opnsense Increase UFS read-ahead speeds to match the state of hard drives and NCQ. vfs.read_max default Set the ephemeral port range to be lower. net.inet.ip.portrange.first default Drop packets to closed TCP ports without returning a RST net.inet.tcp.blackhole default Do not send ICMP port unreachable messages for closed UDP ports net.inet.udp.blackhole default Randomize the ID field in IP packets net.inet.ip.random_id default Source routing is another way for an attacker to try to reach non-routable addresses behind your box. It can also be used to probe for information about your internal networks. These functions come enabled as part of the standard FreeBSD core system. net.inet.ip.sourceroute default Source routing is another way for an attacker to try to reach non-routable addresses behind your box. It can also be used to probe for information about your internal networks. These functions come enabled as part of the standard FreeBSD core system. net.inet.ip.accept_sourceroute default This option turns off the logging of redirect packets because there is no limit and this could fill up your logs consuming your whole hard drive. net.inet.icmp.log_redirect default Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway) net.inet.tcp.drop_synfin default Enable sending IPv6 redirects net.inet6.ip6.redirect default Enable privacy settings for IPv6 (RFC 4941) net.inet6.ip6.use_tempaddr default Prefer privacy addresses and use them over the normal addresses net.inet6.ip6.prefer_tempaddr default Generate SYN cookies for outbound SYN-ACK packets net.inet.tcp.syncookies default Maximum incoming/outgoing TCP datagram size (receive) net.inet.tcp.recvspace default Maximum incoming/outgoing TCP datagram size (send) net.inet.tcp.sendspace default Do not delay ACK to try and piggyback it onto a data packet net.inet.tcp.delayed_ack default Maximum outgoing UDP datagram size net.inet.udp.maxdgram default Handling of non-IP packets which are not passed to pfil (see if_bridge(4)) net.link.bridge.pfil_onlyip default Set to 1 to additionally filter on the physical interface for locally destined packets net.link.bridge.pfil_local_phys default Set to 0 to disable filtering on the incoming and outgoing member interfaces. net.link.bridge.pfil_member default Set to 1 to enable filtering on the bridge interface net.link.bridge.pfil_bridge default Allow unprivileged access to tap(4) device nodes net.link.tap.user_open default Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid()) kern.randompid default Maximum size of the IP input queue net.inet.ip.intr_queue_maxlen default Disable CTRL+ALT+Delete reboot from keyboard. hw.syscons.kbd_reboot default Hint at default settings for serial console in case the autodetect is not working hw.uart.console default Enable TCP extended debugging net.inet.tcp.log_debug default Set ICMP Limits net.inet.icmp.icmplim default TCP Offload Engine net.inet.tcp.tso default UDP Checksums net.inet.udp.checksum default Maximum socket buffer size kern.ipc.maxsockbuf default Page Table Isolation (Meltdown mitigation, requires reboot.) vm.pmap.pti default Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation) hw.ibrs_disable default Hide processes running as other groups security.bsd.see_other_gids default Hide processes running as other users security.bsd.see_other_uids default Enable/disable sending of ICMP redirects in response to IP packets for which a better, and for the sender directly reachable, route and next hop is known. net.inet.ip.redirect 0 Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect packets without returning a response. net.inet.icmp.drop_redirect 1 Maximum outgoing UDP datagram size net.local.dgram.maxdgram default dev.netmap.buf_num 1000000 Automatically added by Zenarmor: Netmap Generic/Native Driver normal gondor2 dss.mywire.org 1 admins System