From 6ecb087ee2f2f0a1ca397e4094e19ef674f986a6 Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Thu, 4 May 2023 10:05:48 +0200 Subject: [PATCH] push 23.4 configuration files and add 4000 to the bios section --- source/hardware/bios.rst | 6 +- .../hardware/configs/23.4/A10-gen3-config.xml | 423 +++++++++++++++++ .../hardware/configs/23.4/A10V2-SD-config.xml | 397 ++++++++++++++++ source/hardware/configs/23.4/A10V2-config.xml | 397 ++++++++++++++++ source/hardware/configs/23.4/A20-config.xml | 428 ++++++++++++++++++ source/hardware/defaults.rst | 13 + 6 files changed, 1661 insertions(+), 3 deletions(-) create mode 100644 source/hardware/configs/23.4/A10-gen3-config.xml create mode 100644 source/hardware/configs/23.4/A10V2-SD-config.xml create mode 100644 source/hardware/configs/23.4/A10V2-config.xml create mode 100644 source/hardware/configs/23.4/A20-config.xml diff --git a/source/hardware/bios.rst b/source/hardware/bios.rst index 4e48cb05..a81fae27 100644 --- a/source/hardware/bios.rst +++ b/source/hardware/bios.rst @@ -14,9 +14,9 @@ how to install them. **Product families** ===================================================================================================================== -------------------------- -DEC800 & DEC3800 series -------------------------- +-------------------------------------- +DEC800, DEC3800 & DEC4000 series +-------------------------------------- +---------------+------------------------------------------------------------------------------------------------------------------------------------------+ |**12-2022**: Version 10a (latest) | diff --git a/source/hardware/configs/23.4/A10-gen3-config.xml b/source/hardware/configs/23.4/A10-gen3-config.xml new file mode 100644 index 00000000..01985ca0 --- /dev/null +++ b/source/hardware/configs/23.4/A10-gen3-config.xml @@ -0,0 +1,423 @@ + + + + opnsense + + + Increase UFS read-ahead speeds to match the state of hard drives and NCQ. + vfs.read_max + default + + + Set the ephemeral port range to be lower. + net.inet.ip.portrange.first + default + + + Drop packets to closed TCP ports without returning a RST + net.inet.tcp.blackhole + default + + + Do not send ICMP port unreachable messages for closed UDP ports + net.inet.udp.blackhole + default + + + Randomize the ID field in IP packets + net.inet.ip.random_id + default + + + + Source routing is another way for an attacker to try to reach non-routable addresses behind your box. + It can also be used to probe for information about your internal networks. These functions come enabled + as part of the standard FreeBSD core system. + + net.inet.ip.sourceroute + default + + + + Source routing is another way for an attacker to try to reach non-routable addresses behind your box. + It can also be used to probe for information about your internal networks. These functions come enabled + as part of the standard FreeBSD core system. + + net.inet.ip.accept_sourceroute + default + + + + This option turns off the logging of redirect packets because there is no limit and this could fill + up your logs consuming your whole hard drive. + + net.inet.icmp.log_redirect + default + + + Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway) + net.inet.tcp.drop_synfin + default + + + Enable sending IPv6 redirects + net.inet6.ip6.redirect + default + + + Enable privacy settings for IPv6 (RFC 4941) + net.inet6.ip6.use_tempaddr + default + + + Prefer privacy addresses and use them over the normal addresses + net.inet6.ip6.prefer_tempaddr + default + + + Generate SYN cookies for outbound SYN-ACK packets + net.inet.tcp.syncookies + default + + + Maximum incoming/outgoing TCP datagram size (receive) + net.inet.tcp.recvspace + default + + + Maximum