├── .gitignore ├── README.md ├── compile.sh ├── compile ├── Windows.md ├── compile.bat ├── config_backup.xml ├── config_missing_net_static.xml ├── config_no_statics.xml ├── config_no_statics_hard.xml ├── config_no_subnets.xml └── config_no_subnets_hard.xml ├── img ├── VideoThumb.png ├── Win1.png ├── Win21.png ├── Win3.png ├── Win4.png ├── WinGit1.png ├── WinVS1.png ├── WinVS2.png ├── WinVS3.png └── WinVS4.png ├── pom.xml └── src └── main ├── java └── com │ └── simtechdata │ ├── App.java │ ├── data │ └── StaticmapLocal.java │ ├── enums │ └── Mode.java │ ├── migrate │ ├── Message.java │ └── Migrate.java │ └── pojos │ ├── Reservation.java │ ├── Subnet4.java │ └── Subnets.java └── resources └── version.properties /.gitignore: -------------------------------------------------------------------------------- 1 | .mvn/ 2 | .idea/ 3 | build/ 4 | graalvm/ 5 | target/ 6 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Migration 2 | 3 | Migration is a utility that will take your static IP address mappings in OPNsense and migrate them over to the Kea DHCP server that comes with OPNsense version 24. 4 | 5 | - **You must upgrade to OPNsense version 24 before using this utility** 6 | 7 | ### Here is a video tutorial if that works best for you 8 | 9 | [

