From 56d252c63409c4637354b8511149d8455a41f000 Mon Sep 17 00:00:00 2001
From: "(system)" <(system)@gondor2.dss.mywire.org>
Date: Fri, 14 Mar 2025 00:40:23 +1030
Subject: [PATCH] /usr/local/opnsense/mvc/script/run_migrations.php made
 changes @ 2025-03-14T00:40:21.365000 ((system))

---
 config.xml | 338 +++++++++++++++++++++++++++++------------------------
 1 file changed, 186 insertions(+), 152 deletions(-)

diff --git a/config.xml b/config.xml
index 6ae3aa4..12331f4 100644
--- a/config.xml
+++ b/config.xml
@@ -1,215 +1,215 @@
 <?xml version="1.0"?>
 <opnsense>
   <theme>opnsense</theme>
-  <sysctl>
-    <item>
-      <descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
+  <sysctl version="1.0.1">
+    <item uuid="c795d7a7-27b8-4d55-a947-e072d337a51b">
       <tunable>vfs.read_max</tunable>
-      <value>default</value>
+      <value/>
+      <descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
     </item>
-    <item>
-      <descr>Set the ephemeral port range to be lower.</descr>
+    <item uuid="93404a66-daa6-495a-a90e-b8e602577134">
       <tunable>net.inet.ip.portrange.first</tunable>
-      <value>default</value>
+      <value/>
+      <descr>Set the ephemeral port range to be lower.</descr>
     </item>
-    <item>
-      <descr>Drop packets to closed TCP ports without returning a RST</descr>
+    <item uuid="752da915-86a1-48e7-8b4a-22e9e20b6521">
       <tunable>net.inet.tcp.blackhole</tunable>
-      <value>default</value>
+      <value/>
+      <descr>Drop packets to closed TCP ports without returning a RST</descr>
     </item>
-    <item>
-      <descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
+    <item uuid="cadc561c-18ff-4ad5-b99f-2685a5bd6f80">
       <tunable>net.inet.udp.blackhole</tunable>
-      <value>default</value>
+      <value/>
+      <descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
     </item>
-    <item>
-      <descr>Randomize the ID field in IP packets</descr>
+    <item uuid="66d7d4e3-1dd7-4a71-bde6-00128eeabdb0">
       <tunable>net.inet.ip.random_id</tunable>
-      <value>default</value>
+      <value/>
+      <descr>Randomize the ID field in IP packets</descr>
     </item>
-    <item>
-      <descr>
-        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
-        It can also be used to probe for information about your internal networks. These functions come enabled
-        as part of the standard FreeBSD core system.
-      </descr>
+    <item uuid="a210afe5-9d70-4d5d-9c57-7b0e2f04270e">
       <tunable>net.inet.ip.sourceroute</tunable>
-      <value>default</value>
-    </item>
-    <item>
+      <value/>
       <descr>
         Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
         It can also be used to probe for information about your internal networks. These functions come enabled
         as part of the standard FreeBSD core system.
       </descr>
-      <tunable>net.inet.ip.accept_sourceroute</tunable>
-      <value>default</value>
     </item>
-    <item>
+    <item uuid="03bb1ce5-ecef-4f7a-951c-78f2feeefad0">
+      <tunable>net.inet.ip.accept_sourceroute</tunable>
+      <value/>
+      <descr>
+        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
+        It can also be used to probe for information about your internal networks. These functions come enabled
+        as part of the standard FreeBSD core system.
+      </descr>
+    </item>
+    <item uuid="ab5a3b06-4eb7-44bc-b9f8-a74c668833b7">
+      <tunable>net.inet.icmp.log_redirect</tunable>
+      <value/>
       <descr>
         This option turns off the logging of redirect packets because there is no limit and this could fill
         up your logs consuming your whole hard drive.