Administrators system 1999 0 2000 page-all root System Administrator system admins $2y$10$V5R3OFK0X8dz/shqsIj3AuuhVvT/TR8gA6u9s.j0gknxplOMg4tyC 0 $2y$11$77rIEmn8xjecWoKfve.cZ.Fb5PIDN6PR8mM4MdlHubJiuBMiWacqW user dion Dion LYA2AG53OBHL35L6NMGE4KEM4ZPHYAWI dionscarman@gmail.com 2000 65b4a1c0bffcf 2001 2000 Australia/Adelaide 0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org http 60132b5e4fc3d 8004 1 yes 1 1 1 1 1 hadp hadp hadp monthly aesni 1 1 admins 1 enabled 1 1 0 OPNsense-Backup 1 ssh://omv.dss.mywire.org:222/opnsense/OPNsense.git main -----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW QyNTUxOQAAACDP5vkf5UfCrx0gxRfPWKyplHvuwDz5hOPh3X8oXMLNTAAAAKAgiKUyIIil MgAAAAtzc2gtZWQyNTUxOQAAACDP5vkf5UfCrx0gxRfPWKyplHvuwDz5hOPh3X8oXMLNTA AAAEDJKcyJaUCgNMTKViAR3qCMCgL5oRU0AbdG0q29IDGpQ8/m+R/lR8KvHSDFF89YrKmU e+7APPmE4+Hdfyhcws1MAAAAG3Jvb3RAZ29uZG9yMi5kc3MubXl3aXJlLm9yZwEC -----END OPENSSH PRIVATE KEY----- git en_US none none none none none none none none 1 os-acme-client,os-ddclient,os-git-backup,os-nginx,os-sensei,os-sensei-updater,os-sunnyvalley,os-wol 5 on 111886561813089399264 MIIJqwIBAzCCCWQGCSqGSIb3DQEHAaCCCVUEgglRMIIJTTCCBXEGCSqGSIb3DQEHAaCCBWIEggVeMIIFWjCCBVYGCyqGSIb3DQEMCgECoIIE+zCCBPcwKQYKKoZIhvcNAQwBAzAbBBRiGwbZITGFKChy8NvSZlOi7IrsNgIDAMNQBIIEyPsBv2zebWc1uCSr8XP+yEa6QHnFez9TU13S2x61/NN2bVWqyRrLdbNjykZU4xYpVe94cMSxOYD7nUJMdJ8HmSXaVji555vrMB+5ZtiM2Lk6Hj72vVnShZUO+vYTp0+pCO+vYLdJMDoeAIFpFMClpIAEqBfgSY0tHBRiX3QJ4nFL0T82fMgaLef1hTl5tuyhGUcLA37Eoo3kgXHESyvrsbw6ZU5ud0VXpxey7pFKKHl7CFeXNWBSiNbBFp/qpT0sHrDyeXllLiSg/cC9iofyqdo9L90tYKdCtdRg5NHWuxXbjDoztSvBndDE9VwtQ7YkPytk/sL/v7nrUzHImxJ3I0W49N6yto0FGrM0oLWq0VnfeN42n3eqqzhfqcki65q7uwOQa+B/oV3eihOsROJbYXSO5UFwEsxLxZLB3EDPkVpblcG5/1tsEz5JZcTz/3ivtUHajRC/XsXLCyuNFl9ypN0xVyVt9KpmJaabZAtaH/6YOp3OzCMGwbABHAKiuSuZ5UJaB7wUQgzB8bwMCmGkKQz+Z1rADiciTNkpPqHE5sdpgpox7c55T6KWMPXXCjqkHbhpGZFTN03BVekTlpH+cEq4MxUbliDHW1jT2a1XXkfoHO8fUXOoHw7snUV2Wuw96H9Xtpr8fuftfV/qvZcWNla/Uq9aOL85MaFWEJ8HEAt8uoiT0yJkMuyIVPS5ZOWKbYV2zYx39YueRgzzxX4hZ6OY+L3Pb9G2uqfUJG1R8gL6/yvZqPp8XhAr7Cmua0MuO48b65DN6q+42TupOQZlYI0nhIRhlHae0qI/sdVaifOI7Qv2R8Adi+0CRjOYVDiDDE3b8o8goa8QMS3eJB1tuYd9IO/3hPfmvZutrAJkkj8U7+EapHflUZDw1sRIYa7xnSGbhAQSZHOPqEJkBL2S54lzCAhEczKG+NZx/Lmc+1/5D9BF6zEhXFn3miIl41YXu4ylqMekZv5iAVYYZStJ4IABzS6dwETGz4o7f0RrJmTx/mTbWSK3BpUg+h1gBepKXDymwZ+BjjRPkmWnKelq/XQwMu9s8n2fFRgPOQJRUwNjW1pyTokBcikZV9pCcaeC0I0G6f0c623V1ZyPSQfw+liEi4xX4ksAlwoW6s2aUGaVcBh8c7f6hsuMZYZNBsduLAbALyMMO5cQpYV2KZB0lbDcbZSWYdekoXqmmOJmOTu3Jxsr7/BEeimOy3ni4y8UAmWY40G8y4G7ECEwEnhqq6lwumbi4Iic1krRppKjmK3CktoXWMwqvUEvtTr729AIV5enKJVnLmOfoeIFdW2MPy7IOSIcJJYMJPWChmyx6ucbKpq/LheG7EI5X5lYIn13pqnC3B5IW5Lw65thcBpHgOZyZ3IX8Y9DJ8AkeDGQeSChv+N4rjAGG4LEeQSKTSZfy6jVGdhqgxIfZGVvC96ZSVaRCDa0pkHjWNm64rulb5ptQVlc+yi+UDOzCzZdulRMEVDh6fIA+F9iDoK7imLsRwo4Fiz/s7SqoHsaD+1yu6KD9gwkCOMl01/o6hlt6GQE/UXRQFl/QGGbV6l/FF6yuqgJpR2VzH+VHnKtscESvR40bVf9OyRVMCaitgMuI5tx5yNwolSI3OShrQRQfU6FTF8gZwEFfyp1lDFIMCMGCSqGSIb3DQEJFDEWHhQAcAByAGkAdgBhAHQAZQBrAGUAeTAhBgkqhkiG9w0BCRUxFAQSVGltZSAxNzA2NTEwMTcxMjE0MIID1AYJKoZIhvcNAQcGoIIDxTCCA8ECAQAwggO6BgkqhkiG9w0BBwEwKQYKKoZIhvcNAQwBBjAbBBSbVNl6gddLNCPG4nPmr7z60ft8bAIDAMNQgIIDgKqgPYiykK+RjbqxXAgctRl5byM+gRlsZHxrnB5Zoap4cprSm28RZ5lIuoS4N4kjbs2MjbnCaXC3LjFnSLpiqWuzU8XVAE3Us9owKsnOJzoAyJ2c+/7NXHqaxAXnFuCEuhSpgca9Rnjoz2FP3Wlgr44jFs4tiroWwOLHnnPRUj/WX5OoDIw6Rmn3bFF+Zy63ymauF9W2pW1e32PMUzV18FgcZsr+Su3lsKz0EVi1HTs6qid0bXhF7Tk8FThCtJlB/Q3SzwsJ3rh2A7JimlWrHqocK366WyHD+h0Kcj6UBTzxzgwFoZe3f2EBnoxh/uI6CNG9cIwWbemGrMctf85jPpUq3/C1z/DP3o1KzUydXuFekCH3j/wRniDc9B4/hZq2wPbR4sCFFb0T7wwIXrMkoFXdLnyg0Em4AS6zbzugiOunOlpBLKvFZSayw+1JR52vBwCYsmtwCRwkftXkCJzgX+wORjj/8SHZrUis3EBsgld6Ziuf+o8tdVKrXCIpkRehsvHcKPWRGK3RrPwabYrmXkFGrP+sZsDjkCBGD9kULSlY3DZ1yJrM84ENUMQdxV8t5UMMeCpzKaKJD7uEA2G+LcGSIuRDP+FNfrMVlm5/fQQ2O6YD8pqH6qOWsmLLmesn8+F69vluXB28MddcC2Lxz7aH+1v3QQqju2C2E9L8Zncl5mcTru+AlNTn8gA3IB9Z5OnK41IXCr4VzkAG1WyQ5lSzWZZ8G0cgc8+kUq3j8DYfy76RqC6xVlSrLkypL8gVzmEDIXplvO1fJAn7X+liyaIlthzy/znGWcGcMMkzpA7/DubvmwOKibqx6DAob6390GK6Ala17w+/Qt5ZYHkCClqDcC3FJhFBX7TzoleJZ7l3cITt2vvuPQM7xMk8Gwvb8Pu9hJqqj3gvgCM3Nv/4FRIZxcl5xHMx1AfKgmorx/ZeQ1wMGAk2GDLiOlV6n4BEHr3zrFr7MYR0YjchIxTPsYA/DKylXy6Jy4bJJoGwzo7fK9SmatEFWYJAR/F0R9doBJCUtaPnZKwe+VoQ1QnHThd6LF14SIdeVi+XpIYYjHSCCX8bB18wQOJbd9Eadc441xmTJ64KqPZHDP89AE0ZijZlhPbCUIokJQCt8eTjh+mQAtjb6kDLcve7vqWpRrK9UJ2dNPqr/qvlpQi1UNiDIdsJXtigUs8JAA73BpoW3Kv5MD4wITAJBgUrDgMCGgUABBQE5BctNk/Q49nQSwbxKl2rv9XjOQQU0QcfBgrYmUNhr/047aDhddePCtMCAwGGoA== 