incoming/outgoing TCP datagram size (send) + net.inet.tcp.sendspace + default + + + Do not delay ACK to try and piggyback it onto a data packet + net.inet.tcp.delayed_ack + default + + + Maximum outgoing UDP datagram size + net.inet.udp.maxdgram + default + + + Handling of non-IP packets which are not passed to pfil (see if_bridge(4)) + net.link.bridge.pfil_onlyip + default + + + Set to 1 to additionally filter on the physical interface for locally destined packets + net.link.bridge.pfil_local_phys + default + + + Set to 0 to disable filtering on the incoming and outgoing member interfaces. + net.link.bridge.pfil_member + default + + + Set to 1 to enable filtering on the bridge interface + net.link.bridge.pfil_bridge + default + + + Allow unprivileged access to tap(4) device nodes + net.link.tap.user_open + default + + + Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid()) + kern.randompid + default + + + Disable CTRL+ALT+Delete reboot from keyboard. + hw.syscons.kbd_reboot + default + + + Enable TCP extended debugging + net.inet.tcp.log_debug + default + + + Set ICMP Limits + net.inet.icmp.icmplim + default + + + TCP Offload Engine + net.inet.tcp.tso + default + + + UDP Checksums + net.inet.udp.checksum + default + + + Maximum socket buffer size + kern.ipc.maxsockbuf + default + + + Page Table Isolation (Meltdown mitigation, requires reboot.) + vm.pmap.pti + 0 + + + Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation) + hw.ibrs_disable + 1 + + + Hide processes running as other groups + security.bsd.see_other_gids + default + + + Hide processes running as other users + security.bsd.see_other_uids + default + + + Enable/disable sending of ICMP redirects in response to IP packets for which a better, + and for the sender directly reachable, route and next hop is known. + + net.inet.ip.redirect + default + + + + Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects + to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect + packets without returning a response. + + net.inet.icmp.drop_redirect + 1 + + + Maximum outgoing UDP datagram size + net.local.dgram.maxdgram + default + + + dev.ax.0.iflib.override_nrxds + 2048, 2048, 2048, 2048, 2048, 2048, 2048, 2048 + + + + dev.ax.0.iflib.override_ntxds + 2048, 2048, 2048, 2048, 2048, 2048, 2048, 2048 + + + + dev.ax.1.iflib.override_nrxds + 2048, 2048, 2048, 2048, 2048, 2048, 2048, 2048 + + + + dev.ax.1.iflib.override_ntxds + 2048, 2048, 2048, 2048, 2048, 2048, 2048, 2048 + + + + dev.ax.0.rss_enabled + 1 + + + + dev.ax.1.rss_enabled + 1 + + + + + 115200 + serial + normal + OPNsense + localdomain + 1 + + admins + System Administrators + system + 1999 + 0 + page-all + + + root + System Administrator + system + admins + $2y$10$YRVoF4SgskIsrXOvOQjGieB9XqHPRra9R7d80B3BZdbY/j21TwBfS + 0 + + 2000 + 2000 + Etc/UTC + 0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org + + https + + yes + 1 + + 1 + 1 + 1 + 1 + + 1 + hadp + hadp + hadp + amdtemp + + monthly + + 1 + 1 + + admins + + + https://opnsense-update.deciso.com/FILL-IN-YOUR-LICENSE-HERE + latest + business + + -1 + -1 + + + + 1 + igb1 + + dhcp + dhcp6 + + + 1 + 1 + + + + 0 + + + 1 + igb0 + 192.168.1.1 + 24 + track6 + 64 + + + wan + 0 + + + + + + + 192.168.1.100 + 192.168.1.199 + + + + + 1 + + + + + public + + + + automatic + + + + + pass + inet + Default allow LAN to any rule + lan + + lan + + + + + + + pass + inet6 + Default allow LAN IPv6 to any rule + lan + + lan + + + + + + + + + + + + ICMP + icmp + ICMP + + + + TCP + tcp + Generic TCP + + + + HTTP + http + Generic HTTP + + / + + 200 + + + + HTTPS + https + Generic HTTPS + + / + + 200 + + + + SMTP + send + Generic SMTP + + + 220 * + + + + + 0.opnsense.pool.ntp.org + + + system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show + 2 + + diff --git a/source/hardware/configs/23.4/A10V2-SD-config.xml b/source/hardware/configs/23.4/A10V2-SD-config.xml new file mode 100644 index 00000000..2c050bd5 --- /dev/null +++ b/source/hardware/configs/23.4/A10V2-SD-config.xml @@ -0,0 +1,397 @@ + + + + opnsense + + + Increase UFS read-ahead speeds to match the state of hard drives and NCQ. + vfs.read_max + default + + + Set the ephemeral port range to be lower. + net.inet.ip.portrange.first + default + + + Drop packets to closed TCP ports without returning a RST + net.inet.tcp.blackhole + default + + + Do not send ICMP port unreachable messages for closed UDP ports + net.inet.udp.blackhole + default + + + Randomize the ID field in IP packets + net.inet.ip.random_id + default + + + + Source routing is another way for an attacker to try to reach non-routable addresses behind your box. + It can also be used to probe for information about your internal networks. These functions come enabled + as part of the standard FreeBSD core system. + + net.inet.ip.sourceroute + default + + + + Source routing is another way for an attacker to try to reach non-routable addresses behind your box. + It can also be used to probe for information about your internal networks. These functions come enabled + as part of the standard FreeBSD core system. + + net.inet.ip.accept_sourceroute + default + + + + This option turns off the logging of redirect packets because there is no limit and this could fill + up your logs consuming your whole hard drive. + + net.inet.icmp.log_redirect + default + + + Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway) + net.inet.tcp.drop_synfin + default + + + Enable sending IPv6 redirects + net.inet6.ip6.redirect + default + + + Enable privacy settings for IPv6 (RFC 4941) + net.inet6.ip6.use_tempaddr + default + + + Prefer privacy addresses and use them over the normal addresses + net.inet6.ip6.prefer_tempaddr + default + + + Generate SYN cookies for outbound SYN-ACK packets + net.inet.tcp.syncookies + default + + + Maximum incoming/outgoing TCP datagram size (receive) + net.inet.tcp.recvspace + default + + + Maximum incoming/outgoing TCP datagram size (send) + net.inet.tcp.sendspace + default + + + Do not delay ACK to try and piggyback it onto a data packet + net.inet.tcp.delayed_ack + default + + + Maximum outgoing UDP datagram size + net.inet.udp.maxdgram + default + + + Handling of non-IP packets which are not passed to pfil (see if_bridge(4)) + net.link.bridge.pfil_onlyip + default + + + Set to 1 to additionally filter on the physical interface for locally destined packets + net.link.bridge.pfil_local_phys + default + + + Set to 0 to disable filtering on the incoming and outgoing member interfaces. + net.link.bridge.pfil_member + default + + + Set to 1 to enable filtering on the bridge interface + net.link.bridge.pfil_bridge + default + + + Allow unprivileged access to tap(4) device nodes + net.link.tap.user_open + default + + + Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid()) + kern.randompid + default + + + Disable CTRL+ALT+Delete reboot from keyboard. + hw.syscons.kbd_reboot + default + + + Enable TCP extended debugging + net.inet.tcp.log_debug + default + + + Set ICMP Limits + net.inet.icmp.icmplim + default + + + TCP Offload Engine + net.inet.tcp.tso + default + + + UDP Checksums + net.inet.udp.checksum + default + + + Maximum socket buffer size + kern.ipc.maxsockbuf + default + + + Page Table Isolation (Meltdown mitigation, requires reboot.) + vm.pmap.pti + 0 + + + Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation) + hw.ibrs_disable + 1 + + + Hide processes running as other groups + security.bsd.see_other_gids + default + + + Hide processes running as other users + security.bsd.see_other_uids + default + + + Enable/disable sending of ICMP redirects in response to IP packets for which a better, + and for the sender directly reachable, route and next hop is known. + + net.inet.ip.redirect + default + + + + Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects + to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect + packets without returning a response. + + net.inet.icmp.drop_redirect + 1 + + + Maximum outgoing UDP datagram size + net.local.dgram.maxdgram + default + + + AMD temp offset + dev.amdtemp.0.sensor_offset + -10 + + + + 115200 + serial + normal + OPNsense + localdomain + 1 + + admins + System Administrators + system + 1999 + 0 + page-all + + + root + System Administrator + system + admins + $2y$10$YRVoF4SgskIsrXOvOQjGieB9XqHPRra9R7d80B3BZdbY/j21TwBfS + 0 + + 2000 + 2000 + Etc/UTC + 0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org + + https + + yes + 1 + + 1 + 1 + 1 + 1 + + 1 + hadp + hadp + hadp + + monthly + + 1 + 1 + + admins + + + https://opnsense-update.deciso.com/FILL-IN-YOUR-LICENSE-HERE + latest + business + + 1 + 1 + + + + 1 + igb1 + + dhcp + dhcp6 + + + 1 + 1 + + + + 0 + + + 1 + igb0 + 192.168.1.1 + 24 + track6 + 64 + + + wan + 0 + + + + + + + 192.168.1.100 + 192.168.1.199 + + + + + 1 + + + + + public + + + + automatic + + + + + pass + inet + Default allow LAN to any rule + lan + + lan + + + + + + + pass + inet6 + Default allow LAN IPv6 to any rule + lan + + lan + + + + + + + + + + + + ICMP + icmp + ICMP + + + + TCP + tcp + Generic TCP + + + + HTTP + http + Generic HTTP + + / + + 200 + + + + HTTPS + https + Generic HTTPS + + / + + 200 + + + + SMTP + send + Generic SMTP + + + 220 * + + + + + 0.opnsense.pool.ntp.org + + + system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show + 2 + + diff --git a/source/hardware/configs/23.4/A10V2-config.xml b/source/hardware/configs/23.4/A10V2-config.xml new file mode 100644 index 00000000..61a8562f --- /dev/null +++ b/source/hardware/configs/23.4/A10V2-config.xml @@ -0,0 +1,397 @@ + + + + opnsense + + + Increase UFS read-ahead speeds to match the state of hard drives and NCQ. + vfs.read_max + default + + + Set the ephemeral port range to be lower. + net.inet.ip.portrange.first + default + + + Drop packets to closed TCP ports without returning a RST + net.inet.tcp.blackhole + default + + + Do not send ICMP port unreachable messages for closed UDP ports + net.inet.udp.blackhole + default + + + Randomize the ID field in IP packets + net.inet.ip.random_id + default + + + + Source routing is another way for an attacker to try to reach non-routable addresses behind your box. + It can also be used to probe for information about your internal networks. These functions come enabled + as part of the standard FreeBSD core system. + + net.inet.ip.sourceroute + default + + + + Source routing is another way for an attacker to try to reach non-routable addresses behind your box. + It can also be used to probe for information about your internal networks. These functions come enabled + as part of the standard FreeBSD core system. + + net.inet.ip.accept_sourceroute + default + + + + This option turns off the logging of redirect packets because there is no limit and this could fill + up your logs consuming your whole hard drive. + + net.inet.icmp.log_redirect + default + + + Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway) + net.inet.tcp.drop_synfin + default + + + Enable sending IPv6 redirects + net.inet6.ip6.redirect + default + + + Enable privacy settings for IPv6 (RFC 4941) + net.inet6.ip6.use_tempaddr + default + + + Prefer privacy addresses and use them over the