diff --git a/opnsense/fw01.ke.einsle.de b/opnsense/fw01.ke.einsle.de new file mode 100644 index 0000000..fa5a967 --- /dev/null +++ b/opnsense/fw01.ke.einsle.de @@ -0,0 +1,2139 @@ + + opnsense + + + Disable the pf ftp proxy handler. + debug.pfftpproxy + default + + + Increase UFS read-ahead speeds to match the state of hard drives and NCQ. + vfs.read_max + default + + + Set the ephemeral port range to be lower. + net.inet.ip.portrange.first + default + + + Drop packets to closed TCP ports without returning a RST + net.inet.tcp.blackhole + default + + + Do not send ICMP port unreachable messages for closed UDP ports + net.inet.udp.blackhole + default + + + Randomize the ID field in IP packets (default is 0: sequential IP IDs) + net.inet.ip.random_id + default + + + + Source routing is another way for an attacker to try to reach non-routable addresses behind your box. + It can also be used to probe for information about your internal networks. These functions come enabled + as part of the standard FreeBSD core system. + + net.inet.ip.sourceroute + default + + + + Source routing is another way for an attacker to try to reach non-routable addresses behind your box. + It can also be used to probe for information about your internal networks. These functions come enabled + as part of the standard FreeBSD core system. + + net.inet.ip.accept_sourceroute + default + + + + Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects + to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect + packets without returning a response. + + net.inet.icmp.drop_redirect + default + + + + This option turns off the logging of redirect packets because there is no limit and this could fill + up your logs consuming your whole hard drive. + + net.inet.icmp.log_redirect + default + + + Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway) + net.inet.tcp.drop_synfin + default + + + Enable sending IPv4 redirects + net.inet.ip.redirect + default + + + Enable sending IPv6 redirects + net.inet6.ip6.redirect + default + + + Enable privacy settings for IPv6 (RFC 4941) + net.inet6.ip6.use_tempaddr + default + + + Prefer privacy addresses and use them over the normal addresses + net.inet6.ip6.prefer_tempaddr + default + + + Generate SYN cookies for outbound SYN-ACK packets + net.inet.tcp.syncookies + default + + + Maximum incoming/outgoing TCP datagram size (receive) + net.inet.tcp.recvspace + default + + + Maximum incoming/outgoing TCP datagram size (send) + net.inet.tcp.sendspace + default + + + Do not delay ACK to try and piggyback it onto a data packet + net.inet.tcp.delayed_ack + default + + + Maximum outgoing UDP datagram size + net.inet.udp.maxdgram + default + + + Handling of non-IP packets which are not passed to pfil (see if_bridge(4)) + net.link.bridge.pfil_onlyip + default + + + Set to 1 to additionally filter on the physical interface for locally