1rq_I9W6E96oWuB5tfzLYR2M6Zc_2bgpc on 10 tQ;ELd8"%YW=@VB pppoe0 NBNwired 1 1 1 1 pppoe vtnet1 1 10.0.1.1 24 1 Loopback 1 lo0 127.0.0.1 ::1 8 128 none 1 1 1 openvpn OpenVPN group 1 vlan01 Servers 1 10.0.10.1 24 vlan02 General 1 10.0.20.1 24 vlan03 IOTnetwork 1 10.0.30.1 24 vlan04 Guest 1 1 10.0.40.1 24 1 WireGuard (Group) wireguard 1 1 group wg0 WireGuardVPN 1 1 vlan05 Kids 1 1 10.0.50.1 24 1 hmac-md5 10.0.1.200 10.0.1.245 10.0.1.4 bc:24:11:a7:1a:ea 10.0.1.4 shelob Pi-Hole server 10.0.1.1 e0:3f:49:b2:12:35 10.0.1.11 omv OpenMediaVault 86400 00:26:6c:28:0a:a1 10.0.1.12 proxmox ba:f3:5a:9e:b7:33 10.0.1.15 nginx nginx reverse proxy server 86:fa:fd:13:d4:25 10.0.1.23 heimdall heimdall application dashboard de:f9:0c:c1:d5:5c 10.0.1.24 jellyfin 52:81:b4:45:f0:0a 10.0.1.25 elrond 4a:91:89:08:73:d8 10.0.1.26 boromir e2:8b:aa:80:6b:a6 10.0.1.27 ansible debian ct on rohan 8e:61:fc:24:89:85 10.0.1.41 certbot-vm certbot vm for testing 4a:02:45:30:ea:02 10.0.1.100 debian 18:c0:4d:db:2a:7c 10.0.1.101 SimRig Sim Racing PC f4:8c:50:1a:36:9b 10.0.1.102 dion-latitude 66:a3:f0:c7:5e:89 10.0.1.103 debian2 debian2 vm 7a:3b:72:16:fd:b3 10.0.1.104 vm-desktop alpine linux with wm ec:71:db:49:8e:24 10.0.1.121 Camera1 ec:71:db:8c:07:4e 10.0.1.122 Camera2 16:e9:1e:ab:33:e2 10.0.1.131 Trading1 Win10 Virtual PC for trading bc:24:11:df:76:99 10.0.1.135 macos Mac OS virtual machine dc:a6:32:e0:85:29 10.0.1.161 Legolas Legolas ethernet 40:55:39:cc:77:00 10.0.1.250 anduin Cisco router 1 hmac-md5 10.0.20.100 10.0.20.199 10.0.1.4 dc:a6:32:e0:85:2a 10.0.20.15 kodi 18:c0:4d:db:2a:7c 10.0.20.20 simrig Gaming PC f4:8c:50:1a:36:9b 10.0.20.22 laptop 9c:5a:81:75:74:20 10.0.20.23 pocof3 bc:24:11:09:20:07 10.0.20.30 win11 bc:24:11:df:76:99 10.0.20.35 macos 1 hmac-md5 10.0.10.100 10.0.10.199 10.0.1.4 e0:3f:49:b2:12:35 10.0.10.11 omv bc:24:11:cb:c8:85 10.0.10.13 docker bc:24:11:ab:76:a3 10.0.10.21 web simple apache web server de:f9:0c:c1:d5:5c 10.0.10.24 jellyfin bc:24:11:ee:62:5c 10.0.10.26 gpodder bc:24:11:9e:e9:f7 10.0.10.27 nextcloud bc:24:11:2c:3e:09 10.0.10.31 minecraft1 bc:24:11:7e:10:ae 10.0.10.32 minecraft2 minecraft 'scarman' server bc:24:11:60:b0:46 10.0.10.33 minecraft3 bc:24:11:a7:1a:ea 10.0.10.53 pihole 1 hmac-md5 10.0.40.100 10.0.40.199 10.0.1.4 56:b5:94:ff:55:f1 10.0.40.21 kidsphone 16:e9:1e:ab:33:e2 10.0.40.31 trading1 66:1f:7a:58:86:ba 10.0.40.32 trading2 1 hmac-md5 10.0.30.21 10.0.30.199 c6:19:1e:a6:d6:fc 10.0.30.11 hass dss.mywire.org 10.0.1.4 2c:3a:e8:1a:44:72 10.0.30.18 ESP-1A4472 wifi-clock 70:89:76:0a:28:63 10.0.30.19 star-projector 1 hmac-md5 10.0.50.100 10.0.50.199 10.0.1.4 8c:88:2b:00:10:8d 10.0.50.11 kidspc Desktop PC for the kids (WiFi) f4:60:e2:f8:e2:80 10.0.50.12 pocof1 Phone for the kids 94:be:46:ee:df:81 10.0.50.14 logan-tab Logan's tablet 94:be:46:ee:df:89 10.0.50.15 archie-tab Archie's tablet 94:be:46:ee:df:85 10.0.50.17 harry-tab Harry's tablet public 10 100 automatic tcp wan inet HASS.io nat_603a219d254010.34486638 hass 8123 1 wanip 8123 root@10.0.1.131 /firewall_nat_edit.php made changes root@10.0.1.201 /firewall_nat_edit.php made changes tcp wan inet debian vm nat_603a31025c4875.51279624 terminal 22 1 wanip 22 root@10.0.40.31 /firewall_nat_edit.php made changes root@10.0.1.201 /firewall_nat_edit.php made changes tcp wan inet debian vm