normal addresses + net.inet6.ip6.prefer_tempaddr + default + + + Generate SYN cookies for outbound SYN-ACK packets + net.inet.tcp.syncookies + default + + + Maximum incoming/outgoing TCP datagram size (receive) + net.inet.tcp.recvspace + default + + + Maximum incoming/outgoing TCP datagram size (send) + net.inet.tcp.sendspace + default + + + Do not delay ACK to try and piggyback it onto a data packet + net.inet.tcp.delayed_ack + default + + + Maximum outgoing UDP datagram size + net.inet.udp.maxdgram + default + + + Handling of non-IP packets which are not passed to pfil (see if_bridge(4)) + net.link.bridge.pfil_onlyip + default + + + Set to 1 to additionally filter on the physical interface for locally destined packets + net.link.bridge.pfil_local_phys + default + + + Set to 0 to disable filtering on the incoming and outgoing member interfaces. + net.link.bridge.pfil_member + default + + + Set to 1 to enable filtering on the bridge interface + net.link.bridge.pfil_bridge + default + + + Allow unprivileged access to tap(4) device nodes + net.link.tap.user_open + default + + + Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid()) + kern.randompid + default + + + Disable CTRL+ALT+Delete reboot from keyboard. + hw.syscons.kbd_reboot + default + + + Enable TCP extended debugging + net.inet.tcp.log_debug + default + + + Set ICMP Limits + net.inet.icmp.icmplim + default + + + TCP Offload Engine + net.inet.tcp.tso + default + + + UDP Checksums + net.inet.udp.checksum + default + + + Maximum socket buffer size + kern.ipc.maxsockbuf + default + + + Page Table Isolation (Meltdown mitigation, requires reboot.) + vm.pmap.pti + 0 + + + Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation) + hw.ibrs_disable + 1 + + + Hide processes running as other groups + security.bsd.see_other_gids + default + + + Hide processes running as other users + security.bsd.see_other_uids + default + + + Enable/disable sending of ICMP redirects in response to IP packets for which a better, + and for the sender directly reachable, route and next hop is known. + + net.inet.ip.redirect + default + + + + Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects + to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect + packets without returning a response. + + net.inet.icmp.drop_redirect + 1 + + + Maximum outgoing UDP datagram size + net.local.dgram.maxdgram + default + + + AMD temp offset + dev.amdtemp.0.sensor_offset + -10 + + + + 115200 + serial + normal + OPNsense + localdomain + 1 + + admins + System Administrators + system + 1999 + 0 + page-all + + + root + System Administrator + system + admins + $2y$10$YRVoF4SgskIsrXOvOQjGieB9XqHPRra9R7d80B3BZdbY/j21TwBfS + 0 + + 2000 + 2000 + Etc/UTC + 0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org + + https + + yes + 1 + + 1 + 1 + 1 + 1 + + 1 + hadp + hadp + hadp + + monthly + + 1 + 1 + + admins + + + https://opnsense-update.deciso.com/FILL-IN-YOUR-LICENSE-HERE + latest + business + + -1 + -1 + + + + 1 + igb1 + + dhcp + dhcp6 + + + 1 + 1 + + + + 0 + + + 1 + igb0 + 192.168.1.1 + 24 + track6 + 64 + + + wan + 0 + + + + + + + 192.168.1.100 + 192.168.1.199 + + + + + 1 + + + + + public + + + + automatic + + + + + pass + inet + Default allow LAN to any rule + lan + + lan + + + + + + + pass + inet6 + Default allow LAN IPv6 to any rule + lan + + lan + + + + + + + + + + + + ICMP + icmp + ICMP + + + + TCP + tcp + Generic TCP + + + + HTTP + http + Generic HTTP + + / + + 200 + + + + HTTPS + https + Generic HTTPS + + / + + 200 + + + + SMTP + send + Generic SMTP + + + 220 * + + + + + 0.opnsense.pool.ntp.org + + + system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show + 2 + + diff --git a/source/hardware/configs/23.4/A20-config.xml