opnsense Increase UFS read-ahead speeds to match the state of hard drives and NCQ. vfs.read_max default Set the ephemeral port range to be lower. net.inet.ip.portrange.first default Drop packets to closed TCP ports without returning a RST net.inet.tcp.blackhole default Do not send ICMP port unreachable messages for closed UDP ports net.inet.udp.blackhole default Randomize the ID field in IP packets net.inet.ip.random_id default Source routing is another way for an attacker to try to reach non-routable addresses behind your box. It can also be used to probe for information about your internal networks. These functions come enabled as part of the standard FreeBSD core system. net.inet.ip.sourceroute default Source routing is another way for an attacker to try to reach non-routable addresses behind your box. It can also be used to probe for information about your internal networks. These functions come enabled as part of the standard FreeBSD core system. net.inet.ip.accept_sourceroute default This option turns off the logging of redirect packets because there is no limit and this could fill up your logs consuming your whole hard drive. net.inet.icmp.log_redirect default Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway) net.inet.tcp.drop_synfin default Enable sending IPv6 redirects net.inet6.ip6.redirect default Enable privacy settings for IPv6 (RFC 4941) net.inet6.ip6.use_tempaddr default Prefer privacy addresses and use them over the normal addresses net.inet6.ip6.prefer_tempaddr default Generate SYN cookies for outbound SYN-ACK packets net.inet.tcp.syncookies default Maximum incoming/outgoing TCP datagram size (receive) net.inet.tcp.recvspace default Maximum incoming/outgoing TCP datagram size (send) net.inet.tcp.sendspace default Do not delay ACK to try and piggyback it onto a data packet net.inet.tcp.delayed_ack default Maximum outgoing UDP datagram size net.inet.udp.maxdgram default Handling of non-IP packets which are not passed to pfil (see if_bridge(4)) net.link.bridge.pfil_onlyip default Set to 1 to additionally filter on the physical interface for locally destined packets net.link.bridge.pfil_local_phys default Set to 0 to disable filtering on the incoming and outgoing member interfaces. net.link.bridge.pfil_member default Set to 1 to enable filtering on the bridge interface net.link.bridge.pfil_bridge default Allow unprivileged access to tap(4) device nodes net.link.tap.user_open default Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid()) kern.randompid default Maximum size of the IP input queue net.inet.ip.intr_queue_maxlen default Disable CTRL+ALT+Delete reboot from keyboard. hw.syscons.kbd_reboot default Enable TCP extended debugging net.inet.tcp.log_debug default Set ICMP Limits net.inet.icmp.icmplim default TCP Offload Engine net.inet.tcp.tso default UDP Checksums net.inet.udp.checksum default Maximum socket buffer size kern.ipc.maxsockbuf default Page Table Isolation (Meltdown mitigation, requires reboot.) vm.pmap.pti default Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation) hw.ibrs_disable default Hide processes running as other groups security.bsd.see_other_gids default Hide processes running as other users security.bsd.see_other_uids default Enable/disable sending of ICMP redirects in response to IP packets for which a better, and for the sender directly reachable, route and next hop is known. net.inet.ip.redirect 0 Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect packets without returning a response. net.inet.icmp.drop_redirect 1 Maximum outgoing UDP datagram size net.local.dgram.maxdgram default normal CSE-BB-GW tut.ac.za 1 admins System Administrators system 1999 0 page-all root System Administrator system admins $2y$10$R0o6yNwnGki4r54EtksF7uOizpBrNkTugGaPLFt509yCQ8W8H1cMm 0 2000 2000 Africa/Johannesburg tut.ac.za https

5f5a419c30b1d

yes 1 1 1 1 1 1 hadp hadp hadp monthly 60 aesni 1 1 admins 1 enabled 1 1 0 OPNsense-Backup 168.172.121.1 168.172.64.19 en_US 115200 video os-virtualbox,os-sunnyvalley 1 1 TUT_DHCP TUT_DHCP none none none none none none em0 1 10.0.0.254 21 1 Loopback 1 lo0 127.0.0.1 ::1 8 128 none 1 em1 TUT 1 1 dhcp

