rebellionIncrease UFS read-ahead speeds to match the state of hard drives and NCQ.vfs.read_maxdefaultSet the ephemeral port range to be lower.net.inet.ip.portrange.firstdefaultDrop packets to closed TCP ports without returning a RSTnet.inet.tcp.blackholedefaultDo not send ICMP port unreachable messages for closed UDP portsnet.inet.udp.blackholedefaultRandomize the ID field in IP packetsnet.inet.ip.random_iddefault
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.
net.inet.ip.sourceroutedefault
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.
net.inet.ip.accept_sourceroutedefault
This option turns off the logging of redirect packets because there is no limit and this could fill
up your logs consuming your whole hard drive.
net.inet.icmp.log_redirectdefaultDrop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)net.inet.tcp.drop_synfindefaultEnable sending IPv6 redirectsnet.inet6.ip6.redirectdefaultEnable privacy settings for IPv6 (RFC 4941)net.inet6.ip6.use_tempaddrdefaultPrefer privacy addresses and use them over the normal addressesnet.inet6.ip6.prefer_tempaddrdefaultGenerate SYN cookies for outbound SYN-ACK packetsnet.inet.tcp.syncookiesdefaultMaximum incoming/outgoing TCP datagram size (receive)net.inet.tcp.recvspacedefaultMaximum incoming/outgoing TCP datagram size (send)net.inet.tcp.sendspacedefaultDo not delay ACK to try and piggyback it onto a data packetnet.inet.tcp.delayed_ackdefaultMaximum outgoing UDP datagram sizenet.inet.udp.maxdgramdefaultHandling of non-IP packets which are not passed to pfil (see if_bridge(4))net.link.bridge.pfil_onlyipdefaultSet to 1 to additionally filter on the physical interface for locally destined packetsnet.link.bridge.pfil_local_physdefaultSet to 0 to disable filtering on the incoming and outgoing member interfaces.net.link.bridge.pfil_memberdefaultSet to 1 to enable filtering on the bridge interfacenet.link.bridge.pfil_bridgedefaultAllow unprivileged access to tap(4) device nodesnet.link.tap.user_opendefaultRandomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())kern.randompiddefaultDisable CTRL+ALT+Delete reboot from keyboard.hw.syscons.kbd_rebootdefaultEnable TCP extended debuggingnet.inet.tcp.log_debugdefaultSet ICMP Limitsnet.inet.icmp.icmplimdefaultTCP Offload Enginenet.inet.tcp.tsodefaultUDP Checksumsnet.inet.udp.checksumdefaultMaximum socket buffer sizekern.ipc.maxsockbufdefaultPage Table Isolation (Meltdown mitigation, requires reboot.)vm.pmap.ptidefaultDisable Indirect Branch Restricted Speculation (Spectre V2 mitigation)hw.ibrs_disabledefaultHide processes running as other groupssecurity.bsd.see_other_gidsdefaultHide processes running as other userssecurity.bsd.see_other_uidsdefaultEnable/disable sending of ICMP redirects in response to IP packets for which a better,
and for the sender directly reachable, route and next hop is known.
net.inet.ip.redirectdefault
Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects
to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect
packets without returning a response.