b/source/hardware/configs/23.4/A20-config.xml new file mode 100644 index 00000000..33de5aab --- /dev/null +++ b/source/hardware/configs/23.4/A20-config.xml @@ -0,0 +1,428 @@ + + + + opnsense + + + Increase UFS read-ahead speeds to match the state of hard drives and NCQ. + vfs.read_max + default + + + Set the ephemeral port range to be lower. + net.inet.ip.portrange.first + default + + + Drop packets to closed TCP ports without returning a RST + net.inet.tcp.blackhole + default + + + Do not send ICMP port unreachable messages for closed UDP ports + net.inet.udp.blackhole + default + + + Randomize the ID field in IP packets + net.inet.ip.random_id + default + + + + Source routing is another way for an attacker to try to reach non-routable addresses behind your box. + It can also be used to probe for information about your internal networks. These functions come enabled + as part of the standard FreeBSD core system. + + net.inet.ip.sourceroute + default + + + + Source routing is another way for an attacker to try to reach non-routable addresses behind your box. + It can also be used to probe for information about your internal networks. These functions come enabled + as part of the standard FreeBSD core system. + + net.inet.ip.accept_sourceroute + default + + + + This option turns off the logging of redirect packets because there is no limit and this could fill + up your logs consuming your whole hard drive. + + net.inet.icmp.log_redirect + default + + + Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway) + net.inet.tcp.drop_synfin + default + + + Enable sending IPv6 redirects + net.inet6.ip6.redirect + default + + + Enable privacy settings for IPv6 (RFC 4941) + net.inet6.ip6.use_tempaddr + default + + + Prefer privacy addresses and use them over the normal addresses + net.inet6.ip6.prefer_tempaddr + default + + + Generate SYN cookies for outbound SYN-ACK packets + net.inet.tcp.syncookies + default + + + Maximum incoming/outgoing TCP datagram size (receive) + net.inet.tcp.recvspace + default + + + Maximum incoming/outgoing TCP datagram size (send) + net.inet.tcp.sendspace + default + + + Do not delay ACK to try and piggyback it onto a data packet + net.inet.tcp.delayed_ack + default + + + Maximum outgoing UDP datagram size + net.inet.udp.maxdgram + default + + + Handling of non-IP packets which are not passed to pfil (see if_bridge(4)) + net.link.bridge.pfil_onlyip + default + + + Set to 1 to additionally filter on the physical interface for locally destined packets + net.link.bridge.pfil_local_phys + default + + + Set to 0 to disable filtering on the incoming and outgoing member interfaces. + net.link.bridge.pfil_member + default + + + Set to 1 to enable filtering on the bridge interface + net.link.bridge.pfil_bridge + default + + + Allow unprivileged access to tap(4) device nodes + net.link.tap.user_open + default + + + Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid()) + kern.randompid + default + + + Disable CTRL+ALT+Delete reboot from keyboard. + hw.syscons.kbd_reboot + default + + + Enable TCP extended debugging + net.inet.tcp.log_debug + default + + + Set ICMP Limits + net.inet.icmp.icmplim + default + + + TCP Offload Engine + net.inet.tcp.tso + default + + + UDP Checksums + net.inet.udp.checksum + default + + + Maximum socket buffer size + kern.ipc.maxsockbuf + default + + + Page Table Isolation (Meltdown mitigation, requires reboot.) + vm.pmap.pti + 0 + + + Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation) + hw.ibrs_disable + 1 + + + Hide processes running as other groups + security.bsd.see_other_gids + default + + + Hide processes running as other users + security.bsd.see_other_uids + default + + + Enable/disable