/firewall_rules.php made changes @ 2025-08-21T01:11:23.310000 (root@10.0.20.24)

config.xml

@@ -214,6 +214,11 @@
       <value>1000000</value>
       <descr>Automatically added by Zenarmor: Netmap Generic/Native Driver</descr>
     </item>
+    <item>
+      <tunable>dev.netmap.ring_num</tunable>
+      <value>1024</value>
+      <descr>Automatically added by Zenarmor</descr>
+    </item>
   </sysctl>
   <system>
     <optimization>normal</optimization>
@@ -321,13 +326,13 @@
         <enabled>1</enabled>
         <url>ssh://docker.dss.mywire.org:222/opnsense/OPNsense.git</url>
         <branch>main</branch>
-        <privkey>-----BEGIN OPENSSH PRIVATE KEY-----&#xD;
+        <privkey>-----BEGIN OPENSSH PRIVATE KEY-----&#13;
-b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW&#xD;
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW&#13;
-QyNTUxOQAAACDP5vkf5UfCrx0gxRfPWKyplHvuwDz5hOPh3X8oXMLNTAAAAKAgiKUyIIil&#xD;
+QyNTUxOQAAACDP5vkf5UfCrx0gxRfPWKyplHvuwDz5hOPh3X8oXMLNTAAAAKAgiKUyIIil&#13;
-MgAAAAtzc2gtZWQyNTUxOQAAACDP5vkf5UfCrx0gxRfPWKyplHvuwDz5hOPh3X8oXMLNTA&#xD;
+MgAAAAtzc2gtZWQyNTUxOQAAACDP5vkf5UfCrx0gxRfPWKyplHvuwDz5hOPh3X8oXMLNTA&#13;
-AAAEDJKcyJaUCgNMTKViAR3qCMCgL5oRU0AbdG0q29IDGpQ8/m+R/lR8KvHSDFF89YrKmU&#xD;
+AAAEDJKcyJaUCgNMTKViAR3qCMCgL5oRU0AbdG0q29IDGpQ8/m+R/lR8KvHSDFF89YrKmU&#13;
-e+7APPmE4+Hdfyhcws1MAAAAG3Jvb3RAZ29uZG9yMi5kc3MubXl3aXJlLm9yZwEC&#xD;
+e+7APPmE4+Hdfyhcws1MAAAAG3Jvb3RAZ29uZG9yMi5kc3MubXl3aXJlLm9yZwEC&#13;
------END OPENSSH PRIVATE KEY-----&#xD;
+-----END OPENSSH PRIVATE KEY-----&#13;
 </privkey>
         <user>git</user>
         <password/>
@@ -352,7 +357,7 @@ e+7APPmE4+Hdfyhcws1MAAAAG3Jvb3RAZ29uZG9yMi5kc3MubXl3aXJlLm9yZwEC&#xD;
     <firmware version="1.0.1">
       <mirror/>
       <flavour/>
-      <plugins>os-acme-client,os-ddclient,os-git-backup,os-nginx,os-sensei,os-sunnyvalley,os-wol</plugins>
+      <plugins>os-acme-client,os-ddclient,os-gdrive-backup,os-git-backup,os-nginx,os-sensei,os-sunnyvalley,os-wol</plugins>
       <type/>
       <subscription/>
     </firmware>
@@ -3530,6 +3535,60 @@ e+7APPmE4+Hdfyhcws1MAAAAG3Jvb3RAZ29uZG9yMi5kc3MubXl3aXJlLm9yZwEC&#xD;
         <description>/firewall_rules_edit.php made changes</description>
       </created>
     </rule>
+    <rule uuid="6bf775da-c6c0-4e7c-aae9-3d7ab7224ac3">
+      <type>pass</type>
+      <interface>opt2</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>allow NFS to debian</descr>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>tcp/udp</protocol>
+      <source>
+        <address>10.0.20.101/32</address>
+      </source>
+      <destination>
+        <address>TrueNAS</address>
+        <port>2049</port>
+      </destination>
+      <updated>
+        <username>root@10.0.20.24</username>
+        <time>1755704450.50</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@10.0.20.24</username>
+        <time>1755704450.50</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="f252e56d-17a1-4fe3-809a-50bee17074c7">