       </descr>
-      <tunable>net.inet.icmp.log_redirect</tunable>
-      <value>default</value>
     </item>
-    <item>
-      <descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
+    <item uuid="bd45727f-82ed-4a25-b7a4-28384a72736e">
       <tunable>net.inet.tcp.drop_synfin</tunable>
-      <value>default</value>
+      <value/>
+      <descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
     </item>
-    <item>
-      <descr>Enable sending IPv6 redirects</descr>
+    <item uuid="edd53567-0ca9-4070-9d8b-dabe7fbd40e8">
       <tunable>net.inet6.ip6.redirect</tunable>
-      <value>default</value>
+      <value/>
+      <descr>Enable sending IPv6 redirects</descr>
     </item>
-    <item>
-      <descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
+    <item uuid="5e99dedf-efe9-41ca-a89a-51e0204d9999">
       <tunable>net.inet6.ip6.use_tempaddr</tunable>
-      <value>default</value>
+      <value/>
+      <descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
     </item>
-    <item>
-      <descr>Prefer privacy addresses and use them over the normal addresses</descr>
+    <item uuid="496ca683-4684-4a0e-b87b-6ad1277f826b">
       <tunable>net.inet6.ip6.prefer_tempaddr</tunable>
-      <value>default</value>
+      <value/>
+      <descr>Prefer privacy addresses and use them over the normal addresses</descr>
     </item>
-    <item>
-      <descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
+    <item uuid="9d3979d7-9c52-4f70-a766-e3d836847324">
       <tunable>net.inet.tcp.syncookies</tunable>
-      <value>default</value>
+      <value/>
+      <descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
     </item>
-    <item>
-      <descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
+    <item uuid="54bb7829-07e6-45ed-87db-49a439471d9a">
       <tunable>net.inet.tcp.recvspace</tunable>
-      <value>default</value>
+      <value/>
+      <descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
     </item>
-    <item>
-      <descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
+    <item uuid="4e149fc4-1ea1-4756-8cbf-ea6b54edd92f">
       <tunable>net.inet.tcp.sendspace</tunable>
-      <value>default</value>
+      <value/>
+      <descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
     </item>
-    <item>
-      <descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
+    <item uuid="adae6421-3815-4c2f-9e56-ec48d4a5fb4b">
       <tunable>net.inet.tcp.delayed_ack</tunable>
-      <value>default</value>
+      <value/>
+      <descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
     </item>
-    <item>
-      <descr>Maximum outgoing UDP datagram size</descr>
+    <item uuid="e89637dd-9690-46ac-bdd8-636a37b72f7a">
       <tunable>net.inet.udp.maxdgram</tunable>
-      <value>default</value>
+      <value/>
+      <descr>Maximum outgoing UDP datagram size</descr>
     </item>
-    <item>
-      <descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
+    <item uuid="d9dfc03a-8791-4e40-b782-c3125c9d02d5">
       <tunable>net.link.bridge.pfil_onlyip</tunable>
-      <value>default</value>
+      <value/>
+      <descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
     </item>
-    <item>
-      <descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
+    <item uuid="8fc5319f-a9e5-459c-9479-67d979b912f1">
       <tunable>net.link.bridge.pfil_local_phys</tunable>
-      <value>default</value>
+      <value/>
+      <descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
     </item>
-    <item>
-      <descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
+    <item uuid="feb81ef2-c372-4e93-8bfe-9e866b598f76">
       <tunable>net.link.bridge.pfil_member</tunable>
-      <value>default</value>
+      <value/>
+      <descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
     </item>
-    <item>
-      <descr>Set to 1 to enable filtering on the bridge interface</descr>
+    <item uuid="d2a342d5-9816-4e25-b0eb-161ddbdf5cd8">
       <tunable>net.link.bridge.pfil_bridge</tunable>
-      <value>default</value>
+      <value/>
+      <descr>Set to 1 to enable filtering on the bridge interface</descr>
     </item>
-    <item>
-      <descr>Allow unprivileged access to tap(4) device nodes</descr>
+    <item uuid="df3fa872-0fd7-4363-9c67-e582a3e12ca3">