nat_6613bfc404c459.15645209 terminal 22 1 wanip 443 root@10.0.20.30 /firewall_nat_edit.php made changes root@10.0.20.30 /firewall_nat_edit.php made changes 1 tcp wan inet debian2 vm nat_61fe6823a62ff9.38653503 10.0.1.103 22 1 wanip 22 root@10.0.1.102 /firewall_nat_edit.php made changes root@10.0.1.100 /firewall_nat_edit.php made changes 1 tcp wan inet forward 443 to allow remote access to admin pc nat_66092eb98c4e69.09006077 adminpc 3389 1 wanip 443 root@10.0.20.30 /firewall_nat_edit.php made changes root@10.0.20.30 /firewall_nat_edit.php made changes 1 tcp wan inet forward 443 to allow remote access to trading pc nat_6613be95782af6.11754769 Trading1 3389 1 wanip 443 root@10.0.20.22 /firewall_nat_edit.php made changes root@10.0.20.30 /firewall_nat_edit.php made changes tcp wan inet nginx reverse proxy ssl nat_609ab30d1bcb08.88985266 nginx 443 1 wanip 443 root@10.0.1.131 /firewall_nat_edit.php made changes root@10.0.8.6 /firewall_nat_edit.php made changes 1 tcp wan inet nginx reverse proxy server nat_61d69bc2d88db3.30171087 nginx 80 1 wanip 80 root@10.0.1.131 /firewall_nat_edit.php made changes root@10.0.1.100 /firewall_nat_edit.php made changes tcp wan inet minecraft1 java nat_6189c4e0d85e51.54054052 minecraft1 25565 1 wanip 25565 root@10.0.1.131 /firewall_nat_edit.php made changes root@10.0.1.201 /firewall_nat_edit.php made changes udp wan inet minecraft1 bedrock pass minecraft1 19132 1 wanip 19132 root@10.0.1.131 /firewall_nat_edit.php made changes root@10.0.1.201 /firewall_nat_edit.php made changes tcp wan inet minecraft2 javA nat_61eca513f3ab54.12999814 minecraft2 25566 1 wanip 25566 root@10.0.1.131 /firewall_nat_edit.php made changes root@10.0.1.201 /firewall_nat_edit.php made changes udp wan inet minecraft2 bedrock nat_61eca544a8b730.21185118 minecraft2 19133 1 wanip 19133 root@10.0.1.131 /firewall_nat_edit.php made changes root@10.0.1.201 /firewall_nat_edit.php made changes tcp wan inet minecraft3 java nat_61f372df8b6171.53361896 1 minecraft3 25567 1 wanip 25567 root@10.0.1.131 /firewall_nat_edit.php made changes root@10.0.1.201 /firewall_nat_edit.php made changes udp wan inet minecraft3 bedrock nat_61f3734f494c02.95558635 1 minecraft3 19134 1 wanip 19134 root@10.0.1.131 /firewall_nat_edit.php made changes root@10.0.1.201 /firewall_nat_edit.php made changes tcp wan inet minecraft4 java nat_61f373074cc973.44719320 1 minecraft4 25568 1 wanip 25568 root@10.0.1.131 /firewall_nat_edit.php made changes root@10.0.1.201 /firewall_nat_edit.php made changes udp wan inet minecraft4 bedrock nat_61f3736fb310c2.90636878 1 minecraft4 19135 1 wanip 19135 root@10.0.1.131 /firewall_nat_edit.php made changes root@10.0.1.201 /firewall_nat_edit.php made changes tcp wan inet Jellyfin services nat_61f140996d6708.06843852 jellyfin 8096 1 wanip 8096 root@10.0.1.131 /firewall_nat_edit.php made changes root@10.0.1.100 /firewall_nat_edit.php made changes tcp wan inet bitwarden nat_62261aed26de09.52732628 10.0.1.11 18080 1 wanip 18080 root@10.0.1.201 /firewall_nat_edit.php made changes root@10.0.1.201 /firewall_nat_edit.php made changes 1 udp wan inet nat_62cc09e3b73e87.61248567 10.0.1.102 3478 1 wanip 3478 root@10.0.1.102 /firewall_nat_edit.php made changes root@10.0.1.102 /firewall_nat_edit.php made changes 1 udp wan inet nat_62cc0a1f5e00c2.77730298 10.0.1.102 4379 1 wanip 4379-4380 root@10.0.1.102 /firewall_nat_edit.php made changes root@10.0.1.102 /firewall_nat_edit.php made changes 1 tcp/udp wan inet nat_62dfdf81c63009.25391203 10.0.1.11 6881 1 wanip 6881 root@10.0.1.102 /firewall_nat_edit.php made changes root@10.0.1.102 /firewall_nat_edit.php made changes 1 wan keep state tcp inet
hass
8123 HASS.io nat_603a219d254010.34486638 root@10.0.1.201 /firewall_nat_edit.php made changes 1 wan keep state tcp inet
terminal
