1c128a"> <item uuid="3e6aaa97-52d5-4c00-abaf-9c571b1c128a">
<tunable>vfs.read_max</tunable> <tunable>vfs.read_max</tunable>
<value>default</value> <value/>
<descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr> <descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
</item> </item>
<item uuid="ae8d1d50-dc6d-49ce-9772-219a08816731"> <item uuid="ae8d1d50-dc6d-49ce-9772-219a08816731">
<tunable>net.inet.ip.portrange.first</tunable> <tunable>net.inet.ip.portrange.first</tunable>
<value>default</value> <value/>
<descr>Set the ephemeral port range to be lower.</descr> <descr>Set the ephemeral port range to be lower.</descr>
</item> </item>
<item uuid="e0cb18b9-4029-41d0-a327-2e12ea7e02d8"> <item uuid="e0cb18b9-4029-41d0-a327-2e12ea7e02d8">
<tunable>net.inet.tcp.blackhole</tunable> <tunable>net.inet.tcp.blackhole</tunable>
<value>default</value> <value/>
<descr>Drop packets to closed TCP ports without returning a RST</descr> <descr>Drop packets to closed TCP ports without returning a RST</descr>
</item> </item>
<item uuid="56718c77-8222-46c7-97aa-216cfe68a73b"> <item uuid="56718c77-8222-46c7-97aa-216cfe68a73b">
<tunable>net.inet.udp.blackhole</tunable> <tunable>net.inet.udp.blackhole</tunable>
<value>default</value> <value/>
<descr>Do not send ICMP port unreachable messages for closed UDP ports</descr> <descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
</item> </item>
<item uuid="1de7ad00-090f-4ce2-81ff-0650b0857a5d"> <item uuid="1de7ad00-090f-4ce2-81ff-0650b0857a5d">
<tunable>net.inet.ip.random_id</tunable> <tunable>net.inet.ip.random_id</tunable>
<value>default</value> <value/>
<descr>Randomize the ID field in IP packets</descr> <descr>Randomize the ID field in IP packets</descr>
</item> </item>
<item uuid="79ce9844-d41c-4dff-adb5-f8ae3a0bcbdc"> <item uuid="79ce9844-d41c-4dff-adb5-f8ae3a0bcbdc">
<tunable>net.inet.ip.sourceroute</tunable> <tunable>net.inet.ip.sourceroute</tunable>
<value>default</value> <value/>
<descr> <descr>
Source routing is another way for an attacker to try to reach non-routable addresses behind your box. Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled It can also be used to probe for information about your internal networks. These functions come enabled
@ -38,7 +38,7 @@
</item> </item>
<item uuid="7c341be1-a50b-4fb3-9321-cbfee546c372"> <item uuid="7c341be1-a50b-4fb3-9321-cbfee546c372">
<tunable>net.inet.ip.accept_sourceroute</tunable> <tunable>net.inet.ip.accept_sourceroute</tunable>
<value>default</value> <value/>
<descr> <descr>
Source routing is another way for an attacker to try to reach non-routable addresses behind your box. Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled It can also be used to probe for information about your internal networks. These functions come enabled
@ -47,7 +47,7 @@
</item> </item>
<item uuid="7bfbc692-e8b4-46fa-96f5-eb21883e7297"> <item uuid="7bfbc692-e8b4-46fa-96f5-eb21883e7297">
<tunable>net.inet.icmp.log_redirect</tunable> <tunable>net.inet.icmp.log_redirect</tunable>
<value>default</value> <value/>
<descr> <descr>
This option turns off the logging of redirect packets because there is no limit and this could fill This option turns off the logging of redirect packets because there is no limit and this could fill
up your logs consuming your whole hard drive. up your logs consuming your whole hard drive.