       <tunable>net.link.tap.user_open</tunable>
-      <value>default</value>
+      <value/>
+      <descr>Allow unprivileged access to tap(4) device nodes</descr>
     </item>
-    <item>
-      <descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
+    <item uuid="688c8847-2589-4282-bc27-12a7f8d5688a">
       <tunable>kern.randompid</tunable>
-      <value>default</value>
+      <value/>
+      <descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
     </item>
-    <item>
-      <descr>Maximum size of the IP input queue</descr>
+    <item uuid="28f3ab06-277b-43d4-9e5e-0eb3ed6f4afa">
       <tunable>net.inet.ip.intr_queue_maxlen</tunable>
-      <value>default</value>
+      <value/>
+      <descr>Maximum size of the IP input queue</descr>
     </item>
-    <item>
-      <descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
+    <item uuid="2c710b63-0ce1-4058-9505-9df541e9f063">
       <tunable>hw.syscons.kbd_reboot</tunable>
-      <value>default</value>
+      <value/>
+      <descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
     </item>
-    <item>
-      <descr>Hint at default settings for serial console in case the autodetect is not working</descr>
+    <item uuid="5c951659-8762-4a31-b886-5d55709cd7e7">
       <tunable>hw.uart.console</tunable>
-      <value>default</value>
+      <value/>
+      <descr>Hint at default settings for serial console in case the autodetect is not working</descr>
     </item>
-    <item>
-      <descr>Enable TCP extended debugging</descr>
+    <item uuid="b8688914-daa2-4dbd-9d01-043ca63db0a5">
       <tunable>net.inet.tcp.log_debug</tunable>
-      <value>default</value>
+      <value/>
+      <descr>Enable TCP extended debugging</descr>
     </item>
-    <item>
-      <descr>Set ICMP Limits</descr>
+    <item uuid="a5691f11-cdc2-454a-a8a4-51c6f8f853f3">
       <tunable>net.inet.icmp.icmplim</tunable>
-      <value>default</value>
+      <value/>
+      <descr>Set ICMP Limits</descr>
     </item>
-    <item>
-      <descr>TCP Offload Engine</descr>
+    <item uuid="0e4135b4-461a-4d4f-936e-001fa58d4667">
       <tunable>net.inet.tcp.tso</tunable>
-      <value>default</value>
+      <value/>
+      <descr>TCP Offload Engine</descr>
     </item>
-    <item>
-      <descr>UDP Checksums</descr>
+    <item uuid="8ee6beb3-0ab9-4fa6-b667-2d3c08a83dd2">
       <tunable>net.inet.udp.checksum</tunable>
-      <value>default</value>
+      <value/>
+      <descr>UDP Checksums</descr>
     </item>
-    <item>
-      <descr>Maximum socket buffer size</descr>
+    <item uuid="a1e10575-d471-43fe-930e-20c77d78897b">
       <tunable>kern.ipc.maxsockbuf</tunable>
-      <value>default</value>
+      <value/>
+      <descr>Maximum socket buffer size</descr>
     </item>
-    <item>
-      <descr>Page Table Isolation (Meltdown mitigation, requires reboot.)</descr>
+    <item uuid="eabf308f-9894-4bfd-90bb-1a506c9a7108">
       <tunable>vm.pmap.pti</tunable>
-      <value>default</value>
+      <value/>
+      <descr>Page Table Isolation (Meltdown mitigation, requires reboot.)</descr>
     </item>
-    <item>
-      <descr>Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)</descr>
+    <item uuid="995fe235-6bd6-411a-b25c-6c09666f8031">
       <tunable>hw.ibrs_disable</tunable>
-      <value>default</value>
+      <value/>
+      <descr>Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)</descr>
     </item>
-    <item>
-      <descr>Hide processes running as other groups</descr>
+    <item uuid="212c6f5e-bcc1-44e1-b94f-b3fb18c97b60">
       <tunable>security.bsd.see_other_gids</tunable>
-      <value>default</value>
+      <value/>
+      <descr>Hide processes running as other groups</descr>
     </item>
-    <item>
-      <descr>Hide processes running as other users</descr>
+    <item uuid="9f95c1a9-633d-4c0b-b3fc-25e4aede784d">
       <tunable>security.bsd.see_other_uids</tunable>
-      <value>default</value>
+      <value/>
+      <descr>Hide processes running as other users</descr>
     </item>
-    <item>
+    <item uuid="94ec46c8-81bb-45d4-a4b3-bf578dfa4a36">
+      <tunable>net.inet.ip.redirect</tunable>
+      <value>0</value>
       <descr>Enable/disable sending of ICMP redirects in response to IP packets for which a better,
         and for the sender directly reachable, route and next hop is known.