22 debian vm nat_603a31025c4875.51279624 root@10.0.1.201 /firewall_nat_edit.php made changes pass wan inet keep state Allow VPN Traffic in 1 1 udp 1 1 1194 root@10.0.1.100 /firewall_rules_edit.php made changes root@10.0.1.100 /firewall_rules_edit.php made changes 1 wan keep state tcp inet
nginx
443 nginx reverse proxy ssl nat_609ab30d1bcb08.88985266 root@10.0.8.6 /firewall_nat_edit.php made changes 1 1 wan keep state tcp inet
nginx
80 nginx reverse proxy server nat_61d69bc2d88db3.30171087 root@10.0.1.100 /firewall_nat_edit.php made changes 1 wan keep state tcp inet
minecraft1
25565 minecraft1 java nat_6189c4e0d85e51.54054052 root@10.0.1.201 /firewall_nat_edit.php made changes 1 wan keep state tcp inet
minecraft2
25566 minecraft2 javA nat_61eca513f3ab54.12999814 root@10.0.1.201 /firewall_nat_edit.php made changes 1 wan keep state udp inet
minecraft2
19133 minecraft2 bedrock nat_61eca544a8b730.21185118 root@10.0.1.201 /firewall_nat_edit.php made changes 1 wan keep state tcp inet
jellyfin
8096 Jellyfin services nat_61f140996d6708.06843852 root@10.0.1.100 /firewall_nat_edit.php made changes 1 wan keep state tcp inet
minecraft3
25567 minecraft3 java nat_61f372df8b6171.53361896 root@10.0.1.201 /firewall_nat_edit.php made changes 1 1 wan keep state tcp inet
minecraft4
25568 minecraft4 java nat_61f373074cc973.44719320 root@10.0.1.201 /firewall_nat_edit.php made changes 1 1 wan keep state udp inet
minecraft3
19134 minecraft3 bedrock nat_61f3734f494c02.95558635 root@10.0.1.201 /firewall_nat_edit.php made changes 1 1 wan keep state udp inet
minecraft4
19135 minecraft4 bedrock nat_61f3736fb310c2.90636878 root@10.0.1.201 /firewall_nat_edit.php made changes 1 1 wan keep state tcp inet
10.0.1.103
22 debian2 vm nat_61fe6823a62ff9.38653503 root@10.0.1.100 /firewall_nat_edit.php made changes 1 wan keep state tcp inet
10.0.1.11
18080 bitwarden nat_62261aed26de09.52732628 root@10.0.1.201 /firewall_nat_edit.php made changes 1 1 wan keep state udp inet
10.0.1.102
3478 nat_62cc09e3b73e87.61248567 root@10.0.1.102 /firewall_nat_edit.php made changes 1 wan keep state udp inet
10.0.1.102
4379-4380 nat_62cc0a1f5e00c2.77730298 root@10.0.1.102 /firewall_nat_edit.php made changes 1 wan keep state tcp/udp inet
10.0.1.11
6881 nat_62dfdf81c63009.25391203 root@10.0.1.102 /firewall_nat_edit.php made changes pass wan inet keep state Allow WireGuard VPN service in 1 udp 1 wanip 51820 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes nat_66092eb98c4e69.09006077 1 wan keep state tcp inet
adminpc
3389 forward 443 to allow remote access to admin pc root@10.0.20.30 /firewall_nat_edit.php made changes 1 nat_6613be95782af6.11754769 1 wan keep state tcp inet
Trading1
3389 forward 443 to allow remote access to trading pc root@10.0.20.30 /firewall_nat_edit.php made changes nat_6613bfc404c459.15645209 1 wan keep state tcp inet
terminal
22 debian vm root@10.0.20.30 /firewall_nat_edit.php made changes 1 pass inet Default allow LAN to any rule lan lan pass inet6 Default allow LAN IPv6 to any rule lan lan pass lan inet keep state Allow OpenVPN traffic in 1 openvpn 1 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes pass lan inet keep state in 1 icmp lan 1 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes pass lan inet keep state in 1 tcp/udp
terminal
opt2 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes pass lan inet keep state in 1
hass
opt3 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes pass lan inet keep state in 1
terminal
adminpc
 root@10.0.40.31 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes pass lan inet46 keep state in 1 tcp/udp
nginx
docker
 root@10.0.20.22 /firewall_rules_edit.php made changes root@10.0.20.22 /firewall_rules_edit.php made changes pass lan inet46 keep state in 1 tcp/udp
nginx
OMV
 root@10.0.20.22 /firewall_rules_edit.php made changes root@10.0.20.22 /firewall_rules_edit.php made changes OpenVPN wizard in 1 anyip 1194 any udp pass on root@10.0.1.100 /wizard.php made changes pass openvpn inet keep state OpenVPN wizard in 1