](https://youtu.be/9yLQezDKVoY) 10 | 11 | ### This is a simple tool to use: 12 | 13 | 1) [Download the program](https://github.com/EasyG0ing1/Migration/releases/latest) for your operating system (they are native binaries, no need for a Java runtime environment). 14 | * Create a clean folder to put the program in 15 | 2) From your OPNsense interface, go to Services / Kea DHCP / Kea DHCPv4 Then Subnets on the right 16 | 3) Define all of your subnets and their IP Pools. 17 | * The tool uses those newly created subnets to automatically assign your current reservations to the correct subnet. 18 | 4) Apply those changes 19 | 5) Go to System / Configuration / Backups 20 | 6) Click on Download Configuration 21 | * Save the file as `config.xml` in the same folder you downloaded to tool into 22 | * Make a copy of it just in case 23 | 7) Open a shell (cmd.exe or terminal etc.) and go into that folder 24 | 8) run `migrate` 25 | - You should see that the file `new_config.xml` has been created 26 | - If you don't then you will see a description of some problem that was found which will help you understand what needs to be fixed in your config.xml file 27 | 9) Go back into OPNsense under backups and restore this new file. 28 | - Make sure you UNCKECK the box that says Reboot after restore 29 | 30 | Done! 31 | 32 | ### [Binaries](https://github.com/EasyG0ing1/Migration/releases/latest) 33 | The binaries were compiled and tested in these operating systems 34 | 35 | - Windows 11 (build 21996.1) 36 | - MacOS Sonoma 14.2.1 37 | - Ubuntu 22.0.4 LTS (Jammy Jellyfish) 38 | 39 | With MacOS or Linux you might need to set the program as executable 40 | 41 | ```bash 42 | chmod +x migrate 43 | ``` 44 | 45 | No guarantees with older versions of these operating systems. 46 | 47 | ## Summary of what this utility does 48 | * Loads config.xml into memory 49 | * Loads existing static maps into memory from the `staticmap` xml node 50 | * Loads the Kea subnets from the `subnet4` xml node 51 | * Iterates through each static mapping 52 | * Compares each IP address with the Kea Subnets you created looking for a match 53 | * Creates a new Kea DHCP static mapping using the subnet UUID from the matched subnet 54 | * Assigns a new random UUID to the new static map for Kea 55 | * Converts the new mappings into xml under the node name `reservations` 56 | * Replaces the `reservations` xml node from the original `config.xml` file 57 | * Saves the modified xml to a new file named `new_config.xml` 58 | 59 | Every step along the way is checked for problems and if any are found, the program tells you exactly what you need to look for to settle the problem. 60 | 61 | # Compiling 62 | 63 | If you are a glutton for punishment and you want to compile the code yourself, these instructions will work. 64 | 65 | ## Windows 66 | 67 | [Click Here](compile/Windows.md) to learn how to setup the Windows build environment 68 | 69 | After following those instructions, you should have made the `github` folder off the root. If not: 70 | 71 | ```bash 72 | mkdir C:\github 73 | ``` 74 | 75 | Next 76 | 77 | ```bash 78 | cd C:\github 79 | git clone https://github.com/EasyG0ing1/Migration.git 80 | cd Migration\compile 81 | compile.bat 82 | ``` 83 | 84 | It could take anywhere from a minute to ten minutes or longer to compile the native image depending on your CPU and how 85 | much RAM you have. Be patient! 86 | 87 | The executable will be here `C:\github\Migration\target\migrate.exe` 88 | 89 | ## MacOS and Linux 90 | 91 | - First, install SDK Man 92 | ```shell 93 | curl -s "https://get.sdkman.io" | bash 94 | ``` 95 | - It will give you a command to copy and paste into terminal that will source the config, or simply restart your terminal. 96 | - Next, install GraalVM v21 97 | ```shell 98 | sdk install java 21.0.2-graal 99 | ``` 100 | (this takes about a minute-ish) 101 | - Install Maven 102 | - Pick a folder to hold the maven file tree 103 | - Go into that folder 104 | ```shell 105 | cd /My/Folder 106 | wget https://dlcdn.apache.org/maven/maven-3/3.9.6/binaries/apache-maven-3.9.6-bin.zip 107 | unzip apache-maven-3.9.6-bin.zip 108 | mv apache-maven-3.9.6 maven3.9.6 109 | ``` 110 | - Edit whatever file you use to run exports when your shell starts and add 111 | ```shell 112 | export PATH="/My/Path/To/maven3.9.6/bin":$PATH 113 | ``` 114 | - Run that command in your terminal too so that you don't need to restart terminal 115 | - Run this and expect the output shown here 116 | ```shell 117 | mvn --version 118 | ``` 119 | Output 120 | ```text 121 | Apache Maven 3.9.6 122 | Maven home: /My/Path/To/maven3.9.6/libexec 123 | Java version: 21, vendor: Oracle Corporation, runtime: /Library/Java/JavaVirtualMachines/graalvm-jdk-21+35.1/Contents/Home 124 | ``` 125 | 126 | - If you're using MacOS and you DON'T have the xcode command line tools installed, run this 127 | ```shell 128 | xcode-select install 129 | ``` 130 | - And it will take a LOOOONG time to finish - possibly up to 20 minutes or longer. Get some coffee or water or popcorn ... 131 | - If you're using Linux, then you need to install this 132 | ```shell 133 | sudo apt update 134 | sudo apt install build-essential libz-dev zlib1g-dev -y 135 | ``` 136 | - This won't take too long to install 137 | - We're back to ALL OS's from here 138 | - Next, go into a folder you can clone this repository into then 139 | ```shell 140 | git clone https://github.com/EasyG0ing1/Migration.git 141 | cd Migration 142 | chmod +x compile.sh 143 | ./compile.sh 144 | ls -l target 145 | ``` 146 | 147 | - It can take some time to build the native-image. On a 2019 MBP it takes about a minute. On older hardware it can take 148 | up to 10 minutes or more, it depends on your CPU and how much RAM you have. Just be patient, if there is a problem, it 149 | will throw an error and dump out so if that didn't happen, then it's working. 150 | - You should see the `migrate` binary in the target folder. 151 | - You may need to set it as executable 152 | ```shell 153 | chmod +x target/migrate 154 | ``` 155 | 156 | # Issues 157 | If you have any problems that you can't figure out, create an issue and I will be happy to assist. 158 | 159 | ### Contributing 160 | Create an Issue or a Pull Request if you want to contribute to the project. 161 | 162 | ### Updates 163 | 164 | * 2.2.0 165 | * Cleaned up code to simplify 166 | * Removed unused pojos 167 | * Added enums Package 168 | * Added migrate Package 169 | * Added Migrate class 170 | * Cleaned up Message class and removed unused objects 171 | * Added Mode enum 172 | 173 | * 2.1.4 174 | * Modified handling of ISC DHCP mappings when no MAC address exists where a CID value is provided 175 | * Updated the static mapping error messages so that they include relevant details from the static map, making it easier to locate the record for correction 176 | 177 | * 2.1.3 178 | * Minor changes to code structure 179 | 180 | * 2.1.2 181 | * Fixed problem where xml tags were in the wrong case in the `new_config.xml` 182 | 183 | * 2.1.1 184 | * Added clear and expanded error messages so that any problems that might happen should always present the user with a clear and exact cause of the problem along with instructions explaining how to correct the problem 185 | 186 | * 2.1.0 187 | * Removed the need to run a check before doing the migration 188 | * Users will get specific feedback if there are any problems which will let them know exactly what is wrong if there are any problems with the migration. 189 | 190 | * 2.0.1 191 | * Minor enhancements 192 | 193 | * 2.0.0 194 | * Streamlined use of XML library, eliminating unnecessary calls. 195 | * Program now outputs a file that can be directly imported into OPNsense 196 | 197 | * 1.0.1 198 | * Added more detailed error reporting 199 | 200 | * 1.0.0 201 | * Initial Release 202 | -------------------------------------------------------------------------------- /compile.sh: -------------------------------------------------------------------------------- 1 | G=graalvm 2 | T=target 3 | C=compile 4 | mvn clean package 5 | java --enable-preview -agentlib:native-image-agent=config-merge-dir=$G -jar $T/Migration-jar-with-dependencies.jar version 6 | cp $C/config_backup.xml ./config.xml 7 | java --enable-preview -agentlib:native-image-agent=config-merge-dir=$G -jar $T/Migration-jar-with-dependencies.jar graal 8 | cp $C/config_no_statics.xml ./config.xml 9 | java --enable-preview -agentlib:native-image-agent=config-merge-dir=$G -jar $T/Migration-jar-with-dependencies.jar graal 10 | cp $C/config_no_statics_hard.xml ./config.xml 11 | java --enable-preview -agentlib:native-image-agent=config-merge-dir=$G -jar $T/Migration-jar-with-dependencies.jar graal 12 | cp $C/config_no_subnets.xml ./config.xml 13 | java --enable-preview -agentlib:native-image-agent=config-merge-dir=$G -jar $T/Migration-jar-with-dependencies.jar graal 14 | cp $C/config_missing_net_static.xml ./config.xml 15 | java --enable-preview -agentlib:native-image-agent=config-merge-dir=$G -jar $T/Migration-jar-with-dependencies.jar graal 16 | cp $C/config_no_subnets_hard.xml ./config.xml 17 | java --enable-preview -agentlib:native-image-agent=config-merge-dir=$G -jar $T/Migration-jar-with-dependencies.jar graal 18 | rm ./config.xml 19 | rm ./new_config.xml 20 | mvn clean -Pnative native:compile 21 | -------------------------------------------------------------------------------- /compile/Windows.md: -------------------------------------------------------------------------------- 1 | ## Windows Build Environment 2 | 3 | If you have the ability to use a virtual machine and a clean install of Windows, that would be your best option. That 4 | way, when were're finished, you just delete the VM after you have your binary file. If not, no worries; we'll have a 5 | clean up process when we're done to remove the build tools that you'll need to install to make this binary. 6 | 7 | You will need: 8 | 9 | * GraalVM with Java version 22 and you can download it [here](https://www.graalvm.org/downloads/#) 10 | Chose Java 22 and your Windows version then Download. 11 | * Apache Maven which you can [download here](https://maven.apache.org/download.cgi). Get the Binary zip archive under 12 | Link. 13 | * Visual Studio Build Tools (install steps below) 14 | 15 | Create a folder off of the root of C and call it graalvm. 16 | 17 | Next, extract the GraalVM downloaded zip file into that folder. This should end up with a path that looks similar to 18 | this: `C:\graalvm\graalvm-jdk-22.0.1+8.1` 19 | 20 | Next, extract the Maven zip file to the same folder which will give you path similar to 21 | this: `C:\graalvm\apache-maven-3.9.6` 22 | 23 | Next, you need to edit the environment variables so that the build tools know where to find Java and Maven. 24 | 25 | Right click on This PC, Properties, and then click on Advanced system settings. Then click on the button that says 26 | Environment 27 | Variables 28 | 29 | [