SavedCfg

em2 AA 1 1 10.10.10.254 24 10.0.0.10 10.0.0.245 1 1 10 10000 900 200 1 50 4096 10 public automatic block opt2,lan,opt1 inet6 keep state any yes 1 1 1 root@10.0.0.2 1639061246.3689 /firewall_rules_edit.php made changes root@10.0.0.2 1639061246.3709 /firewall_rules_edit.php made changes pass inet keep state in yes 1 tcp 1 (self) 443 root@10.0.0.2 1599745034.8933 /firewall_rules_edit.php made changes root@10.0.0.2 1599745034.8934 /firewall_rules_edit.php made changes pass inet keep state in yes 1 tcp 1 (self) 8338 root@168.172.250.32 1600257828.0251 /firewall_rules_edit.php made changes root@168.172.250.32 1600257828.0251 /firewall_rules_edit.php made changes 1 pass inet keep state in yes 1 tcp 1 (self) 666 root@168.172.250.32 1600260240.0222 /firewall_rules_edit.php made changes root@168.172.250.32 1600260240.0223 /firewall_rules_edit.php made changes 1 pass inet keep state in yes 1 tcp 1 (self) 22 root@10.0.0.2 1599745067.6489 /firewall_rules_edit.php made changes root@10.0.0.2 1599745067.6506 /firewall_rules_edit.php made changes 1 pass lan,opt1 inet keep state in yes 1 tcp/udp 1 (self) 53 root@10.0.0.2 1622123947.5157 /firewall_rules_edit.php made changes root@168.172.250.33 1599819089.5267 /firewall_rules_edit.php made changes pass opt2,lan,opt1 inet keep state in yes 1 icmp 1 1 root@10.0.0.2 1639121365.4613 /firewall_rules_edit.php made changes root@10.0.0.2 1639121365.4613 /firewall_rules_edit.php made changes 1 block lan inet6 keep state Default allow LAN IPv6 to any rule in 1 lan 1 root@10.0.0.2 1639120196.2555 /firewall_rules_edit.php made changes pass lan inet keep state Default allow LAN IPv4 to any rule in 1 lan 1 root@168.172.250.32 1600251001.611 /firewall_rules_edit.php made changes root@168.172.250.32 1600250978.4023 /firewall_rules_edit.php made changes 1 pass lan inet keep state in 1 tcp/udp lan 1 Web root@10.0.0.2 1639121297.94 /firewall_rules_edit.php made changes root@10.0.0.2 1639121225.5304 /firewall_rules_edit.php made changes pass lan inet keep state in 1

10.0.3.169

1 root@10.0.0.2 1599982745.5875 /firewall_rules_edit.php made changes root@10.0.0.2 1599982745.5875 /firewall_rules_edit.php made changes pass lan inet keep state in 1

10.0.4.169

1 root@10.0.0.2 1599982795.1333 /firewall_rules_edit.php made changes root@10.0.0.2 1599982795.1333 /firewall_rules_edit.php made changes pass lan inet keep state Default allow LAN to any rule in 1 lan

TUT

root@168.172.250.33 1599821945.0444 /firewall_rules_edit.php made changes pass lan inet keep state Default allow LAN to any rule in 1 lan

OneDrive

root@168.172.250.33 1599821970.0412 /firewall_rules_edit.php made changes root@168.172.250.33 1599821970.0412 /firewall_rules_edit.php made changes pass lan inet keep state Default allow LAN to any rule in 1 lan

OneDrive1

root@168.172.250.33 1599821986.948 /firewall_rules_edit.php made changes root@168.172.250.33 1599821986.9481 /firewall_rules_edit.php made changes pass lan inet keep state Default allow LAN to any rule in 1 lan

OneDrive2

root@168.172.250.33 1599821998.8391 /firewall_rules_edit.php made changes root@168.172.250.33 1599821998.8391 /firewall_rules_edit.php made changes pass lan inet keep state Default allow LAN to any rule in 1 lan