+      <type>pass</type>
+      <interface>opt2</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>allow NFS to debian</descr>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>tcp/udp</protocol>
+      <source>
+        <address>10.0.20.101</address>
+      </source>
+      <destination>
+        <address>TrueNAS</address>
+        <port>111</port>
+      </destination>
+      <updated>
+        <username>root@10.0.20.24</username>
+        <time>1755704415.90</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>root@10.0.20.24</username>
+        <time>1755704415.90</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
     <rule uuid="45556904-9b06-478a-bf1f-606055aead04">
       <type>pass</type>
       <interface>opt2</interface>
@@ -4857,8 +4916,8 @@ e+7APPmE4+Hdfyhcws1MAAAAG3Jvb3RAZ29uZG9yMi5kc3MubXl3aXJlLm9yZwEC&#xD;
   </widgets>
   <revision>
     <username>root@10.0.20.24</username>
-    <description>/services_dhcp_edit.php made changes</description>
+    <description>/firewall_rules.php made changes</description>
-    <time>1754137184.1474</time>
+    <time>1755704483.31</time>
   </revision>
   <OPNsense>
     <Firewall>
@@ -5224,7 +5283,7 @@ e+7APPmE4+Hdfyhcws1MAAAAG3Jvb3RAZ29uZG9yMi5kc3MubXl3aXJlLm9yZwEC&#xD;
         <onetoone/>
       </Filter>
     </Firewall>
-    <captiveportal version="1.0.2">
+    <captiveportal version="1.0.4">
       <zones/>
       <templates/>
     </captiveportal>
@@ -5269,12 +5328,14 @@ e+7APPmE4+Hdfyhcws1MAAAAG3Jvb3RAZ29uZG9yMi5kc3MubXl3aXJlLm9yZwEC&#xD;
         </eveLog>
       </general>
     </IDS>
-    <IPsec version="1.0.3">
+    <IPsec version="1.0.4">
       <general>
         <enabled/>
         <preferred_oldsa>0</preferred_oldsa>
         <disablevpnrules>0</disablevpnrules>
         <passthrough_networks/>
+        <user_source/>
+        <local_group/>
       </general>
       <charon>
         <max_ikev1_exchanges/>
@@ -5283,6 +5344,8 @@ e+7APPmE4+Hdfyhcws1MAAAAG3Jvb3RAZ29uZG9yMi5kc3MubXl3aXJlLm9yZwEC&#xD;
         <ikesa_table_segments>4</ikesa_table_segments>
         <init_limit_half_open>1000</init_limit_half_open>
         <ignore_acquire_ts>1</ignore_acquire_ts>
+        <install_routes>0</install_routes>
+        <cisco_unity>0</cisco_unity>
         <make_before_break/>
         <retransmit_tries/>
         <retransmit_timeout/>
@@ -5313,6 +5376,29 @@ e+7APPmE4+Hdfyhcws1MAAAAG3Jvb3RAZ29uZG9yMi5kc3MubXl3aXJlLm9yZwEC&#xD;
             <tnc>1</tnc>
           </daemon>
         </syslog>
+        <plugins>
+          <attr>
+            <subnet/>
+            <split-include/>
+            <x_28674/>
+            <x_28675/>
+            <x_28672/>
+            <x_28673>0</x_28673>
+            <x_28679/>
+            <dns/>
+            <nbns/>
+          </attr>
+          <eap-radius>
+            <servers/>
+            <accounting>0</accounting>
+            <class_group>0</class_group>
+          </eap-radius>
+          <xauth-pam>