]() 30 | 31 | Next, you will need to create a new System environment variable named `JAVA_HOME` 32 | 33 | [

]() 34 | 35 | The path needs to be the path that you extracted the graalvm zip file and it should look similar to whats in the picture 36 | above. 37 | 38 | Next, you need to edit the Path environment variable under System variables by double clicking it, then click New and 39 | add a path to the `bin` folder of both GraalVM and Apache Maven and they should end up looking similar to this: 40 | 41 | [

]() 42 | 43 | Keep clicking OK to get out of those windows. 44 | 45 | ## Install Winget 46 | 47 | Open a Powershell as administrator by tapping the Windows key on your keyboard, then just type in powershell and click 48 | on the Run as Administarator oprion. 49 | 50 | [

]() 51 | 52 | Once powershell is open, run this: 53 | 54 | ```bash 55 | Add-AppxPackage -RegisterByFamilyName -MainPackage Microsoft.DesktopAppInstaller_8wekyb3d8bbwe 56 | ``` 57 | 58 | You can close powershell now. 59 | 60 | But here's the thing ... I don't know why, but after you run that command, it takes some time for the `winget` program 61 | to actually install, and you won't see anything indicating that it is installing or that it was installed ... you just 62 | have to wait. In my case, I tried opening and re-opening a CMD shell (fastest way to do that is to hold down the Windows 63 | key, press `R` type `cmd` and hit enter) and typing `winget` to see if it was installed but 64 | after several minutes, it wasn't so I just went and did other stuff for a while then came back like 15 minutes later and 65 | opened a `CMD` shell, 66 | typed in `winget` and walla! There it was! 67 | 68 | Once that is working, you can install `git` like this: 69 | 70 | ```bash 71 | winget install --id Git.Git -e --source winget 72 | ``` 73 | 74 | That install you will see happening in real time. Once it's installed, you need to exit out of the cmd shell and open a 75 | new one so that the changes it makes to the path are applied to the active shell. 76 | 77 | Once git is installed, we need to install the Visual Studio Tools. Start by installing the installer: 78 | 79 | ```bash 80 | winget install Microsoft.VisualStudio.2022.BuildTools --exact 81 | ``` 82 | 83 | After that completes, open the installer by tapping the Windows key, then click on the installer. 84 | 85 | [

]() 86 | 87 | When that opens, click on these items in the order that they are numbered: 88 | 89 | [

]() 104 | 105 | Then when you see this message 106 | 107 | [

]() 108 | 109 | You can close the installer. 110 | 111 | Now, open a new `CMD` window (again, the easiest way to do that is to hold down the Windows key on your keyboard and 112 | then 113 | press `R`; then type in `cmd` and hit enter) 114 | 115 | Next, create a github folder off the root 116 | 117 | ```bash 118 | mkdir C:\github 119 | cd C:\github 120 | ``` 121 | 122 | type: `mvn --version` and hit enter. You should see something that looks like this: 123 | 124 | [