       </descr>
-      <tunable>net.inet.ip.redirect</tunable>
-      <value>0</value>
     </item>
-    <item>
+    <item uuid="44f0a82f-be39-4739-9210-d4ebbe651d84">
+      <tunable>net.inet.icmp.drop_redirect</tunable>
+      <value>1</value>
       <descr>
         Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects
         to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect
         packets without returning a response.
       </descr>
-      <tunable>net.inet.icmp.drop_redirect</tunable>
-      <value>1</value>
     </item>
-    <item>
-      <descr>Maximum outgoing UDP datagram size</descr>
+    <item uuid="a3d12be1-a443-40d0-a54e-89b525dc0390">
       <tunable>net.local.dgram.maxdgram</tunable>
-      <value>default</value>
+      <value/>
+      <descr>Maximum outgoing UDP datagram size</descr>
     </item>
-    <item>
+    <item uuid="abdce8f4-c9c3-42f8-b9a5-763c452d371e">
       <tunable>dev.netmap.buf_num</tunable>
       <value>1000000</value>
       <descr>Automatically added by Zenarmor: Netmap Generic/Native Driver</descr>
@@ -220,35 +220,51 @@
     <hostname>gondor2</hostname>
     <domain>dss.mywire.org</domain>
     <dnsallowoverride>1</dnsallowoverride>
-    <group>
-      <name>admins</name>
-      <description>System Administrators</description>
-      <scope>system</scope>
+    <group uuid="1be47588-447d-4be6-b18c-b765e9f73038">
       <gid>1999</gid>
-      <member>0</member>
-      <member>2000</member>
-      <priv>page-all</priv>
-    </group>
-    <user>
-      <name>root</name>
-      <descr>System Administrator</descr>
+      <name>admins</name>
       <scope>system</scope>
-      <groupname>admins</groupname>
-      <password>$2y$10$V5R3OFK0X8dz/shqsIj3AuuhVvT/TR8gA6u9s.j0gknxplOMg4tyC</password>
+      <description>System Administrators</description>
+      <priv>page-all</priv>
+      <member>0,2000</member>
+    </group>
+    <user uuid="ac2e88a0-7806-475a-bbbc-0f9c23edd8b5">
       <uid>0</uid>
-    </user>
-    <user>
-      <password>$2y$11$77rIEmn8xjecWoKfve.cZ.Fb5PIDN6PR8mM4MdlHubJiuBMiWacqW</password>
-      <scope>user</scope>
-      <name>dion</name>
-      <descr>Dion</descr>
+      <name>root</name>
+      <disabled>0</disabled>
+      <scope>system</scope>
       <expires/>
       <authorizedkeys/>
-      <ipsecpsk/>
-      <otp_seed>LYA2AG53OBHL35L6NMGE4KEM4ZPHYAWI</otp_seed>
-      <email>dionscarman@gmail.com</email>
+      <otp_seed/>
+      <shell/>
+      <password>$2y$10$V5R3OFK0X8dz/shqsIj3AuuhVvT/TR8gA6u9s.j0gknxplOMg4tyC</password>
+      <landing_page/>
+      <comment/>
+      <email/>
+      <apikeys/>
+      <priv/>
+      <language/>
+      <descr>System Administrator</descr>
+      <dashboard/>
+    </user>
+    <user uuid="cdc7df4f-c56d-4912-ae33-cfdba8928db7">