net.inet.icmp.drop_redirect1Maximum outgoing UDP datagram sizenet.local.dgram.maxdgramdefaultnormalOPNsenselanadminsSystem Administratorssystem199902000page-allrootSystem Administratorsystemadmins$2y$11$iPjVjQ6qeXicKxg54K5NTO3R8xmMcJLmyc7C5WVxSc9Ve.1Ddxyme0$2y$11$iZJkQAOm.8cwWzGkTWCYGOE3MYK1I4l2KqrHhaD8OShs3NJ/J/yc6userwaylonWaylon Walkerwaylon@waylonwalker.com2000aE3Pbp40Qi1xUbE4aBepKKywGc3Emq1bKW8afvzCwBW+KGy+2hvE5TZWS7H20tgA+icvgodt5t5vSGok$6$$IPl5k7jG1izlt4xJRZwD/2pwGig9atr6yhgtrZfTA0JUwjQFGuQrBNIABrzuRWK1myfapN1C8T9wgHBqKMJYb.20012000Etc/UTC0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.orghttps661bb4ae115fdyes111111hadphadphadpmonthly11admins1enabled11-1-1os-git-backup,os-theme-rebellionen_USnonenonenonenonenonenonenonenone115200video1ssh://github.com/waylonwalker/opnsense.gitmain-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACC0UzxgWWw2Uo3qppmxk652WtO8V4g++nxBsOKft0Ms1QAAAJhepAAtXqQA
LQAAAAtzc2gtZWQyNTUxOQAAACC0UzxgWWw2Uo3qppmxk652WtO8V4g++nxBsOKft0Ms1Q
AAAEAvlL9FtOFhRh91VV3/8ni0M8knsYAcBtjgBF5zeuj/0bRTPGBZbDZSjeqmmbGTrnZa
07xXiD76fEGw4p+3QyzVAAAAEXdheWxvbkByYXpvcmNyZXN0AQIDBA==
-----END OPENSSH PRIVATE KEY-----gitigc11111dhcp32SavedCfgdhcp60igc011192.168.1.124track6wan01Loopback1lo0127.0.0.1::18128none1tailscale0tailscale111hmac-md5192.168.1.106netboot.xyz.efi1192.168.1.106netboot.xyz.kpxenetboot.xyz.efinetboot.xyz.efi192.168.1.10192.168.1.245a8:a1:59:2b:04:68192.168.1.100razorcrestWaylon's Desktop38:60:77:37:b1:42192.168.1.106falcon-FX6860108:9e:08:f7:61:90192.168.1.1079c:8e:cd:3d:7d:17Office-Camera192.168.1.108AMC091A453B0598297Office Amcrest Camerad8:9c:67:94:f3:47192.168.1.132wyatt-HP-Pavilion-Gaming-Desktop-690-00xx9c:8e:cd:3d:89:58192.168.1.159AMC091CB203950F639driveway amcrest camera9c:8e:cd:3d:87:f1192.168.1.160AMC091C68497D0A541front door amcrest camera9c:8e:cd:3d:90:caAnns-Corner192.168.1.161AMC091E3BB673A9616Anns Corner Amcrest Cameraf6:b0:2c:bd:7f:5b192.168.1.168falcon2falcon2 7050 mt serverfalcon2.lan52:54:00:9d:d6:40192.168.1.169k3s-p1k3s-p1 vmk3s-p152:54:00:10:56:ec192.168.1.170lb-p1lb-p1 vmlb-p1.lan52:54:00:19:f9:e8192.168.1.171nfs-p1nfs-p1 vmba:04:12:0a:58:bdwyatt-bazzite192.168.1.171wyatt-bazzite6e:6c:7b:b7:cf:c1wyatt-bazzite-guest192.168.1.190wyatt-bazzitepublichybridpassinetDefault allow LAN to any rulelanlanpassinet6Default allow LAN IPv6 to any rulelanlanICMPicmpICMPTCPtcpGeneric TCPHTTPhttpGeneric HTTP/200HTTPShttpsGeneric HTTPS/200SMTPsendGeneric SMTP220 *0.opnsense.pool.ntp.orgsystem_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show,log-container:00000004-col4:show,thermal_sensors-container:00000005-col4:show,traffic_graphs-container:00000006-col4:show,carp_status-container:00000007-col4:show2root@192.168.1.100/api/unbound/settings/addHostOverride/ made changes1531transparent1100.