]() 125 | 126 | Go back to the [README](https://github.com/EasyG0ing1/Migration) 127 | -------------------------------------------------------------------------------- /compile/compile.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | set "C=%~dp0" 3 | set "C=%C:~0,-1%" 4 | for %%I in ("%C%") do set "P=%%~dpI" 5 | set "P=%P:~0,-1%" 6 | set "G=%P%\graalvm" 7 | set "T=%P%\target" 8 | rd /S /Q %G% 9 | cd %P% 10 | call mvn -f %P%\pom.xml clean package 11 | call java --enable-preview -agentlib:native-image-agent=config-output-dir=%G% -jar %T%\Migration-jar-with-dependencies.jar version 12 | echo F | xcopy %C%\config_backup.xml %P%\config.xml /Y 13 | call java --enable-preview -agentlib:native-image-agent=config-merge-dir=%G% -jar %T%\Migration-jar-with-dependencies.jar graal 14 | echo F | xcopy %C%\config_missing_net_static.xml %P%\config.xml /Y 15 | call java --enable-preview -agentlib:native-image-agent=config-merge-dir=%G% -jar %T%\Migration-jar-with-dependencies.jar graal 16 | echo F | xcopy %C%\config_no_statics.xml %P%\config.xml /Y 17 | call java --enable-preview -agentlib:native-image-agent=config-merge-dir=%G% -jar %T%\Migration-jar-with-dependencies.jar graal 18 | echo F | xcopy %C%\config_no_statics_hard.xml %P%\config.xml /Y 19 | call java --enable-preview -agentlib:native-image-agent=config-merge-dir=%G% -jar %T%\Migration-jar-with-dependencies.jar graal 20 | echo F | xcopy %C%\config_no_subnets.xml %P%\config.xml /Y 21 | call java --enable-preview -agentlib:native-image-agent=config-merge-dir=%G% -jar %T%\Migration-jar-with-dependencies.jar graal 22 | echo F | xcopy %C%\config_no_subnets_hard.xml %P%\config.xml /Y 23 | call java --enable-preview -agentlib:native-image-agent=config-merge-dir=%G% -jar %T%\Migration-jar-with-dependencies.jar graal 24 | del %P%\config.xml 25 | del %P%\new_config.xml 26 | cd %C% 27 | call mvn -f %P%\pom.xml clean -Pnative native:compile 28 | -------------------------------------------------------------------------------- /compile/config_no_statics_hard.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | vicuna 4 | 5 | 6 | Increase UFS read-ahead speeds to match the state of hard drives and NCQ. 7 | vfs.read_max 8 | default 9 | 10 | 11 | Set the ephemeral port range to be lower. 12 | net.inet.ip.portrange.first 13 | default 14 | 15 | 16 | Drop packets to closed TCP ports without returning a RST 17 | net.inet.tcp.blackhole 18 | default 19 | 20 | 21 | Do not send ICMP port unreachable messages for closed UDP ports 22 | net.inet.udp.blackhole 23 | default 24 | 25 | 26 | Randomize the ID field in IP packets 27 | net.inet.ip.random_id 28 | default 29 | 30 | 31 | 32 | Source routing is another way for an attacker to try to reach non-routable addresses behind your box. 33 | It can also be used to probe for information about your internal networks. These functions come enabled 34 | as part of the standard FreeBSD core system. 35 | 36 | net.inet.ip.sourceroute 37 | default 38 | 39 | 40 | 41 | Source routing is another way for an attacker to try to reach non-routable addresses behind your box. 42 | It can also be used to probe for information about your internal networks. These functions come enabled 43 | as part of the standard FreeBSD core system. 44 | 45 | net.inet.ip.accept_sourceroute 46 | default 47 | 48 | 49 | 50 | This option turns off the logging of redirect packets because there is no limit and this could fill 51 | up your logs consuming your whole hard drive. 52 | 53 | net.inet.icmp.log_redirect 54 | default 55 | 56 | 57 | Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway) 58 | net.inet.tcp.drop_synfin 59 | default 60 | 61 | 62 | Enable sending IPv6 redirects 63 | net.inet6.ip6.redirect 64 | default 65 | 66 | 67 | Enable privacy settings for IPv6 (RFC 4941) 68 | net.inet6.ip6.use_tempaddr 69 | default 70 | 71 | 72 | Prefer privacy addresses and use them over the normal addresses 73 | net.inet6.ip6.prefer_tempaddr 74 | default 75 | 76 | 77 | Generate SYN cookies for outbound SYN-ACK packets 78 | net.inet.tcp.syncookies 79 | default 80 | 81 | 82 | Maximum incoming/outgoing TCP datagram size (receive) 83 | net.inet.tcp.recvspace 84 | default 85 | 86 | 87 | Maximum incoming/outgoing TCP datagram size (send) 88 | net.inet.tcp.sendspace 89 | default 90 | 91 | 92 | Do not delay ACK to try and piggyback it onto a data packet 93 | net.inet.tcp.delayed_ack 94 | default 95 | 96 | 97 | Maximum outgoing UDP datagram size 98 | net.inet.udp.maxdgram 99 | default 100 | 101 | 102 | Handling of non-IP packets which are not passed to pfil (see if_bridge(4)) 103 | net.link.bridge.pfil_onlyip 104 | default 105 | 106 | 107 | Set to 1 to additionally filter on the physical interface for locally destined packets 108 | net.link.bridge.pfil_local_phys 109 | default 110 | 111 | 112 | net.link.bridge.pfil_member 113 | 0 114 | Set to 0 to disable filtering on the incoming and outgoing member interfaces. 115 | 116 | 117 | net.link.bridge.pfil_bridge 118 | 1 119 | Set to 1 to enable filtering on the bridge interface 120 | 121 | 122 | Allow unprivileged access to tap(4) device nodes 123 | net.link.tap.user_open 124 | default 125 | 126 | 127 | Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid()) 128 | kern.randompid 129 | default 130 | 131 | 132 | Disable CTRL+ALT+Delete reboot from keyboard. 133 | hw.syscons.kbd_reboot 134 | default 135 | 136 | 137 | Enable TCP extended debugging 138 | net.inet.tcp.log_debug 139 | default 140 | 141 | 142 | Set ICMP Limits 143 | net.inet.icmp.icmplim 144 | default 145 | 146 | 147 | TCP Offload Engine 148 | net.inet.tcp.tso 149 | default 150 | 151 | 152 | UDP Checksums 153 | net.inet.udp.checksum 154 | default 155 | 156 | 157 | Maximum socket buffer size 158 | kern.ipc.maxsockbuf 159 | default 160 | 161 | 162 | Page Table Isolation (Meltdown mitigation, requires reboot.) 163 | vm.pmap.pti 164 | default 165 | 166 | 167 | Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation) 168 | hw.ibrs_disable 169 | default 170 | 171 | 172 | Hide processes running as other groups 173 | security.bsd.see_other_gids 174 | default 175 | 176 | 177 | Hide processes running as other users 178 | security.bsd.see_other_uids 179 | default 180 | 181 | 182 | Enable/disable sending of ICMP redirects in response to IP packets for which a better, 183 | and for the sender directly reachable, route and next hop is known. 184 | 185 | net.inet.ip.redirect 186 | default 187 | 188 | 189 | 190 | Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects 191 | to the end stations should not be required. This option enables the NIC to drop all inbound ICMP 192 | redirect 193 | packets without returning a response. 