destined packets + net.link.bridge.pfil_local_phys + default + + + Set to 0 to disable filtering on the incoming and outgoing member interfaces. + net.link.bridge.pfil_member + default + + + Set to 1 to enable filtering on the bridge interface + net.link.bridge.pfil_bridge + default + + + Allow unprivileged access to tap(4) device nodes + net.link.tap.user_open + default + + + Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid()) + kern.randompid + default + + + Maximum size of the IP input queue + net.inet.ip.intr_queue_maxlen + default + + + Disable CTRL+ALT+Delete reboot from keyboard. + hw.syscons.kbd_reboot + default + + + Enable TCP extended debugging + net.inet.tcp.log_debug + default + + + Set ICMP Limits + net.inet.icmp.icmplim + default + + + TCP Offload Engine + net.inet.tcp.tso + default + + + UDP Checksums + net.inet.udp.checksum + default + + + Maximum socket buffer size + kern.ipc.maxsockbuf + default + + + Page Table Isolation (Meltdown mitigation, requires reboot.) + vm.pmap.pti + default + + + Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation) + hw.ibrs_disable + default + + + Hide processes running as other groups + security.bsd.see_other_gids + default + + + Hide processes running as other users + security.bsd.see_other_uids + default + + + Enable/disable sending of ICMP redirects in response to IP packets for which a better, + and for the sender directly reachable, route and next hop is known. + + net.inet.ip.redirect + 0 + + + Enable/disable dropping of ICMP Redirect packets + net.inet.icmp.drop_redirect + 1 + + + + normal + fw01 + ke.einsle.de + + admins + System Administrators + system + 1999 + 0 + 2000 + 2004 + page-all + + + root + System Administrator + system + admins + $2y$10$BczaNfG.OdvX2e/udy1ekux4RvVYsQUdUCYohiyVB2Xle8he1V8ve + 0 + + c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBQkl3QUFBUUVBbmVHd0NqOURGTDVxUnMzaFd5SEcyVm5kNGlUWVg1Y0dsN0FUZ1Y3MlZQTm5nYjVsNjNGbTlIbXdkNEtucENhY3lhWFBXQXlyYzIwY2QyNmZmZVRCc1hUQzhtSTc5R3dVWUVOQ3BTeFNLQW12eTlnSjdBUDF4eE93WkdSeCtKNWRyVldyZWpjUGtxQzJublZkZGtEODVyTkVBREo1KzJnNFl1UER2ZFg5cTI0WXg3cHdnUFoxVnJiWTZNOW9zMU03R3RhQzlBWWJNNk9ZdldBOHp2ai9EWUZEem1QelgvRzNnNThLYlBRaUxRakVXREZCbFlmSE9OWVlHRmdwZWdPakVFM09aV0JBWDhBanJTeUVoaGFFS1ZhZFhYV0M3OUxVRWF6SC8yUXZGOG44OFAzZ3lYbnhlckd5dHRCMlBmZmNPME5LOE51ME9pdWpuZlpNUG1yUFh3PT0gU1NILUtleSBSb2JlcnQgRWluc2xlIHByaXZhdA== + + + + + $2y$10$7ELqsp0QYmp4a1m5pvSSGeEaJYK7ts3k2qzyfW0pWHdv9JlTpNTO6 + user + reinsle + Robert Einsle + + c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBQkl3QUFBUUVBbmVHd0NqOURGTDVxUnMzaFd5SEcyVm5kNGlUWVg1Y0dsN0FUZ1Y3MlZQTm5nYjVsNjNGbTlIbXdkNEtucENhY3lhWFBXQXlyYzIwY2QyNmZmZVRCc1hUQzhtSTc5R3dVWUVOQ3BTeFNLQW12eTlnSjdBUDF4eE93WkdSeCtKNWRyVldyZWpjUGtxQzJublZkZGtEODVyTkVBREo1KzJnNFl1UER2ZFg5cTI0WXg3cHdnUFoxVnJiWTZNOW9zMU03R3RhQzlBWWJNNk9ZdldBOHp2ai9EWUZEem1QelgvRzNnNThLYlBRaUxRakVXREZCbFlmSE9OWVlHRmdwZWdPakVFM09aV0JBWDhBanJTeUVoaGFFS1ZhZFhYV0M3OUxVRWF6SC8yUXZGOG44OFAzZ3lYbnhlckd5dHRCMlBmZmNPME5LOE51ME9pdWpuZlpNUG1yUFh3PT0gU1NILUtleSBSb2JlcnQgRWluc2xlIHByaXZhdA== + + Z5PYOKETTBBCR3P6KRE7IVXJV4UWIMGH + robert@einsle.de + /bin/sh + 2000 + uid=reinsle,cn=users,dc=ke,dc=einsle,dc=de + 5cb9f61ca1b7d + 5cbee0f6db47c + + + user + brigitte + uid=brigitte,cn=users,dc=ke,dc=einsle,dc=de + + $2y$10$AupvzUkABjsaSXD07stkhefd022OR1.nmDXdfoV9J0dpycRRzegLi + 2001 + + + user + tobias + uid=tobias,cn=users,dc=ke,dc=einsle,dc=de + + $2y$10$YKH4iJB2SxFr4rkaJXMMa.jy8fyUZgCe4kigMIPHWxWIiW5ub6Agu + 2002 + + + user + teresa + uid=teresa,cn=users,dc=ke,dc=einsle,dc=de + + $2y$10$RffJY1d1OFxRWJi7T4Y5H.UJCxfvUiAZl6xXlnOMFpNC2Z6CA0bd. + 2003 + + + $2y$10$Smx9jtcrqPWGnZzIFxUzveTrtGrJ/OHHFteatZlZjKMUV.7eVucP2 + user + oxidized + Oxidized + + c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFDQVFEWFVETG9FVG9NcG1YbnRsaldKYjVlN2lRSEFSeGtQYjgzejljTDE5aDc0VzZjSjB4MnNmUzNIREdQQS9qc3VxcVpJajdQUVc0Y1ArTzd4blBJTjQzalZ6U3BZdTk1RU9pT0UzZWJSNTlZZHR3eVBrM0dtMUtLNDMyVG55NjFLSVpNSXFUZnNGMkZ5TlRGNld3N0xDalROOHdPb0I5YU84RW5icFZ2R0t4UlI5cTIrcVNMdVdUVXhoNS9OZk8wRHRpaEdHaXU2NHlkYzhuS0h3Y1VmK0NIN2Q4WkhOZGdtSEgraVNlUmgwNm9OcE1wR1hWamtuczFJT1RPT2FzWnFXVW9wc3pndTJPc2xzdTZ5NmV5eHplTjQ3R0hrUE83YWg5dVVRN1ZXaHZDS1FtY1FxUC8wRmptRWtLSjQ4S21USXdmNG9IUHRGMmRONWtYNGVwRGJrcGdVRWJhQzN1MWU4TEErWHppR3Q5cGFYa0UwS1VSRGxBVnp4T3lpSFlFSGNXVFluSk50d3BDYUIvdTJZY3VSTVptb1h2SUVZUUFRNEJ5OEY5dDNEQVJDWU5EYkIvTkpKSUNqWnhrMEgxK2E4ZlNnRTdSYTVuSzIwVGgrd0tQTWpwdG9sekFaUy9LMFphT3hHRWV5U1dHVU8wMXh4L0k3L3hYdENhUVpzWVJWc21rWkZoZXJQUnNwcE0xakhMamVTejZCdmRyQXY5bDBNK0M2blhpM1hJWU4rQThpaW5aa0pmait5TFdIcDhaaGpHdUR1L0xrRVI2b2pJNjduM2U4b1krN3pqbFJVMEIvYnpHVm5xOFdKdHRURHB4bTBkWitXbGVsdHdBYzZJUGR3ejV4clFXV0FucDB2eVF1L0lKb3pjbG5JcGd6NkNrQlBFY1k1aWtNU3BKaHc9PSBveGlkaXplZEBveGlkaXplZA== + + + /bin/csh + 2004 + + 2005 + 2000 + Europe/Berlin + 0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org + + https + 5cb98512c7016 + + + + + 1 + kedc01,Local Database + + yes + 1 + 1 + 2 + 1 + 1 + 1 + + hadp + hadp + hadp + + monthly + + + 60 + aesni + 1 + 1 + + admins + 1 + + enabled + 1 + + + + 1 + https://cloud.einsle.de + robert@einsle.de + !Khyp1o= + + OPNsense-kempten2 + + + de_DE + 208.67.222.222 + 208.67.220.220 + 2620:0:ccc::2 + 2620:0:ccd::2 + + os-zerotier,os-net-snmp + + 115200 + video + + 5cb995ae6d61f + ldap + kedc01 + 172.24.10.11 + 7389 + TCP - Standard + 3 + subtree + dc=ke,dc=einsle,dc=de + cn=users,dc=ke,dc=einsle,dc=de + &(objectClass=inetOrgPerson) + uid + uid=sec_fw,cn=users,dc=ke,dc=einsle,dc=de + b7G77HydYn9qUmLUqsnu + 5cb9f38800630 + + + 5cb9b06943031 + voucher + CP Voucher + + + + + + 5cbaaea76ecc2 + ldap-totp + kedc01 TOTP + 5cb9f38800630 + 172.24.10.11 + 7389 + TCP - Standard + 3 + subtree + dc=ke,dc=einsle,dc=de + cn=users,dc=ke,dc=einsle,dc=de + &(objectClass=inetOrgPerson) + uid + uid=sec_fw,cn=users,dc=ke,dc=einsle,dc=de + b7G77HydYn9qUmLUqsnu + 6 + + + + + 1 + 1 + none + none + none + none + none + none + none + none + + + + vtnet0 + KDG + 1 + + 1 + 1 + 172.24.4.11 + 24 + KDG_FRITZ + slaac + + + vtnet3 + SERVER + 1 + + 172.24.10.2 + 24 + + + vtnet1 + MGMT + 1 + + 172.24.1.2 + 24 + + + vtnet2 + DMZ + 1 + + 172.24.2.2 + 24 + + + vtnet4 + ROBERT + 1 + + 172.24.42.2 + 24 + track6 + wan + 0 + + + vtnet5 + BRIGITTE + 1 + + 172.24.50.2 + 24 + + + vtnet6 + TOBIAS + 1 + + 172.24.51.2 + 24 + + + vtnet7 + TERESA + 1 + + 172.24.52.2 + 24 + + + vtnet8 + VOIP + 1 + + 172.24.60.2 + 24 + + + vtnet9 + TEST + 1 + + 172.24.90.2 + 24 + + + vtnet10 + GAST + 1 + + 172.24.99.2 + 24 + + + 1 + 1 + INTERN + INTERN + 1 + group + + + ztanv9hnl3ml6ep + ZTROBBY + 1 + + 172.22.0.211 + 16 + + + 1 + 1 + CLIENTS + CLIENTS + 1 + group + + + vtnet11 + PFSYNC + 1 + + 172.24.11.2 + 24 + + + ovpns1 + OVPNS1 + 1 + + 172.24.21.1 + 24 + + + 1 + 1 + openvpn + OpenVPN + group + 1 + + + + + + 172.24.10.10 + 172.24.10.245 + + + + + on + on + + ke.einsle.de + 172.24.10.11 + + + + + + + public + + + + + + + hybrid + + + NET_kempten + + + opt1 + + masq auf management + opt1 + + + + + inet + + reinsle@172.24.42.51 + + /firewall_nat_out_edit.php made changes + + + 0 + + + root@172.24.42.51 + + /firewall_nat_out_edit.php made changes + + + + + HOST_tobias_ps4 + + + 1 + + + wan + + + + + inet + + 0 + 1 + + + root@172.24.42.51 + + /firewall_nat_out_edit.php made changes + + + root@172.24.42.51 + + /firewall_nat_out_edit.php made changes + + + + + tcp + wan + inet + dnat kdg:22021 auf horst + + + + nat_5cbede8ec8ff85.18793725 + HOST_horst + 22 + + 1 + + + wanip + 22021 + + + root@172.24.42.51 + + /firewall_nat_edit.php made changes + + + root@172.24.42.51 + + /firewall_nat_edit.php made changes + + + + tcp + wan + inet + dnat kdg:22022 auf fw + + + + nat_5cbab161f13b55.46013125 + 127.0.0.1 + 22 + + 1 + + + wanip + 22022 + + + root@172.24.42.173 + + /firewall_nat_edit.php made changes + + + root@172.24.42.173 + + /firewall_nat_edit.php made changes + + + + tcp + wan + inet + dnat kdg:22023 auf kedc01 + + + + nat_5cb9a87b941159.37025775 + HOST_kedc01 + 22 + + 1 + + + wanip + 22023 + + + root@172.24.42.173 + + /firewall_nat_edit.php made changes + + + root@172.24.42.51 + + /firewall_nat_edit.php made changes + + + + + + pass + opt4,CLIENTS,opt2,opt9,INTERN,wan,opt1,opt3,lan,opt6,opt8,opt5,opt7 + inet + keep state + Allow CARP + any + yes + yes + carp + + 1 + + + 1 + + + root@172.24.42.51 + + /firewall_rules_edit.php made changes + + + root@172.24.42.51 + + /firewall_rules_edit.php made changes + + + + pass + opt4,CLIENTS,opt2,opt9,INTERN,wan,opt1,opt11,openvpn,opt3,lan,opt6,opt8,opt5,opt7,opt10 + inet + keep state + alle auf alle mit ping + in + yes + yes + icmp + echoreq + + 1 + + + 1 + + + root@172.24.42.173 + + /firewall_rules_edit.php made changes + + + root@172.24.42.51 + + /firewall_rules_edit.php made changes + + + + pass + opt4,CLIENTS,opt2,opt9,INTERN,wan,opt1,opt11,openvpn,opt3,lan,opt6,opt8,opt5,opt7,opt10 + inet + keep state + alle auf alle mit ssh + in + yes + yes + tcp + + 1 + + + 1 + 22 + + + root@172.24.42.173 + + /firewall_rules_edit.php made changes + + + root@172.24.42.51 + + /firewall_rules_edit.php made changes + + + + pass + opt3,lan + inet + keep state + robert,server auf firewall mit http + in + yes + yes + tcp + + 1 + + + (self) + 80 + + + reinsle@172.24.42.51 + + /firewall_rules_edit.php made changes + + + reinsle@172.24.42.51 + + /firewall_rules_edit.php made changes + + + + pass + opt3,lan + inet + keep state + robert,server auf firewall mit https + in + yes + yes + tcp + + 1 + + + (self) + 443 + + + reinsle@172.24.42.51 + + /firewall_rules_edit.php made changes + + + root@172.24.42.51 + + /firewall_rules_edit.php made changes + + + + pass + opt4,CLIENTS,opt2,opt9,INTERN,opt1,opt11,openvpn,opt3,lan,opt6,opt8,opt5,opt7,opt10 + inet + keep state + kempten auf internet mit web + any + yes + yes + tcp + +
NET_kempten
+ + + 1 + PORT_web + + + root@172.24.42.173 + + /firewall_rules_edit.php made changes + + + reinsle@172.24.42.51 + + /firewall_rules_edit.php made changes + + + + + 1 + + wan + tcp + inet + +
HOST_kedc01
+ 22 + + NAT dnat kdg:22023 auf kedc01 + nat_5cb9a87b941159.37025775 + + root@172.24.42.51 + + /firewall_nat_edit.php made changes + + + + + 1 + + wan + tcp + inet + +
127.0.0.1
+ 22 + + NAT dnat kdg:22022 auf fw + nat_5cbab161f13b55.46013125 + + root@172.24.42.173 + + /firewall_nat_edit.php made changes + + + + pass + wan + inet + keep state + internet auf firewall mit openvpn + udp + + 1 + + + (self) + 1194 + + + root@172.24.42.173 + + /firewall_rules_edit.php made changes + + + root@172.24.42.173 + + /firewall_rules_edit.php made changes + + + + pass + inet + Default allow LAN to any rule + lan + + lan + + + + + + + pass + inet6 + Default allow LAN IPv6 to any rule + lan + + lan + + + + + + + pass + lan + inet + keep state + kedc auf internet mit dns + tcp/udp + +
HOSTS_kedc
+ + +
NET_kempten
+ 1 + 53 + + + reinsle@172.24.42.51 + + /firewall_rules_edit.php made changes + + + reinsle@172.24.42.51 + + /firewall_rules_edit.php made changes + + + + pass + lan + inet + keep state + kedc auf internet mit ntp + udp + +
HOSTS_kedc
+ + +
NET_kempten
+ 1 + 123 + + + reinsle@172.24.42.51 + + /firewall_rules_edit.php made changes + + + reinsle@172.24.42.51 + + /firewall_rules_edit.php made changes + + + + pass + lan + inet + keep state + monitor auf internet mit all + tcp + +
HOST_monitor
+ + +
NET_kempten
+ 1 + PORT_icinga2 + + + root@172.24.42.51 + + /firewall_rules_edit.php made changes + + + root@172.24.42.51 + + /firewall_rules_edit.php made changes + + + + pass + lan + inet + keep state + monitor auf mgmt mit monitoring_porst + tcp/udp + +