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10allow10atf,bla0,blf,blm,blp,blp1,blr,blr0,bls,pa,ptitch.io01dot1.1.1.1853cloudflare-dns.com1dot1.0.0.1853cloudflare-dns.com1dot2606:4700:4700::1111853cloudflare-dns.com1dot2606:4700:4700::1001853cloudflare-dns.com1registrywayl.oneA192.168.1.168registry-direct0myhomeA192.168.1.1060homelocaldomainA192.168.1.1060testlocaldomainA192.168.1.1060officewayl.oneA192.168.1.1080wyattlanA192.168.1.1321jellyfinwayl.oneA192.168.1.168jellyfin-direct0jellyfinlanA192.168.1.1060prometheuswayl.oneA192.168.1.106prometheus-direct0whoamiwayl.oneA192.168.1.106frigate-direct0localfrigatewayl.oneA192.168.1.106frigate-direct0fwayl.oneA192.168.1.106frigate-direct0twayl.oneA192.168.1.106traefik-direct0traefikwayl.oneA192.168.1.106traefik-direct0argocdwayl.oneA192.168.1.106argocd-direct0argocdwayl.oneA192.168.1.106argocd-direct0argo-workflowswayl.oneA192.168.1.106argo-workflows-direct1registry-uiwayl.oneA192.168.1.168registry-ui-direct1speedwayl.oneA192.168.1.168speed-direct0wwdevwayl.oneA192.168.1.168wwdev-direct1omadawayl.oneA192.168.1.1681nextcloudwayl.oneA192.168.1.168nextcloud-direct1terraria.wayl.one192.168.1.10600jellyfin.lan192.168.1.106004000100127.0.0.18000opnsense.uncategorized.rules1opnsense.test.rules1opnsense.social_media.rules1opnsense.messaging.rules1opnsense.media_streaming.rules1opnsense.mail.rules1opnsense.file_transfer.rules1tor.rules1threatview_CS_c2.rules1emerging-worm.rules1emerging-web_specific_apps.rules1emerging-web_server.rules1emerging-web_client.rules1emerging-voip.rules1emerging-user_agents.rules1emerging-tftp.rules1emerging-telnet.rules1emerging-sql.rules1emerging-snmp.rules1emerging-smtp.rules1emerging-shellcode.rules1emerging-scan.rules1emerging-scada.rules1emerging-rpc.rules1emerging-pop3.rules1emerging-policy.rules1emerging-phishing.rules1emerging-p2p.rules1emerging-netbios.rules1emerging-mobile_malware.rules1emerging-misc.rules1emerging-malware.rules1emerging-ja3.rules1emerging-info.rules1emerging-inappropriate.rules1emerging-imap.rules1emerging-icmp_info.rules1emerging-icmp.rules1emerging-hunting.rules1emerging-games.rules1emerging-ftp.rules1emerging-exploit_kit.rules1emerging-exploit.rules1emerging-dos.rules1emerging-dns.rules1emerging-deleted.rules1emerging-current_events.rules1emerging-coinminer.rules1emerging-chat.rules1emerging-attack_response.rules1emerging-adware_pup.rules1emerging-activex.rules1dshield.rules1drop.rules1compromised.rules1ciarmy.rules1botcc.portgrouped.rules1botcc.rules13coresec.rules1abuse.ch.urlhaus.rules1abuse.ch.threatfox.rules1abuse.ch.sslipblacklist.rules1abuse.ch.sslblacklist.rules1abuse.ch.feodotracker.rules1111wan192.168.0.0/16,10.0.0.0/8,172.16.0.0/12624e940a-0a93-4f9c-88c2-a343c9828dbcW0D234hs1000entrance-camaFlcQ76AD1ioKKdrW72vFLpQfcZVyADcCUQObC3CLRI=4GEAVqthEzF97LpZxmsWl4M9DJhpr+JZjAI2JbXmmVM=10.0.0.0/24,192.168.1.1/24,0.0.0.0/0,::/010.0.0.15518200kitchen-cam+Rg1jvykOkrlVAntpjwyOHS4H86cGZK5/jz43hlGuFs=L8RO9fvOsNWr5Sk+HAO1v3Ekww3rF6D2OvsuOkFvMok=0.0.0.0/0,::/010.0.0.30518200entrance-camera0aFlcQ76AD1ioKKdrW72vFLpQfcZVyADcCUQObC3CLRI=4GEAVqthEzF97LpZxmsWl4M9DJhpr+JZjAI2JbXmmVM=51820077d56a59-51c9-4c2e-9519-8fcaa4a6ec69,2f8fb9b4-1af3-4dbf-b20d-b43238b1ce6d192.168.1.1:5182000GOOGLE_HOME_NETWORKnetwork010.0.0.0/24Google