194 | 195 | net.inet.icmp.drop_redirect 196 | 1 197 | 198 | 199 | Maximum outgoing UDP datagram size 200 | net.local.dgram.maxdgram 201 | default 202 | 203 | 204 | 205 | normal 206 | OPNsense 207 | localdomain 208 | 1 209 | 210 | admins 211 | System Administrators 212 | system 213 | 1999 214 | 0 215 | page-all 216 | 217 | 218 | root 219 | System Administrator 220 | system 221 | admins 222 | $2y$10$jp/vIlkmXKHY4k1HcbRW4uAfX8HPtpsqNzl1DSPpvKb7P9I8zV6Ay 223 | 0 224 | 225 | 226 | $2y$11$GjAxbE45YjxJk2wSA9xq.OAVLbwIq9tMMRSJMpP74S7MRI5POFvHi 227 | user 228 | michael 229 | Michael Sims 230 | 231 | 232 | 233 | sims.mike@gmail.com 234 | 2000 235 | 6587b2632c429 236 | 237 | 2001 238 | 2000 239 | America/Los_Angeles 240 | 0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org 241 | 242 | 243 | http 244 | 652a77f30634b 245 | 246 | 247 | 248 | 249 | 250 | yes 251 | 1 252 | 1 253 | 1 254 | 1 255 | 1 256 | 1 257 | 258 | hadp 259 | hadp 260 | hadp 261 | 262 | monthly 263 | 264 | 1 265 | 1 266 | 267 | admins 268 | 1 269 | opt3,lan 270 | 271 | 272 | 273 | 274 | 275 | enabled 276 | 1 277 | 1 278 | 279 | -1 280 | -1 281 | 282 | 283 | 284 | os-ddclient,os-dmidecode,os-theme-vicuna,os-upnp,os-vmware,os-vnstat 285 | 286 | 287 | en_US 288 | 289 | 290 | none 291 | none 292 | none 293 | none 294 | none 295 | none 296 | none 297 | none 298 | 115200 299 | video 300 | 301 | 302 | 303 | 304 | 305 | igc0 306 | WAN 307 | 1 308 | 1 309 | 1 310 | dhcp 311 | 312 | 32 313 | 314 | 315 | 316 | 317 | 318 | 319 | 320 | SavedCfg 321 | 322 | 323 | 324 | 325 | 326 | 327 | 328 | dhcp6 329 | 0 330 | 331 | 332 | 333 | 334 | 335 | 336 | 337 | 338 | 339 | 340 | 341 | 342 | 343 | 344 | 345 | 346 | 347 | 348 | 349 | 350 | 351 | 352 | 353 | 354 | 355 | 356 | 357 | WAN_GW 358 | 359 | 360 | vmx0 361 | LAN 362 | 1 363 | 364 | 10.10.10.1 365 | 24 366 | FD00:BADE:0123:0001::1 367 | 64 368 | 369 | 370 | 1 371 | Loopback 372 | 1 373 | lo0 374 | 127.0.0.1 375 | ::1 376 | 8 377 | 128 378 | none 379 | 1 380 | 381 | 382 | igc1 383 | OPT1 384 | 1 385 | 386 | 387 | 388 | igc2 389 | OPT2 390 | 1 391 | 392 | 393 | 394 | bridge0 395 | Bridge 396 | 1 397 | 398 | 10.10.11.1 399 | 24 400 | FD00:BADE:0123:0002::100 401 | 64 402 | 403 | 404 | vmx1 405 | DMZ_NIC 406 | 1 407 | 408 | 10.10.12.1 409 | 24 410 | 411 | 412 | 413 | 414 | local 415 | hmac-md5 416 | 417 | 418 | 419 | 420 | 10.10.10.10 421 | 10.10.10.245 422 | 423 | 424 | 425 | 426 | 427 | 428 | local 429 | hmac-md5 430 | 431 | 432 | 433 | 434 | 10.10.11.100 435 | 10.10.11.254 436 | 437 | 438 | 439 | 440 | 441 | 442 | 443 | 444 | 445 | public 446 | 447 | 448 | 449 | hybrid 450 | 451 | 452 | Xbox_One_Console 453 | 454 | 455 | 1 456 | 457 | 458 | 459 | wan 460 | 461 | 462 | 463 | 464 | inet 465 | 466 | 0 467 | 1 468 | Xbox_Live_Port_50114 469 | tcp/udp 470 | 471 | root@10.10.10.13 472 | 1698310414.3595 473 | /firewall_nat_out_edit.php made changes 474 | 475 | 476 | root@10.10.10.13 477 | 1698310414.3595 478 | /firewall_nat_out_edit.php made changes 479 | 480 | 481 | 482 | 483 | Ubuntu_Desktop 484 | 485 | 486 | 1 487 | 488 | 489 | 490 | wan 491 | 492 | 493 | 494 | 495 | inet 496 | 497 | 0 498 | 1 499 | 3389 500 | tcp 501 | 502 | root@10.10.10.13 503 | 1698588996.2662 504 | /firewall_nat_out_edit.php made changes 505 | 506 | 507 | root@10.10.10.13 508 | 1698588996.2662 509 | /firewall_nat_out_edit.php made changes 510 | 511 | 512 | 513 | 514 | Ubuntu_Desktop_Temp 515 | 516 | 517 | 1 518 | 519 | 520 | 521 | wan 522 | 523 | 524 | 525 | 526 | inet 527 | 528 | 0 529 | 1 530 | 22 531 | tcp 532 | 533 | root@10.10.10.13 534 | 1699019461.2153 535 | /firewall_nat_out_edit.php made changes 536 | 537 | 538 | root@10.10.10.13 539 | 1699019461.2153 540 | /firewall_nat_out_edit.php made changes 541 | 542 | 543 | 544 | 545 | tcp/udp 546 | wan 547 | 548 | inet 549 | 550 | 551 | 552 | 553 | nat_653a28be978324.95074010 554 | Xbox_One_Console 555 | Xbox_Live_Port_50114 556 | 557 | 1 558 | 559 | 560 | wanip 561 | Xbox_Live_Port_50114 562 | 563 | purenat 564 | 565 | root@10.10.10.13 566 | 1698314934.3815 567 | /firewall_nat_edit.php made changes 568 | 569 | 570 | root@10.10.10.13 571 | 1698310334.6207 572 | /firewall_nat_edit.php made changes 573 | 574 | 575 | 576 | tcp/udp 577 | wan 578 | 579 | inet 580 | 581 | 582 | 583 | 584 | nat_65819ad4c14922.37519052 585 | 10.10.10.90 586 | 55655 587 | 588 | 1 589 | 590 | 591 | wanip 592 | 55655 593 | 594 | purenat 595 | 596 | root@10.10.10.90 597 | 1706337503.3933 598 | /firewall_nat_edit.php made changes 599 | 600 | 601 | root@10.10.10.90 602 | 1702992596.7918 603 | /firewall_nat_edit.php made changes 604 | 605 | 606 | 607 | tcp/udp 608 | wan 609 | 610 | inet 611 | 612 | 613 | 614 | 615 | nat_65aa62d66c5e83.75443953 616 | 10.10.10.90 617 | 55556 618 | 619 | 1 620 | 621 | 622 | wanip 623 | 55556 624 | 625 | purenat 626 | 627 | root@10.10.10.90 628 | 1705665238.444 629 | /firewall_nat_edit.php made changes 630 | 631 | 632 | root@10.10.10.90 633 | 1705665238.444 634 | /firewall_nat_edit.php made changes 635 | 636 | 637 | 638 | tcp/udp 639 | wan 640 | 641 | inet 642 | 643 | 644 | 645 | 646 | nat_658369c864ffa7.61701608 647 | 10.10.10.90 648 | 60300 649 | 650 | 1 651 | 652 | 653 | wanip 654 | 60300 655 | 656 | purenat 657 | 658 | root@10.10.10.90 659 | 1703354766.1618 660 | /firewall_nat_edit.php made changes 661 | 662 | 663 | root@10.10.10.90 664 | 1703111112.4138 665 | /firewall_nat_edit.php made changes 666 | 667 | 668 | 669 | tcp/udp 670 | wan 671 | 672 | inet 673 | 674 | 675 | 676 | 677 | nat_65d84f2916f3b3.79958818 678 | 10.10.10.90 679 | 60310 680 | 681 | 1 682 | 683 | 684 | wanip 685 | 60310 686 | 687 | purenat 688 | 689 | root@10.10.10.90 690 | 1708674857.0941 691 | /firewall_nat_edit.php made changes 692 | 693 | 694 | root@10.10.10.90 695 | 1708674857.0941 696 | /firewall_nat_edit.php made changes 697 | 698 | 699 | 700 | tcp/udp 701 | wan 702 | 703 | inet 704 | 705 | 706 | 707 | 708 | nat_65aa10b2326d13.57028309 709 | 10.10.10.34 710 | 22 711 | 712 | 1 713 | 714 | 715 | wanip 716 | 22 717 | 718 | purenat 719 | 720 | root@10.10.10.90 721 | 1705644210.2067 722 | /firewall_nat_edit.php made changes 723 | 724 | 725 | root@10.10.10.90 726 | 1705644210.2067 727 | /firewall_nat_edit.php made changes 728 | 729 | 730 | 731 | tcp/udp 732 | wan 733 | 734 | inet 735 | 736 | 737 | 738 | 739 | nat_65a711cdb84007.33086063 740 | 10.10.12.10 741 | 3389 742 | 743 | 1 744 | 745 | 746 | wanip 747 | 3389 748 | 749 | purenat 750 | 751 | root@10.10.10.90 752 | 1705447885.7548 753 | /firewall_nat_edit.php made changes 754 | 755 | 756 | root@10.10.10.90 757 | 1705447885.7548 758 | /firewall_nat_edit.php made changes 759 | 760 | 761 | 762 | 763 | 764 | nat_653a28be978324.95074010 765 | 766 | 1 767 | 768 | wan 769 | keep state 770 | tcp/udp 771 | inet 772 | 773 |