+            <pam_service>ipsec</pam_service>
+            <session>0</session>
+            <trim_email>1</trim_email>
+          </xauth-pam>
+        </plugins>
       </charon>
       <keyPairs/>
       <preSharedKeys/>
@@ -5854,7 +5940,7 @@ e+7APPmE4+Hdfyhcws1MAAAAG3Jvb3RAZ29uZG9yMi5kc3MubXl3aXJlLm9yZwEC&#xD;
     </HAProxy>
     <cron version="1.0.4">
       <jobs>
-        <job uuid="276ce20c-5193-4f69-b975-b82e23405c20">
+        <job uuid="36d736a5-dce6-4e96-a506-52e7ef6ca617">
           <origin>Zenarmor</origin>
           <enabled>1</enabled>
           <minutes>*</minutes>
@@ -5869,7 +5955,7 @@ e+7APPmE4+Hdfyhcws1MAAAAG3Jvb3RAZ29uZG9yMi5kc3MubXl3aXJlLm9yZwEC&#xD;
         </job>
       </jobs>
     </cron>
-    <AcmeClient version="4.2.0">
+    <AcmeClient version="4.3.0" persisted_at="1755684060.74">
       <settings>
         <enabled>0</enabled>
         <autoRenewal>0</autoRenewal>
@@ -6154,6 +6240,8 @@ e+7APPmE4+Hdfyhcws1MAAAAG3Jvb3RAZ29uZG9yMi5kc3MubXl3aXJlLm9yZwEC&#xD;
           <dns_nic_password/>
           <dns_nic_client/>
           <dns_nic_secret/>
+          <dns_websupport_api_key/>
+          <dns_websupport_api_secret/>
           <dns_world4you_username/>
           <dns_world4you_password/>
           <dns_aurora_key/>
@@ -6174,6 +6262,7 @@ e+7APPmE4+Hdfyhcws1MAAAAG3Jvb3RAZ29uZG9yMi5kc3MubXl3aXJlLm9yZwEC&#xD;
           <dns_rackspace_key/>
           <dns_rage4_token/>
           <dns_rage4_user/>
+          <dns_scaleway_token/>
         </validation>
         <validation uuid="f3b8ea57-92f8-4f3a-b83d-60821988f6ef">
           <id>60749378bb3d08.12067917</id>
@@ -6406,6 +6495,8 @@ e+7APPmE4+Hdfyhcws1MAAAAG3Jvb3RAZ29uZG9yMi5kc3MubXl3aXJlLm9yZwEC&#xD;
           <dns_nic_password/>
           <dns_nic_client/>
           <dns_nic_secret/>
+          <dns_websupport_api_key/>
+          <dns_websupport_api_secret/>
           <dns_world4you_username/>
           <dns_world4you_password/>
           <dns_aurora_key/>
@@ -6426,6 +6517,7 @@ e+7APPmE4+Hdfyhcws1MAAAAG3Jvb3RAZ29uZG9yMi5kc3MubXl3aXJlLm9yZwEC&#xD;
           <dns_rackspace_key/>
           <dns_rage4_token/>
           <dns_rage4_user/>
+          <dns_scaleway_token/>
         </validation>
       </validations>
       <actions/>
@@ -6583,9 +6675,10 @@ e+7APPmE4+Hdfyhcws1MAAAAG3Jvb3RAZ29uZG9yMi5kc3MubXl3aXJlLm9yZwEC&#xD;
       </client>
     </wireguard>
     <Kea>
-      <dhcp4 version="1.0.3">
+      <dhcp4 version="1.0.4" persisted_at="1755684059.72">
         <general>
           <enabled>0</enabled>
+          <manual_config>0</manual_config>
           <interfaces/>
           <valid_lifetime>4000</valid_lifetime>
           <fwrules>1</fwrules>
@@ -6607,6 +6700,24 @@ e+7APPmE4+Hdfyhcws1MAAAAG3Jvb3RAZ29uZG9yMi5kc3MubXl3aXJlLm9yZwEC&#xD;
           <http_port>8000</http_port>
         </general>
       </ctrl_agent>
+      <dhcp6 version="1.0.0">
+        <general>
+          <enabled>0</enabled>
+          <manual_config>0</manual_config>