@ -55,132 +55,132 @@
</item> </item>
<item uuid="14a58970-1cfc-43f3-a7f8-c2ce13fdb617"> <item uuid="14a58970-1cfc-43f3-a7f8-c2ce13fdb617">
<tunable>net.inet.tcp.drop_synfin</tunable> <tunable>net.inet.tcp.drop_synfin</tunable>
<value>default</value> <value/>
<descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr> <descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
</item> </item>
<item uuid="189b1f7b-6097-4e25-9976-c8d3a65ff489"> <item uuid="189b1f7b-6097-4e25-9976-c8d3a65ff489">
<tunable>net.inet6.ip6.redirect</tunable> <tunable>net.inet6.ip6.redirect</tunable>
<value>default</value> <value/>
<descr>Enable sending IPv6 redirects</descr> <descr>Enable sending IPv6 redirects</descr>
</item> </item>
<item uuid="c3a10277-b4ec-4b75-9550-a0378c4d2bb4"> <item uuid="c3a10277-b4ec-4b75-9550-a0378c4d2bb4">
<tunable>net.inet6.ip6.use_tempaddr</tunable> <tunable>net.inet6.ip6.use_tempaddr</tunable>
<value>default</value> <value/>
<descr>Enable privacy settings for IPv6 (RFC 4941)</descr> <descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
</item> </item>
<item uuid="799d08de-e567-413b-abb0-42cecf7fa784"> <item uuid="799d08de-e567-413b-abb0-42cecf7fa784">
<tunable>net.inet6.ip6.prefer_tempaddr</tunable> <tunable>net.inet6.ip6.prefer_tempaddr</tunable>
<value>default</value> <value/>
<descr>Prefer privacy addresses and use them over the normal addresses</descr> <descr>Prefer privacy addresses and use them over the normal addresses</descr>
</item> </item>
<item uuid="34c2769b-287a-4ca0-9ffd-4f33718a45b7"> <item uuid="34c2769b-287a-4ca0-9ffd-4f33718a45b7">
<tunable>net.inet.tcp.syncookies</tunable> <tunable>net.inet.tcp.syncookies</tunable>
<value>default</value> <value/>
<descr>Generate SYN cookies for outbound SYN-ACK packets</descr> <descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
</item> </item>
<item uuid="b11f856f-ef08-4a2a-a00e-9ade0b8f6046"> <item uuid="b11f856f-ef08-4a2a-a00e-9ade0b8f6046">
<tunable>net.inet.tcp.recvspace</tunable> <tunable>net.inet.tcp.recvspace</tunable>
<value>default</value> <value/>
<descr>Maximum incoming/outgoing TCP datagram size (receive)</descr> <descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
</item> </item>
<item uuid="63523e71-e760-4bff-93d1-342e255eb199"> <item uuid="63523e71-e760-4bff-93d1-342e255eb199">
<tunable>net.inet.tcp.sendspace</tunable> <tunable>net.inet.tcp.sendspace</tunable>
<value>default</value> <value/>
<descr>Maximum incoming/outgoing TCP datagram size (send)</descr> <descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
</item> </item>
<item uuid="8346d8e1-f503-4051-8a6a-434690856edc"> <item uuid="8346d8e1-f503-4051-8a6a-434690856edc">
<tunable>net.inet.tcp.delayed_ack</tunable> <tunable>net.inet.tcp.delayed_ack</tunable>
<value>default</value> <value/>
<descr>Do not delay ACK to try and piggyback it onto a data packet</descr> <descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
</item> </item>
<item uuid="66722d67-259b-40e2-93cb-61ced4cf79cb"> <item uuid="66722d67-259b-40e2-93cb-61ced4cf79cb">
<tunable>net.inet.udp.maxdgram</tunable> <tunable>net.inet.udp.maxdgram</tunable>
<value>default</value> <value/>
<descr>Maximum outgoing UDP datagram size</descr> <descr>Maximum outgoing UDP datagram size</descr>
</item> </item>
<item uuid="7ae77c54-1693-45dd-82ac-9a5d9bf6e515"> <item uuid="7ae77c54-1693-45dd-82ac-9a5d9bf6e515">