Xbox_One_Console

774 | Xbox_Live_Port_50114 775 | 776 | 777 | 778 | 779 | root@10.10.10.13 780 | 1698310334.6206 781 | /firewall_nat_edit.php made changes 782 | 783 | 784 | 785 | nat_65819ad4c14922.37519052 786 | 787 | 1 788 | 789 | wan 790 | keep state 791 | tcp/udp 792 | inet 793 | 794 |

10.10.10.90

795 | 55655 796 | 797 | 798 | 799 | 800 | root@10.10.10.90 801 | 1702992596.7917 802 | /firewall_nat_edit.php made changes 803 | 804 | 805 | 806 | nat_658369c864ffa7.61701608 807 | 808 | 1 809 | 810 | wan 811 | keep state 812 | tcp/udp 813 | inet 814 | 815 |

10.10.10.90

816 | 60300 817 | 818 | 819 | 820 | 821 | root@10.10.10.90 822 | 1703111112.4137 823 | /firewall_nat_edit.php made changes 824 | 825 | 826 | 827 | pass 828 | inet 829 | Default allow LAN to any rule 830 | lan 831 | 832 | lan 833 | 834 | 835 | 836 | 837 | 838 | 839 | pass 840 | inet6 841 | Default allow LAN IPv6 to any rule 842 | lan 843 | 844 | lan 845 | 846 | 847 | 848 | 849 | 850 | 851 | pass 852 | opt3 853 | inet 854 | keep state 855 | Default allow Bridge to any rule 856 | in 857 | 1 858 | 859 | opt3 860 | 861 | 862 | 1 863 | 864 | 865 | root@10.10.10.13 866 | 1697282852.8522 867 | /firewall_rules_edit.php made changes 868 | 869 | 870 | root@10.10.10.13 871 | 1697282852.8522 872 | /firewall_rules_edit.php made changes 873 | 874 | 875 | 876 | block 877 | opt4 878 | inet 879 | keep state 880 | in 881 | 1 882 | 883 | 1 884 | 885 | 886 | lan 887 | 888 | 889 | root@10.10.10.90 890 | 1705446299.7885 891 | /firewall_rules_edit.php made changes 892 | 893 | 894 | root@10.10.10.90 895 | 1705446299.7885 896 | /firewall_rules_edit.php made changes 897 | 898 | 899 | 900 | block 901 | opt4 902 | inet 903 | keep state 904 | in 905 | 1 906 | 907 | 1 908 | 909 | 910 | opt3 911 | 912 | 913 | root@10.10.10.90 914 | 1705446398.4221 915 | /firewall_rules_edit.php made changes 916 | 917 | 918 | root@10.10.10.90 919 | 1705446398.4221 920 | /firewall_rules_edit.php made changes 921 | 922 | 923 | 924 | pass 925 | opt4 926 | inet 927 | keep state 928 | Default allow Bridge to any rule 929 | in 930 | 1 931 | 932 | opt4 933 | 934 | 935 | 1 936 | 937 | 938 | root@10.10.10.90 939 | 1705446247.4888 940 | /firewall_rules_edit.php made changes 941 | 942 | 943 | root@10.10.10.90 944 | 1705446010.3217 945 | /firewall_rules_edit.php made changes 946 | 947 | 948 | 949 | nat_65a711cdb84007.33086063 950 | 951 | 1 952 | 953 | wan 954 | keep state 955 | tcp/udp 956 | inet 957 | 958 |