       <uid>2000</uid>
-      <cert>65b4a1c0bffcf</cert>
+      <name>dion</name>
+      <disabled>0</disabled>
+      <scope>user</scope>
+      <expires/>
+      <authorizedkeys/>
+      <otp_seed>LYA2AG53OBHL35L6NMGE4KEM4ZPHYAWI</otp_seed>
+      <shell/>
+      <password>$2y$11$77rIEmn8xjecWoKfve.cZ.Fb5PIDN6PR8mM4MdlHubJiuBMiWacqW</password>
+      <landing_page/>
+      <comment/>
+      <email>dionscarman@gmail.com</email>
+      <apikeys/>
+      <priv/>
+      <language/>
+      <descr>Dion</descr>
+      <dashboard/>
     </user>
     <nextuid>2001</nextuid>
     <nextgid>2000</nextgid>
@@ -4647,8 +4663,8 @@ e+7APPmE4+Hdfyhcws1MAAAAG3Jvb3RAZ29uZG9yMi5kc3MubXl3aXJlLm9yZwEC&#xD;
   </widgets>
   <revision>
     <username>(system)</username>
-    <description>/usr/local/opnsense/scripts/firmware/register.php made changes</description>
-    <time>1741869454.5248</time>
+    <description>/usr/local/opnsense/mvc/script/run_migrations.php made changes</description>
+    <time>1741875021.365</time>
   </revision>
   <OPNsense>
     <Firewall>
@@ -5243,7 +5259,7 @@ e+7APPmE4+Hdfyhcws1MAAAAG3Jvb3RAZ29uZG9yMi5kc3MubXl3aXJlLm9yZwEC&#xD;
       <queues/>
       <rules/>
     </TrafficShaper>
-    <unboundplus version="1.0.11">
+    <unboundplus version="1.0.12">
       <general>
         <enabled>1</enabled>
         <port>53</port>
@@ -6373,7 +6389,7 @@ e+7APPmE4+Hdfyhcws1MAAAAG3Jvb3RAZ29uZG9yMi5kc3MubXl3aXJlLm9yZwEC&#xD;
       </client>
     </wireguard>
     <Kea>
-      <dhcp4 version="1.0.2">
+      <dhcp4 version="1.0.3">
         <general>
           <enabled>0</enabled>
           <interfaces/>
@@ -6754,9 +6770,7 @@ e+7APPmE4+Hdfyhcws1MAAAAG3Jvb3RAZ29uZG9yMi5kc3MubXl3aXJlLm9yZwEC&#xD;
   <staticroutes version="1.0.0">
     <route/>
   </staticroutes>
-  <virtualip version="1.0.0">
-    <vip/>
-  </virtualip>
+  <virtualip version="1.0.1"/>
   <bridges>
     <bridged/>
   </bridges>
@@ -6770,15 +6784,35 @@ e+7APPmE4+Hdfyhcws1MAAAAG3Jvb3RAZ29uZG9yMi5kc3MubXl3aXJlLm9yZwEC&#xD;
     <clone/>
   </wireless>
   <ifgroups version="1.0.0"/>
-  <hasync version="1.0.1">
+  <hasync version="1.0.2">
     <disablepreempt>0</disablepreempt>
     <disconnectppps>0</disconnectppps>
     <pfsyncinterface/>
     <pfsyncpeerip/>
     <pfsyncversion>1400</pfsyncversion>
     <synchronizetoip/>
+    <verifypeer>0</verifypeer>
     <username/>
     <password/>
     <syncitems/>
   </hasync>
+  <dnsmasq version="1.0.0">
+    <enable/>
+    <regdhcp/>
+    <regdhcpstatic/>
+    <dhcpfirst/>
+    <strict_order/>
+    <domain_needed/>
+    <no_private_reverse/>
+    <log_queries/>
+    <no_hosts/>
+    <strictbind/>
+    <dnssec/>
+    <regdhcpdomain/>
+    <interface/>
+    <port/>
+    <dns_forward_max/>
+    <cache_size/>
+    <local_ttl/>
+  </dnsmasq>
 </opnsense>