<tunable>net.link.bridge.pfil_onlyip</tunable> <tunable>net.link.bridge.pfil_onlyip</tunable>
<value>default</value> <value/>
<descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr> <descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
</item> </item>
<item uuid="91a783d4-817b-4ace-9700-65356a82072b"> <item uuid="91a783d4-817b-4ace-9700-65356a82072b">
<tunable>net.link.bridge.pfil_local_phys</tunable> <tunable>net.link.bridge.pfil_local_phys</tunable>
<value>default</value> <value/>
<descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr> <descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
</item> </item>
<item uuid="1fc3262a-960b-4f49-b201-edd77a1e2b31"> <item uuid="1fc3262a-960b-4f49-b201-edd77a1e2b31">
<tunable>net.link.bridge.pfil_member</tunable> <tunable>net.link.bridge.pfil_member</tunable>
<value>default</value> <value/>
<descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr> <descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
</item> </item>
<item uuid="174014af-fc1f-4688-8bcb-13225678595e"> <item uuid="174014af-fc1f-4688-8bcb-13225678595e">
<tunable>net.link.bridge.pfil_bridge</tunable> <tunable>net.link.bridge.pfil_bridge</tunable>
<value>default</value> <value/>
<descr>Set to 1 to enable filtering on the bridge interface</descr> <descr>Set to 1 to enable filtering on the bridge interface</descr>
</item> </item>
<item uuid="154c3822-97de-424c-beb0-fd4245d9a6c2"> <item uuid="154c3822-97de-424c-beb0-fd4245d9a6c2">
<tunable>net.link.tap.user_open</tunable> <tunable>net.link.tap.user_open</tunable>
<value>default</value> <value/>
<descr>Allow unprivileged access to tap(4) device nodes</descr> <descr>Allow unprivileged access to tap(4) device nodes</descr>
</item> </item>
<item uuid="e5bddcc7-0035-4a1d-b460-d2eba1a95452"> <item uuid="e5bddcc7-0035-4a1d-b460-d2eba1a95452">
<tunable>kern.randompid</tunable> <tunable>kern.randompid</tunable>
<value>default</value> <value/>
<descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr> <descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
</item> </item>
<item uuid="5661389c-894a-4fd4-a679-fbbbc0de2b31"> <item uuid="5661389c-894a-4fd4-a679-fbbbc0de2b31">
<tunable>hw.syscons.kbd_reboot</tunable> <tunable>hw.syscons.kbd_reboot</tunable>
<value>default</value> <value/>
<descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr> <descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
</item> </item>
<item uuid="b30dfecf-6bcb-42ff-8083-f57ee708007f"> <item uuid="b30dfecf-6bcb-42ff-8083-f57ee708007f">
<tunable>net.inet.tcp.log_debug</tunable> <tunable>net.inet.tcp.log_debug</tunable>
<value>default</value> <value/>
<descr>Enable TCP extended debugging</descr> <descr>Enable TCP extended debugging</descr>
</item> </item>
<item uuid="f9354f0f-0a41-4b18-b555-e8a21340f18f"> <item uuid="f9354f0f-0a41-4b18-b555-e8a21340f18f">
<tunable>net.inet.icmp.icmplim</tunable> <tunable>net.inet.icmp.icmplim</tunable>
<value>default</value> <value/>
<descr>Set ICMP Limits</descr> <descr>Set ICMP Limits</descr>
</item> </item>
<item uuid="abd3bf28-643c-4461-a79f-da011acd5b0f"> <item uuid="abd3bf28-643c-4461-a79f-da011acd5b0f">
<tunable>net.inet.tcp.tso</tunable> <tunable>net.inet.tcp.tso</tunable>
<value>default</value> <value/>
<descr>TCP Offload Engine</descr> <descr>TCP Offload Engine</descr>
</item> </item>
<item uuid="e76f5d08-35ee-4419-89f1-7ff2c05f59c5"> <item uuid="e76f5d08-35ee-4419-89f1-7ff2c05f59c5">