10.10.12.10

959 | 3389 960 | 961 | 962 | 963 | 964 | root@10.10.10.90 965 | 1705447885.7547 966 | /firewall_nat_edit.php made changes 967 | 968 | 969 | 970 | nat_65aa10b2326d13.57028309 971 | 972 | 1 973 | 974 | wan 975 | keep state 976 | tcp/udp 977 | inet 978 | 979 |

10.10.10.34

980 | 22 981 | 982 | 983 | 984 | 985 | root@10.10.10.90 986 | 1705644210.2066 987 | /firewall_nat_edit.php made changes 988 | 989 | 990 | 991 | nat_65aa62d66c5e83.75443953 992 | 993 | 1 994 | 995 | wan 996 | keep state 997 | tcp/udp 998 | inet 999 | 1000 |

10.10.10.90

1001 | 55556 1002 | 1003 | 1004 | 1005 | 1006 | root@10.10.10.90 1007 | 1705665238.4439 1008 | /firewall_nat_edit.php made changes 1009 | 1010 | 1011 | 1012 | nat_65d84f2916f3b3.79958818 1013 | 1014 | 1 1015 | 1016 | wan 1017 | keep state 1018 | tcp/udp 1019 | inet 1020 | 1021 |

10.10.10.90

1022 | 60310 1023 | 1024 | 1025 | 1026 | 1027 | root@10.10.10.90 1028 | 1708674857.094 1029 | /firewall_nat_edit.php made changes 1030 | 1031 | 1032 | 1033 | 1034 | 1035 | 1036 | 1037 | 1038 | ICMP 1039 | icmp 1040 | ICMP 1041 | 1042 | 1043 | 1044 | TCP 1045 | tcp 1046 | Generic TCP 1047 | 1048 | 1049 | 1050 | HTTP 1051 | http 1052 | Generic HTTP 1053 | 1054 | / 1055 | 1056 | 200 1057 | 1058 | 1059 | 1060 | HTTPS 1061 | https 1062 | Generic HTTPS 1063 | 1064 | / 1065 | 1066 | 200 1067 | 1068 | 1069 | 1070 | SMTP 1071 | send 1072 | Generic SMTP 1073 | 1074 | 1075 | 220 * 1076 | 1077 | 1078 | 1079 | 1080 | 0.opnsense.pool.ntp.org 1081 | 1082 | 1083 | 1084 | system_information-container:00000000-col3:show,dmidecode-container:00000001-col3:show,services_status-container:00000002-col4:show,gateways-container:00000003-col4:show,interface_list-container:00000004-col4:show,traffic_graphs-container:00000005-col4:show,interface_statistics-container:00000006-col4:show,ntp_status-container:00000007-col4:show,system_log-container:00000008-col4:show 1085 | 1086 | 2 1087 | 1088 | 1089 | root@10.10.10.90 1090 | /api/kea/dhcpv4/set made changes 1091 | 1710870136.2357 1092 | 1093 | 1094 | 1095 | 1096 | 1097 | 1098 | 1099 | 1100 | 1101 | 1102 | 1103 | 1104 | 1105 | 1106 | 1107 | 1108 | 1109 | 1110 | 1111 | 1112 | 1113 | 1114 | 1115 | 1116 | 1117 | 1118 | 1119 | 1120 | 1121 | 1122 | 1123 | 1124 | 1125 | 1126 | 1127 | 1128 | 1129 | 1130 | 1131 | 1132 | 1133 | 1134 | 1135 | 1 1136 | Xbox_Live_Port_50114 1137 | port 1138 | 1139 | 1140 | 0 1141 | 1142 | 50114 1143 | 1144 | 1145 | 1146 | 1147 | 1 1148 | Xbox_One_Console 1149 | host 1150 | 1151 | 1152 | 0 1153 | 1154 | 10.10.11.99 1155 | 1156 | 1157 | 1158 | 1159 | 1 1160 | Ubuntu_Desktop 1161 | host 1162 | 1163 | 1164 | 0 1165 | 1166 | 10.10.10.44 1167 | 1168 | 1169 | 1170 | 1171 | 1 1172 | Ubuntu_Desktop_Temp 1173 | host 1174 | 1175 | 1176 | 0 1177 | 1178 | 10.10.10.55 1179 | 1180 | 1181 | 1182 | 1183 | 1184 | 1185 | 1186 | 1187 | 1188 | 1189 | 1190 | 1191 | 1192 | 1193 | 1194 | 1195 | opt3,lan,wan 1196 | wan 1197 | v9 1198 | 127.0.0.1:2056 1199 | 1200 | 1201 | 1 1202 | 1203 | 1800 1204 | 15 1205 | 1206 | 1207 | 1208 | 1209 | 1210 | 1211 | 1212 | 1213 | 0 1214 | 0 1215 | 0 1216 | wan 1217 | 192.168.0.0/16,10.0.0.0/8,172.16.0.0/12 1218 | 1219 | 1220 | W0D23 1221 | 4 1222 | ac 1223 | 1224 | medium 1225 | 1226 | 1227 | 1228 | 0 1229 | 0 1230 | 0 1231 | 1232 | 1233 | 1234 | 1235 | 1236 | 1237 | 1238 | 1239 | 1240 | 1241 | 0 1242 | 120 1243 | 120 1244 | 127.0.0.1 1245 | 25 1246 | 1247 | 1248 | 0 1249 | auto 1250 | 1 1251 | syslog facility log_daemon 1252 | 1253 | 1254 | 1255 | 0 1256 | root 1257 | 7tYWsfWDcLWVW79dKzldO 1258 | 2812 1259 | 1260 | 1261 | 5 1262 | 1 1263 | 1264 | 1265 | 0 1266 | root@localhost.local 1267 | 0 1268 | 1269 | 1270 | 10 1271 | 1272 | 1273 | 1274 | 1 1275 | $HOST 1276 | 1277 | system 1278 | 1279 | 1280 | 1281 | 300 1282 | 30 1283 |