10.0.8.0/24
1 root@10.0.1.100 /firewall_rules_edit.php made changes root@10.0.1.100 /wizard.php made changes pass opt1 inet keep state Allow DNS with PiHole in 1 tcp/udp opt1
PiHole
53 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes pass opt1 inet keep state in 1 opt1 opt1ip root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes pass opt1 inet keep state in 1 opt1
OMV
 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes pass opt1 inet keep state in 1
docker
jellyfin
 root@10.0.20.30 /firewall_rules_edit.php made changes root@10.0.20.30 /firewall_rules_edit.php made changes pass opt1 inet keep state in 1
docker
kodi
 root@10.0.20.30 /firewall_rules_edit.php made changes root@10.0.20.30 /firewall_rules_edit.php made changes pass opt1 inet keep state in 1 tcp
10.0.20.101
10.0.1.1
 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes pass opt1 inet keep state temporary allow shellinabox in 1 tcp
10.0.10.21/24
10.0.1.100/24
22 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes pass opt1 inet keep state Allow internet in 1 opt1
PrivateNet
1 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes pass opt2 inet46 keep state Allow DNS with PiHole in 1 tcp/udp opt2
PiHole
53 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes pass opt2 inet keep state Allow ICMPv4 to all networks in 1 icmp opt2 1 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes pass opt2 inet keep state Allow laptop access to everything in 1
laptop
1 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes pass opt2 inet keep state Allow admin pc access to everything in 1
adminpc
1 root@10.0.40.31 /firewall_rules_edit.php made changes root@10.0.40.31 /firewall_rules_edit.php made changes pass opt2 inet keep state Allow access to Home Assistant in 1 tcp opt2
hass
8123 root@10.0.20.22 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes pass opt2 inet keep state Allow access to Kodi in 1 tcp/udp opt2
kodi
 root@10.0.20.22 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes pass opt2 inet keep state Allow access to *arr stack in 1 tcp opt2
OMV
arrPorts root@10.0.20.22 /firewall_rules_edit.php made changes root@10.0.20.22 /firewall_rules_edit.php made changes pass opt2 inet keep state Allow access to Deluge in 1 tcp opt2
OMV
delugePorts root@10.0.20.22 /firewall_rules_edit.php made changes root@10.0.20.22 /firewall_rules_edit.php made changes pass opt2 inet keep state Allow access to *arr stack in 1 tcp opt2
docker
arrPorts root@10.0.20.22 /firewall_rules_edit.php made changes root@10.0.20.22 /firewall_rules_edit.php made changes pass opt2 inet keep state Allow access to Deluge in 1 tcp opt2
docker
delugePorts root@10.0.20.22 /firewall_rules_edit.php made changes root@10.0.20.22 /firewall_rules_edit.php made changes pass opt2 inet keep state Allow Immich photo backup in 1 tcp/udp opt2
docker
2283 root@10.0.20.22 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes pass opt2 inet keep state Allow Jellyfin in 1 tcp/udp opt2
jellyfin
8096 root@10.0.20.30 /firewall_rules_edit.php made changes root@10.0.20.30 /firewall_rules_edit.php made changes pass opt2 inet keep state Allow nginx access in 1 tcp/udp opt2
nginx
 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes pass opt2 inet keep state Allow nextcloud access in 1 tcp/udp opt2
10.0.10.27
 root@10.0.20.22 /firewall_rules_edit.php made changes root@10.0.20.22 /firewall_rules_edit.php made changes pass opt2 inet46 keep state in 1
kodi
jellyfin
 root@10.0.20.22 /firewall_rules_edit.php made changes root@10.0.20.22 /firewall_rules_edit.php made changes pass opt2 inet keep state in 1 tcp
kodi
OMV
22 root@10.0.20.22 /firewall_rules_edit.php made changes root@10.0.20.22 /firewall_rules_edit.php made changes pass opt2 inet keep state in 1 tcp
kodi
OMV