+          <interfaces/>
+          <valid_lifetime>4000</valid_lifetime>
+          <fwrules>1</fwrules>
+        </general>
+        <ha>
+          <enabled>0</enabled>
+          <this_server_name/>
+          <max_unacked_clients>2</max_unacked_clients>
+        </ha>
+        <subnets/>
+        <reservations/>
+        <pd_pools/>
+        <ha_peers/>
+      </dhcp6>
     </Kea>
     <Zenarmor version="0.0.0">
       <zenvpn>
@@ -6621,16 +6732,23 @@ e+7APPmE4+Hdfyhcws1MAAAAG3Jvb3RAZ29uZG9yMi5kc3MubXl3aXJlLm9yZwEC&#xD;
         <enabled>false</enabled>
         <exemptDeviceCategories/>
         <redirectBaseUrl/>
+        <sessionExpireTimeout>86400</sessionExpireTimeout>
+        <sessionInactivityTimeout>28800</sessionInactivityTimeout>
       </sso>
+      <cti>
+        <enabled>false</enabled>
+        <globalCtiHost>cti.zenarmor.net</globalCtiHost>
+        <globalCtiPort>2096</globalCtiPort>
+      </cti>
       <general>
-        <installTimestamp>1741869403</installTimestamp>
+        <installTimestamp>1755680587</installTimestamp>
-        <heartbeatTimer>40 1,9,18 * * *</heartbeatTimer>
+        <heartbeatTimer>45 1,9,18 * * *</heartbeatTimer>
         <coreFileEnable>false</coreFileEnable>
         <showWanIface>false</showWanIface>
         <flavor>100</flavor>
         <healthCheck>true</healthCheck>
         <healthShare>true</healthShare>
-        <healthTimer>1,11,21,31,41,51 * * * *</healthTimer>
+        <healthTimer>6,16,26,36,46,56 * * * *</healthTimer>
         <heartbeatMonit>true</heartbeatMonit>
         <heartbeatData>true</heartbeatData>
         <hwbypass>false</hwbypass>
@@ -6967,9 +7085,7 @@ e+7APPmE4+Hdfyhcws1MAAAAG3Jvb3RAZ29uZG9yMi5kc3MubXl3aXJlLm9yZwEC&#xD;
   <virtualip version="1.0.1">
     <vip/>
   </virtualip>
-  <bridges>
+  <bridges version="1.0.0"/>
-    <bridged/>
-  </bridges>
   <gifs version="1.0.0"/>
   <gres version="1.0.0"/>
   <dhcpdv6/>
@@ -6992,7 +7108,7 @@ e+7APPmE4+Hdfyhcws1MAAAAG3Jvb3RAZ29uZG9yMi5kc3MubXl3aXJlLm9yZwEC&#xD;
     <password/>
     <syncitems/>
   </hasync>
-  <dnsmasq version="1.0.0">
+  <dnsmasq version="1.0.7">
     <enable/>
     <regdhcp/>
     <regdhcpstatic/>
@@ -7000,6 +7116,7 @@ e+7APPmE4+Hdfyhcws1MAAAAG3Jvb3RAZ29uZG9yMi5kc3MubXl3aXJlLm9yZwEC&#xD;
     <strict_order/>
     <domain_needed/>
     <no_private_reverse/>
+    <no_resolv>0</no_resolv>
     <log_queries/>
     <no_hosts/>
     <strictbind/>
@@ -7010,5 +7127,20 @@ e+7APPmE4+Hdfyhcws1MAAAAG3Jvb3RAZ29uZG9yMi5kc3MubXl3aXJlLm9yZwEC&#xD;
     <dns_forward_max/>
     <cache_size/>
     <local_ttl/>
+    <add_mac/>
+    <add_subnet>0</add_subnet>
+    <strip_subnet>0</strip_subnet>
+    <dhcp>
+      <no_interface/>
+      <fqdn>1</fqdn>
+      <domain/>
+      <lease_max/>
+      <authoritative>0</authoritative>
+      <default_fw_rules>1</default_fw_rules>
+      <reply_delay/>
+      <enable_ra>0</enable_ra>
+      <nosync>0</nosync>
+    </dhcp>
+    <no_ident>1</no_ident>
   </dnsmasq>
 </opnsense>