1284 | 1285 | 1286 | 1287 | 1288 | 6671ba49-729a-4a9c-b40a-cc3541d9d346,014f8720-8610-498e-802f-991d8e780bd1,acb5c067-15f1-4932-99d9-3cc3243edc31,c76e0d36-e04d-4ceb-aaf8-0d8704356f46 1289 | 1290 | 1291 | 1292 | 1293 | 1294 | 1 1295 | RootFs 1296 | 1297 | filesystem 1298 | 1299 | 1300 | / 1301 | 300 1302 | 30 1303 |

1304 | 1305 | 1306 | 1307 | bd3e982b-3063-4561-b60e-c90c8eb33096 1308 | 1309 | 1310 | 1311 | 1312 | 0 1313 | carp_status_change 1314 | 1315 | custom 1316 | 1317 | 1318 | /usr/local/opnsense/scripts/OPNsense/Monit/carp_status 1319 | 300 1320 | 30 1321 |

1322 | 1323 | 1324 | 1325 | d9c966ab-6a26-4e24-80c7-318cb42528af 1326 | 1327 | 1328 | 1329 | 1330 | 0 1331 | gateway_alert 1332 | 1333 | custom 1334 | 1335 | 1336 | /usr/local/opnsense/scripts/OPNsense/Monit/gateway_alert 1337 | 300 1338 | 30 1339 |

1340 | 1341 | 1342 | 1343 | 4f68c864-d7a1-47d2-9784-f40d66e885b9 1344 | 1345 | 1346 | 1347 | 1348 | Ping 1349 | NetworkPing 1350 | failed ping 1351 | alert 1352 | 1353 | 1354 | 1355 | NetworkLink 1356 | NetworkInterface 1357 | failed link 1358 | alert 1359 | 1360 | 1361 | 1362 | NetworkSaturation 1363 | NetworkInterface 1364 | saturation is greater than 75% 1365 | alert 1366 | 1367 | 1368 | 1369 | MemoryUsage 1370 | SystemResource 1371 | memory usage is greater than 75% 1372 | alert 1373 | 1374 | 1375 | 1376 | CPUUsage 1377 | SystemResource 1378 | cpu usage is greater than 75% 1379 | alert 1380 | 1381 | 1382 | 1383 | LoadAvg1 1384 | SystemResource 1385 | loadavg (1min) is greater than 4 1386 | alert 1387 | 1388 | 1389 | 1390 | LoadAvg5 1391 | SystemResource 1392 | loadavg (5min) is greater than 3 1393 | alert 1394 | 1395 | 1396 | 1397 | LoadAvg15 1398 | SystemResource 1399 | loadavg (15min) is greater than 2 1400 | alert 1401 | 1402 | 1403 | 1404 | SpaceUsage 1405 | SpaceUsage 1406 | space usage is greater than 75% 1407 | alert 1408 | 1409 | 1410 | 1411 | ChangedStatus 1412 | ProgramStatus 1413 | changed status 1414 | alert 1415 | 1416 | 1417 | 1418 | NonZeroStatus 1419 | ProgramStatus 1420 | status != 0 1421 | alert 1422 | 1423 | 1424 | 1425 | 1426 | 1427 | 0 1428 | opnsense 1429 | 1430 | 1431 | 1432 | 1 1433 | 1 1434 | 1435 | 1436 | 1437 | 1438 | 1439 | 0 1440 | on 1441 | strip 1442 | 1 1443 | 1 1444 | 0 1445 | 1446 | admin@localhost.local 1447 | 1448 | 1449 | 1450 | 0 1451 | /var/squid/cache 1452 | 256 1453 | 1454 | 1455 | always 1456 | 100 1457 | 16 1458 | 256 1459 | 0 1460 | 0 1461 | 1462 | 1463 | 1464 | 0 1465 | 2048 1466 | 1024 1467 | 1024 1468 | 256 1469 | 1470 | 1471 | 0 1472 | 1473 | 0 1474 | username 1475 | password 1476 | 1477 | 1478 | 1479 | 1480 | 1481 | 1482 | lan 1483 | 3128 1484 | 3129 1485 | 0 1486 | 0 1487 | 1488 | 1489 | 4 1490 | 5 1491 | 0 1492 | 3401 1493 | public 1494 | 1495 | 2121 1496 | 0 1497 | 1 1498 | 0 1499 | 1500 | 1501 | 1502 | 1503 | 1504 | 1505 | 1506 | 1507 | 1508 | 1509 | 80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered 1510 | ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http 1511 | 1512 | 443:https 1513 | 1514 | 1515 | 1516 | 1517 | 1518 | 1519 | 0 1520 | icap://[::1]:1344/avscan 1521 | icap://[::1]:1344/avscan 1522 | 1 1523 | 0 1524 | 0 1525 | X-Username 1526 | 1 1527 | 1024 1528 | 60 1529 | 1530 | 1531 | 1532 | 1533 | 1534 | OPNsense proxy authentication 1535 | 2 1536 | 5 1537 | 1538 | 1539 | 1540 | 1541 |