HOST_monitor
+ + + opt1 + PORT_monitoring + + + root@172.24.42.51 + + /firewall_rules_edit.php made changes + + + root@172.24.42.51 + + /firewall_rules_edit.php made changes + + + + pass + CLIENTS + inet + keep state + intern auf internet mit ports_internet + tcp/udp + +
NET_kempten
+ + +
NET_kempten
+ 1 + + + root@172.24.42.51 + + /firewall_rules_edit.php made changes + + + reinsle@172.24.42.51 + + /firewall_rules_edit.php made changes + + + + pass + CLIENTS + inet + keep state + openvpn auf firewall + udp + + 1 + + + (self) + 1194 + + + root@172.24.42.51 + + /firewall_rules_edit.php made changes + + + root@172.24.42.51 + + /firewall_rules_edit.php made changes + + + + pass + INTERN + inet + keep state + intern auf kedc mit dns + tcp/udp + +
NET_kempten
+ + +
HOSTS_kedc
+ 53 + + + reinsle@172.24.42.51 + + /firewall_rules_edit.php made changes + + + reinsle@172.24.42.51 + + /firewall_rules_edit.php made changes + + + + pass + INTERN + inet + keep state + intern auf kedc mit ntp + udp + +
NET_kempten
+ + +
HOSTS_kedc
+ 123 + + + reinsle@172.24.42.51 + + /firewall_rules_edit.php made changes + + + reinsle@172.24.42.51 + + /firewall_rules_edit.php made changes + + + + pass + INTERN + inet + keep state + intern auf host mit 8006/tcp + tcp + +
NET_kempten
+ + +
HOST_horst
+ PORT_proxmox + + + reinsle@172.24.42.51 + + /firewall_rules_edit.php made changes + + + reinsle@172.24.42.51 + + /firewall_rules_edit.php made changes + + + + pass + INTERN + inet + keep state + intern auf kedc mit web + tcp/udp + +
NET_kempten
+ + + lan + PORT_server + + + root@172.24.42.51 + + /firewall_rules_edit.php made changes + + + reinsle@172.24.42.51 + + /firewall_rules_edit.php made changes + + + + pass + INTERN + inet + keep state + intern auf kedc mit ad_ports + tcp + +
NET_kempten
+ + +
HOST_kyo
+ + + root@172.24.42.51 + + /firewall_rules_edit.php made changes + + + root@172.24.42.51 + + /firewall_rules_edit.php made changes + + + + block + opt5 + inet + keep state + Block Tobias + 1 + + 1 + + + 1 + + + root@172.24.42.173 + + /firewall_rules_edit.php made changes + + + root@172.24.42.173 + + /firewall_rules_edit.php made changes + + + + pass + opt12 + inet + keep state + + 1 + + + 1 + + + root@172.24.42.51 + + /firewall_rules_edit.php made changes + + + root@172.24.42.51 + + /firewall_rules_edit.php made changes + + + + + 1 + + wan + tcp + inet + +
HOST_horst
+ 22 + + NAT dnat kdg:22021 auf horst + nat_5cbede8ec8ff85.18793725 + + root@172.24.42.51 + + /firewall_nat_edit.php made changes + + + + + + + + + ICMP + icmp + ICMP + + + + TCP + tcp + Generic TCP + + + + HTTP + http + Generic HTTP + + / + + 200 + + + + HTTPS + https + Generic HTTPS + + / + + 200 + + + + SMTP + send + Generic SMTP + + + 220 * + + + + + 0.opnsense.pool.ntp.org + + + system_information-container:00000000-col3:show,traffic_graphs-container:00000001-col3:show,cpu_usage-container:00000002-col3:show,log-container:00000003-col3:show,services_status-container:00000004-col4:show,gateways-container:00000005-col4:show,interface_list-container:00000006-col4:show,openvpn-container:00000007-col4:show,carp_status-container:00000008-col4:show + 2 + + + root@172.24.42.167 + + /system_usermanager.php made changes + + + + + + + 1 + NET_kempten + network + + + 172.24.0.0/16 + Netzwerke Kempten + + + 1 + NET_robert + network + + + 172.24.42.0/24 + Netzwerk Robert + + + 1 + PORT_web + port + + + 80 +443 +5000 +5001 +8080 +8443 + Ports für WEB Zugriff + + + 1 + HOST_kedc01 + host + + + 172.24.10.11 + HOST kedc01 + + + 1 + HOST_kedc02 + host + + + 172.24.10.12 + HOST kedc02 + + + 1 + HOSTS_kedc + host + + + HOST_kedc01 +HOST_kedc02 + + + + 1 + PORT_proxmox + port + + + 8006 + PORT proxmox tcp 8006 + + + 1 + HOST_horst + host + + + 172.24.10.10 +172.24.10.9 + HOST horst + + + 1 + PORT_mail + port + + + 25 +110 +143 +587 +993 +995 + Ports für Mail + + + 1 + HOST_kyo + host + + + 172.24.10.51 + HOST kyocera + + + 1 + HOST_monitor + host + + + 172.24.10.14 + HOST monitor.ke.einsle.de + + + 1 + PORT_icinga2 + port + + + 5665 + PORT icinga2 + + + 1 + PORT_monitoring + port + + + 22 +80 +161 +443 +8291 +PORT_web +PORT_mail + Ports Monitoring + + + 1 + PORT_ssh + port + + + 22 +22020:22040 + Ports SSH + + + 1 + HOST_tobias_ps4 + host + + + 172.24.51.195 + Tobias PS4 + + + 1 + PORTS_internet + port + + + 22 +PORT_web +PORT_mail +22020:22040 + Ports zum Internetzugriff + + + 1 + HOST_nas + host + + + 172.24.10.16 + nas.ke.einsle.de + + + 1 + PORT_fileshare + port + + + 42 +53 +88 +135 +137 +138 +139 +389 +445 +636 +853 +1512 +3268 +3269 +7389 +7636 +49150:49160 +67:68 + Ports fuer Windows AD und FileShare + + + 1 + PORT_server + port + + + PORT_web +PORT_fileshare +PORT_mail + + + + + + + + + + + + + + + 0 + 0 + 0 + wan + 192.168.0.0/16,10.0.0.0/8,172.16.0.0/12 + + + W0D23 + 4 + ac + 0 + 0 + + + + + 0 + + + + 1 + 1 + + + + + + 0 + on + strip + 1 + 0 + admin@localhost.local + + + + 0 + /var/squid/cache + 256 + + 100 + 16 + 256 + 0 + 0 + + + + 0 + 2048 + 1024 + 1024 + 256 + + + 0 + + 0 + username + password + + + + + + + lan + 3128 + 3129 + 0 + 0 + + + 4 + 5 + 0 + 3401 + public + + 2121 + 0 + 1 + 0 + + + + + + + + + 80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http + 443:https + + + + + + + 0 + icap://[::1]:1344/avscan + icap://[::1]:1344/avscan + 1 + 0 + 0 + X-Username + 1 + 1024 + 60 + + + + + OPNsense proxy authentication + 2 + 5 + + + + + + + + + + + + + + 1 + monitor + nUTIRozDeJMiQ2Goj8BR + nUTIRozDeJMiQ2Goj8BR + 0 + + + + + 1 + + Kempten + admin@einsle.de + 0 + + + + + 1 + mqfc2m8gTqPft9uvsTCYOl2tDC6OrnEI + {} + + + 1 + abfd31bd476a99d9 + Robby + + + + + + opt4,opt2,opt9,opt1,opt3,lan,opt6,opt8,opt5,opt7 + wan + v9 + 127.0.0.1:2056 + + + 1 + + + + + + 1 + 0 + opt9 + Local Database + 0 + + 0 + 0 + 1 + + + + + 0 + 0 +