445 root@10.0.20.22 /firewall_rules_edit.php made changes root@10.0.20.22 /firewall_rules_edit.php made changes pass opt2 inet keep state tvheadend htsp in 1 tcp
kodi
docker
9982 root@10.0.20.22 /firewall_rules_edit.php made changes root@10.0.20.22 /firewall_rules_edit.php made changes pass opt2 inet keep state tvheadend htsp in 1 tcp
dion_phone
docker
9982 root@10.0.20.30 /firewall_rules_edit.php made changes root@10.0.20.30 /firewall_rules_edit.php made changes pass opt2 inet keep state in 1
dion_phone
OMV
 root@10.0.20.30 /firewall_rules_edit.php made changes root@10.0.20.30 /firewall_rules_edit.php made changes pass opt2 inet46 keep state Allow only internet in 1 opt2
PrivateNet
1 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes pass opt3 inet keep state in 1
hass
PiHole
 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes pass opt3 inet keep state star projector temporary allow internet in 1
10.0.30.19
PiHole
 root@10.0.20.22 /firewall_rules_edit.php made changes root@10.0.20.22 /firewall_rules_edit.php made changes 1 pass opt3 inet keep state in 1 opt3
PiHole
 root@10.0.20.22 /firewall_rules_edit.php made changes root@10.0.20.22 /firewall_rules_edit.php made changes 1 pass opt3 inet keep state Allow HASS server internet access in 1
hass
1 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes block opt3 inet46 keep state Block everything in 1 opt3 1 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes 1 pass opt3 inet46 keep state Pass everything in 1 opt3 1 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes 1 block opt3 inet keep state Lounge wifi clock BLOCK ALL in 1
10.0.30.18/24
1 root@10.0.20.22 /firewall_rules_edit.php made changes root@10.0.20.22 /firewall_rules_edit.php made changes pass opt3 inet keep state Lounge wifi clock ntp access in 1 tcp/udp
10.0.30.18/24
10.0.1.1/24
123 root@10.0.20.22 /firewall_rules_edit.php made changes root@10.0.20.22 /firewall_rules_edit.php made changes 1 pass opt3 inet keep state in 1 opt3
PrivateNet
1 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes 1 block opt4 inet keep state block everything in 1 1 1 root@10.0.20.22 /firewall_rules_edit.php made changes root@10.0.20.22 /firewall_rules_edit.php made changes 1 pass opt4 inet46 keep state Allow DNS in 1 tcp/udp opt4
PiHole
53 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes pass opt4 inet keep state Allow samba to OMV in 1 tcp/udp
Trading1
OMV
445 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes pass opt4 inet keep state Allow samba to OMV in 1 tcp/udp
Trading2
OMV
445 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes pass opt4 inet keep state in 1 tcp
Trading2
10.0.1.1/24
8004 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes 1 pass opt4 inet keep state in 1 tcp
Trading1
10.0.1.1/24
8004 root@10.0.40.32 /firewall_rules_edit.php made changes root@10.0.40.32 /firewall_rules_edit.php made changes 1 pass opt4 inet keep state in 1 tcp
Trading2
Proxmox_Dell
8006 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes 1 pass opt4 inet keep state in 1 tcp
Trading1
Proxmox_Dell
8006 root@10.0.40.31 /firewall_rules_edit.php made changes root@10.0.40.31 /firewall_rules_edit.php made changes 1 pass opt4 inet keep state in 1 tcp/udp
Trading1
docker
 root@10.0.40.31 /firewall_rules_edit.php made changes root@10.0.40.31 /firewall_rules_edit.php made changes 1 block opt4 inet keep state block internet on kids phone in 1 tcp/udp
10.0.40.21
1 80 root@10.0.20.22 /firewall_rules_edit.php made changes root@10.0.20.22 /firewall_rules_edit.php made changes block opt4 inet keep state block internet on kids phone in 1 tcp/udp
10.0.40.21
1 443 root@10.0.20.22 /firewall_rules_edit.php made changes root@10.0.20.22 /firewall_rules_edit.php made changes pass opt4 inet46 keep state in 1 opt4
PrivateNet