sending of ICMP redirects in response to IP packets for which a better, + and for the sender directly reachable, route and next hop is known. + + net.inet.ip.redirect + default + + + + Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects + to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect + packets without returning a response. + + net.inet.icmp.drop_redirect + 1 + + + Maximum outgoing UDP datagram size + net.local.dgram.maxdgram + default + + + dev.ax.0.iflib.override_nrxds + 2048, 2048, 2048, 2048, 2048, 2048, 2048, 2048 + + + + dev.ax.0.iflib.override_ntxds + 2048, 2048, 2048, 2048, 2048, 2048, 2048, 2048 + + + + dev.ax.1.iflib.override_nrxds + 2048, 2048, 2048, 2048, 2048, 2048, 2048, 2048 + + + + dev.ax.1.iflib.override_ntxds + 2048, 2048, 2048, 2048, 2048, 2048, 2048, 2048 + + + + dev.ax.0.rss_enabled + 1 + + + + dev.ax.1.rss_enabled + 1 + + + + ice_ddp_load + YES + Include DDP package file for Intel ice driver + + + + 115200 + serial + normal + OPNsense + localdomain + 1 + + admins + System Administrators + system + 1999 + 0 + page-all + + + root + System Administrator + system + admins + $2y$10$YRVoF4SgskIsrXOvOQjGieB9XqHPRra9R7d80B3BZdbY/j21TwBfS + 0 + + 2000 + 2000 + Etc/UTC + 0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org + + https + + yes + 1 + + 1 + 1 + 1 + 1 + + 1 + hadp + hadp + hadp + amdtemp + + monthly + + 1 + 1 + + admins + + + https://opnsense-update.deciso.com/FILL-IN-YOUR-LICENSE-HERE + latest + business + + -1 + -1 + + + + 1 + igb1 + + dhcp + dhcp6 + + + 1 + 1 + + + + 0 + + + 1 + igb0 + 192.168.1.1 + 24 + track6 + 64 + + + wan + 0 + + + + + + + 192.168.1.100 + 192.168.1.199 + + + + + 1 + + + + + public + + + + automatic + + + + + pass + inet + Default allow LAN to any rule + lan + + lan + + + + + + + pass + inet6 + Default allow LAN IPv6 to any rule + lan + + lan + + + + + + + + + + + + ICMP + icmp + ICMP + + + + TCP + tcp + Generic TCP + + + + HTTP + http + Generic HTTP + + / + + 200 + + + + HTTPS + https + Generic HTTPS + + / + + 200 + + + + SMTP + send + Generic SMTP + + + 220 * + + + + + 0.opnsense.pool.ntp.org + + + system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show + 2 + + diff --git a/source/hardware/defaults.rst b/source/hardware/defaults.rst index bd1232b3..add584f9 100644 --- a/source/hardware/defaults.rst +++ b/source/hardware/defaults.rst @@ -12,28 +12,41 @@ Model Formfactor config ========= ============ ======================================================================== DEC675 Desktop :download:`22.1/22.4 ` :download:`22.7/22.10 ` + :download:`23.1/23.4 ` DEC695 Desktop :download:`22.1/22.4 ` :download:`22.7/22.10 ` + :download:`23.1/23.4 ` DEC740 Desktop :download:`22.1/22.4 ` :download:`22.7/22.10 ` + :download:`23.1/23.4 ` DEC750 Desktop :download:`22.1/22.4 ` :download:`22.7/22.10 ` + :download:`23.1/23.4 ` DEC840 Desktop :download:`22.1/22.4 ` :download:`22.7/22.10 ` + :download:`23.1/23.4 ` DEC850 Desktop :download:`22.1/22.4 ` :download:`22.7/22.10 ` + :download:`23.1/23.4 ` DEC2685 Rack :download:`22.1/22.4 ` :download:`22.7/22.10 ` + :download:`23.1/23.4 ` DEC2750 Rack :download:`22.1/22.4 ` :download:`22.7/22.10 ` + :download:`23.1/23.4 ` DEC3840 Rack :download:`22.1/22.4 ` :download:`22.7/22.10 ` + :download:`23.1/23.4 ` DEC3850 Rack :download:`22.1/22.4 ` :download:`22.7/22.10 ` + :download:`23.1/23.4 ` DEC3860 Rack :download:`22.1/22.4 ` :download:`22.7/22.10 ` + :download:`23.1/23.4 ` DEC4020 Rack :download:`22.1/22.4 ` :download:`22.7/22.10 ` + :download:`23.1/23.4 ` DEC4040 Rack :download:`22.1/22.4 ` :download:`22.7/22.10 ` + :download:`23.1/23.4 ` ========= ============ ========================================================================