BlackBoard

root@168.172.250.32 1600250876.0982 /firewall_rules_edit.php made changes root@168.172.250.32 1600250876.0983 /firewall_rules_edit.php made changes block opt1 inet6 keep state in 1 1 1 root@10.0.0.2 1639061108.4037 /firewall_rules_edit.php made changes root@10.0.0.2 1639061108.4039 /firewall_rules_edit.php made changes block opt1 inet keep state in 1 opt1 lan root@10.0.0.2 1622124165.0718 /firewall_rules_edit.php made changes root@10.0.0.2 1622124165.0718 /firewall_rules_edit.php made changes pass opt1 inet keep state in 1 tcp opt1 1 80 root@10.0.0.2 1622124129.9607 /firewall_rules_edit.php made changes root@10.0.0.2 1622123993.3469 /firewall_rules_edit.php made changes pass opt1 inet keep state in 1 tcp opt1 1 443 root@10.0.0.2 1622124210.0389 /firewall_rules_edit.php made changes root@10.0.0.2 1622124210.039 /firewall_rules_edit.php made changes pass opt2 inet keep state in 1 tcp/udp opt2 1 Web root@10.0.0.2 1639121505.1834 /firewall_rules_edit.php made changes root@10.0.0.2 1627580143.9374 /firewall_rules_edit.php made changes block opt2 inet keep state in 1 opt2 lan root@10.0.0.2 1639121572.8158 /firewall_rules_edit.php made changes root@10.0.0.2 1639121572.8159 /firewall_rules_edit.php made changes ICMP icmp ICMP TCP tcp Generic TCP HTTP http Generic HTTP / 200 HTTPS https Generic HTTPS / 200 SMTP send Generic SMTP 220 * 0.opnsense.pool.ntp.org system_information-container:00000000-col3:show,services_status-container:00000001-col3:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show,traffic_graphs-container:00000004-col4:show 2 opt2,lan root@10.0.0.2 1639121572.8693 /firewall_rules_edit.php made changes 1 TUT network 0 168.172.0.0/16 1 OneDrive host 0 tut4lifeac-my.sharepoint.com onedrive.live.com login.live.com g.live.com spoprod-a.akamaihd.net p.sfx.ms oneclient.sfx.ms fabric.io vortex.data.microsoft.com posarprodcssservice.accesscontrol.windows.net redemptionservices.accesscontrol.windows.net token.cp.microsoft.com tokensit.cp.microsoft-tst.com vas.samsungapps.com odc.officeapps.live.com login.windows.net login.microsoftonline.com storage.live.com favorites.live.com oauth.live.com photos.live.com skydrive.live.com api.live.net apis.live.net docs.live.net policies.live.net settings.live.net skyapi.live.net snapi.live.net storage.msn.com ssw.live.com admin.onedrive.com officeclient.microsoft.com 1 OneDrive1 host 0 oneclient.sfx.ms g.live.com cdn.sharepointonline.com privatecdn.sharepointonline.com publiccdn.sharepointonline.com spoprod-a.akamaihd.net static.sharepointonline.com prod.msocdn.com watson.telemetry.microsoft.com tut4lifeac-files.sharepoint.com tut4lifeac-myfiles.sharepoint.com teams.microsoft.com www.microsoft.com go.microsoft.com onedrive.live.com login.microsoftonline.com 1 OneDrive2 network 0 13.107.64.0/18 52.112.0.0/14 52.120.0.0/14 52.238.119.141/32 52.244.160.207/32 13.107.6.171/32 13.107.140.6/32 52.108.0.0/14 52.238.106.116/32 52.244.37.168/32 52.244.203.72/32 52.244.207.172/32 52.244.223.198/32 52.247.150.191/32 104.73.46.0/24 172.217.170.0/24 23.60.7.0/24 196.24.45.0/24 51.105.249.0/24 152.199.23.0/24 20.190.129.19/32 216.58.223.0/24 23.33.48.0/24 51.11.168.0/24 40.122.160.0/24 2.17.205.0/24 23.202.80.0/24 152.199.19.0/24 40.126.0.0/16 40.115.3.0/24 23.56.194.0/24 52.98.0.0/16 13.107.0.0/16 1 BlackBoard network 0 69.196.237.0/24 34.239.40.0/22 108.129.37.0/24 63.35.119.0/24 52.211.221.0/24 34.251.106.0/24 1 Web port 0 80 443 53 21 Connection to Internet v9 0 1800 15 1 0 1 0 8337 1 0.0.0.0 666 1 86400 9d777935627a29c77604c57273520eb42635fd1847d2eeea1e7441fbaeb26253 wan 0 opnsense 1 1 0 on strip 1 1 0 admin@localhost.local 0 /var/squid/cache 256 always 100 16 256 0 0 0 2048 1024 1024 256 0 0 username password lan 3128 3129 0 0 4 5 0 3401 public 2121 0 1 0 80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http 443:https 0 icap://[::1]:1344/avscan icap://[::1]:1344/avscan 1 0 0 X-Username 1 1024 60 OPNsense proxy authentication 2 5