1 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes pass opt5 inet46 keep state Allow DNS in 1 tcp/udp opt5 opt5ip 53 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes pass opt5 inet keep state in 1 opt5
PiHole
 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes pass opt5 inet keep state in 1 opt5
hass
 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes pass opt5 inet keep state in 1 opt5
jellyfin
 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes pass opt5 inet keep state Allow Immich photo backup in 1 tcp/udp opt5
docker
2283 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes pass opt5 inet keep state in 1 tcp opt5
docker
arrPorts root@10.0.20.22 /firewall_rules_edit.php made changes root@10.0.20.22 /firewall_rules_edit.php made changes pass opt5 inet keep state in 1 tcp opt5
OMV
arrPorts root@10.0.20.22 /firewall_rules_edit.php made changes root@10.0.20.22 /firewall_rules_edit.php made changes pass opt5 inet keep state in 1 tcp opt5
Trading1
3389 root@10.0.40.32 /firewall_rules_edit.php made changes root@10.0.40.32 /firewall_rules_edit.php made changes pass opt5 inet keep state in 1 tcp opt5
Trading2
3389 root@10.0.40.32 /firewall_rules_edit.php made changes root@10.0.40.32 /firewall_rules_edit.php made changes pass opt5 inet keep state allow wireguard phone access to adminpc remote desktop in 1 tcp/udp opt5
adminpc
3389 root@10.0.40.31 /firewall_rules_edit.php made changes root@10.0.40.31 /firewall_rules_edit.php made changes pass opt5 inet46 keep state in 1 opt5
PrivateNet
1 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes block opt6 inet keep state block everything in 1 1 1 root@10.0.20.22 /firewall_rules_edit.php made changes root@10.0.20.22 /firewall_rules_edit.php made changes 1 pass opt6 inet keep state Allow DNS to pihole in 1 tcp/udp opt6
PiHole
53 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes block opt6 inet keep state block poco f1 in 1
10.0.50.12
1 root@10.0.20.22 /firewall_rules_edit.php made changes root@10.0.20.22 /firewall_rules_edit.php made changes 1 pass opt6 inet keep state in 1 tcp
10.0.50.12
kodi
 root@10.0.20.22 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes pass opt6 inet keep state Allow only internet in 1 opt6
PrivateNet
1 root@10.0.1.131 /firewall_rules_edit.php made changes root@10.0.1.131 /firewall_rules_edit.php made changes ICMP icmp ICMP TCP tcp Generic TCP HTTP http Generic HTTP / 200 HTTPS https Generic HTTPS / 200 SMTP send Generic SMTP 220 * 0.opnsense.pool.ntp.org system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show 2 root@10.0.20.22 /firewall_rules_edit.php made changes 1 PrivateNet network 0 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 All local networks 1 OMV host 0 10.0.1.11 OMV Server 1 Proxmox_Dell host 0 10.0.1.6 Dell R630 1 nginx host 0 10.0.1.15 nginx instance 1 Trading1 host 0 10.0.40.31 VM for trading 1 Trading2 host 0 10.0.40.32 VM for trading 1 terminal host 0 10.0.1.100 vm for shell access (debian) 1 minecraft1 host 0 10.0.10.31 1 minecraft2 host 0 10.0.10.32 1 minecraft3 host 0 10.0.10.33 1 minecraft4 host 0 10.0.10.34 1 PiHole host 0 10.0.1.4 1 hass host 0 10.0.30.11 1 jellyfin host 0 10.0.1.24 jellyfin server 1 docker host 0 10.0.10.13 1 laptop host 0 10.0.20.22 1 dion_phone host 0 10.0.20.23 1 kodi host 0 10.0.20.15 1 WebPorts port 0 80 443 1 arrPorts port 0 7878 8989 8686 8787 6969 ports used by the *arr services 1 delugePorts port 0 8112 58846 1 adminpc host 0 10.0.20.30 Windows VM for admin 0 0 0 wan 192.168.0.0/16,10.0.0.0/8,172.16.0.0/12 W0D23 4 ac medium 0 0 0 0 opnsense 1 1 0 on strip 1 1 0 admin@localhost.local 0 /var/squid/cache 256 always 100 16 256 0 0 0 2048 1024 1024 256 0 0 username password lan 3128 3129 0 0 4 5 0 3401 public 2121 0 1 0 80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http 443:https 0 icap://[::1]:1344/avscan icap://[::1]:1344/avscan 1 0 0 X-Username 1 1024 60 OPNsense proxy authentication 2 5