<tunable>net.inet.udp.checksum</tunable> <tunable>net.inet.udp.checksum</tunable>
<value>default</value> <value/>
<descr>UDP Checksums</descr> <descr>UDP Checksums</descr>
</item> </item>
<item uuid="2db68529-e007-464f-91bf-c83630e777d4"> <item uuid="2db68529-e007-464f-91bf-c83630e777d4">
<tunable>kern.ipc.maxsockbuf</tunable> <tunable>kern.ipc.maxsockbuf</tunable>
<value>default</value> <value/>
<descr>Maximum socket buffer size</descr> <descr>Maximum socket buffer size</descr>
</item> </item>
<item uuid="ea141674-53d8-4ec1-a579-6a787047e744"> <item uuid="ea141674-53d8-4ec1-a579-6a787047e744">
<tunable>vm.pmap.pti</tunable> <tunable>vm.pmap.pti</tunable>
<value>default</value> <value/>
<descr>Page Table Isolation (Meltdown mitigation, requires reboot.)</descr> <descr>Page Table Isolation (Meltdown mitigation, requires reboot.)</descr>
</item> </item>
<item uuid="e8fcbef7-703d-4b40-9caf-f4fb9297e4fe"> <item uuid="e8fcbef7-703d-4b40-9caf-f4fb9297e4fe">
<tunable>hw.ibrs_disable</tunable> <tunable>hw.ibrs_disable</tunable>
<value>default</value> <value/>
<descr>Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)</descr> <descr>Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)</descr>
</item> </item>
<item uuid="8d9f827c-1873-4b1d-b243-4d68b70377ca"> <item uuid="8d9f827c-1873-4b1d-b243-4d68b70377ca">
<tunable>security.bsd.see_other_gids</tunable> <tunable>security.bsd.see_other_gids</tunable>
<value>default</value> <value/>
<descr>Hide processes running as other groups</descr> <descr>Hide processes running as other groups</descr>
</item> </item>
<item uuid="231d927d-5270-4752-bb23-bfe9d7f9f978"> <item uuid="231d927d-5270-4752-bb23-bfe9d7f9f978">
<tunable>security.bsd.see_other_uids</tunable> <tunable>security.bsd.see_other_uids</tunable>
<value>default</value> <value/>
<descr>Hide processes running as other users</descr> <descr>Hide processes running as other users</descr>
</item> </item>
<item uuid="128fb208-8e18-4c7d-8647-dbb14e6874ee"> <item uuid="128fb208-8e18-4c7d-8647-dbb14e6874ee">
<tunable>net.inet.ip.redirect</tunable> <tunable>net.inet.ip.redirect</tunable>
<value>default</value> <value/>
<descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better, <descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
and for the sender directly reachable, route and next hop is known. and for the sender directly reachable, route and next hop is known.
</descr> </descr>
@ -196,7 +196,7 @@
</item> </item>
<item uuid="8e0b3bbf-56b2-4a1b-9326-cbd8fa5804ad"> <item uuid="8e0b3bbf-56b2-4a1b-9326-cbd8fa5804ad">
<tunable>net.local.dgram.maxdgram</tunable> <tunable>net.local.dgram.maxdgram</tunable>
<value>default</value> <value/>
<descr>Maximum outgoing UDP datagram size</descr> <descr>Maximum outgoing UDP datagram size</descr>
</item> </item>
</sysctl> </sysctl>
@ -1017,9 +1017,9 @@
<interfacesstatisticsfilter>opt2</interfacesstatisticsfilter> <interfacesstatisticsfilter>opt2</interfacesstatisticsfilter>
</widgets> </widgets>
<revision> <revision>
<username>(root)</username> <username>(system)</username>
<time>1740792094.3677</time> <description>/usr/local/opnsense/mvc/script/run_migrations.php made changes</description>
<description>Updated plugin interface configuration</description> <time>1742002543.8444</time>
</revision> </revision>
<OPNsense> <OPNsense>
<wireguard> <wireguard>