Home Wifi Network1testhost192.168.1.168test from python11310WAN_GWWAN Gatewaywaninet1125510GOOGLE_HOME_GWGoogle Home Wifilaninet192.168.1.107001002551IDS100***rootids updateids rule updates0120120127.0.0.1250auto10rootOcGut1BQhu5R73uEHM22812510root@localhost.local01$HOSTsystem30030f9e81280-2dd6-495a-b9ee-5b68db054dc8,b5a47d22-0b91-414c-a127-a13f133ba9b7,7f0100bb-5580-4858-acda-5140cce9cb9f,9f8709cd-33c9-42e4-ac1f-5ca53ee152411RootFsfilesystem/30030455b8b34-a939-4425-b059-7b2f0036bb940carp_status_changecustom/usr/local/opnsense/scripts/OPNsense/Monit/carp_status300302810c9cb-1873-4bd4-944a-ee7aeab99ed60gateway_alertcustom/usr/local/opnsense/scripts/OPNsense/Monit/gateway_alert30030a3261e02-14b7-4336-aebb-2c028101adb7PingNetworkPingfailed pingalertNetworkLinkNetworkInterfacefailed linkalertNetworkSaturationNetworkInterfacesaturation is greater than 75%alertMemoryUsageSystemResourcememory usage is greater than 75%alertCPUUsageSystemResourcecpu usage is greater than 75%alertLoadAvg1SystemResourceloadavg (1min) is greater than 8alertLoadAvg5SystemResourceloadavg (5min) is greater than 6alertLoadAvg15SystemResourceloadavg (15min) is greater than 4alertSpaceUsageSpaceUsagespace usage is greater than 75%alertChangedStatusProgramStatuschanged statusalertNonZeroStatusProgramStatusstatus != 0alertv9018001510.0.0.0/24GOOGLE_HOME_GWGoogle Home Wifi Gateway06751e71aed27ccert1LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURYekNDQWtlZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFqTVFzd0NRWURWUVFHRXdKQlJERVUKTUJJR0ExVUVBd3dMYVc1MFpYSnVZV3d0WTJFd0hoY05NalF4TWpBMU1UYzBOekEzV2hjTk1qY3dNekV3TVRjMApOekEzV2pBak1Rc3dDUVlEVlFRR0V3SkJSREVVTUJJR0ExVUVBd3dMYVc1MFpYSnVZV3d0WTJFd2dnRWlNQTBHCkNTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDY0g1WGpJUm1uNnhNbnpzV1JzRU9DaHpYWmgwbkQKcTh5d3FEdWtIVE44RTFVTmJ1clVUZFF5czFOV1FTWEhHTm1Xc05BSTZuMzNtcmtvVk14QmtLQ01zbHhmMVR2Vwo4N1lkT3IwVVBhNWhUZ3dDYXUrQ2lCaWtFL1RLQ2dwdEdoTHNMUHZhckNaRzVCU3k4UFlEbGZ4VVlkNElrREg1CnVsZk1uVHV0OG1pRkh5RkJXYkZ6WkZ5eFIybjdpdEhhTStsMERSajZSRFJTdE8zMFphUnh2SmlpeXhHVVAyNjEKU3I1VXM1eHU4MFF2VHQ0WVREa0xlRTh4NmpKRERLaG1mUEZtMGZTaVl4NTFDR0M1TTk4UWRvdGdTWUt0d3VUbApGY2thVTZacmQ4NmVmQzYzUGdRQXpaYTllMUJlbFhGenlVTkRtUlJGUHFUVjIyUnRuMk5Ddi9raEFnTUJBQUdqCmdaMHdnWm93TndZSllJWklBWWI0UWdFTkJDb1dLRTlRVG5ObGJuTmxJRWRsYm1WeVlYUmxaQ0JEWlhKMGFXWnAKWTJGMFpTQkJkWFJvYjNKcGRIa3dIUVlEVlIwT0JCWUVGUERnWHdHMjZ3M2QwQ1d1Q2JQWlpxVDVRZlRDTUI4RwpBMVVkSXdRWU1CYUFGUERnWHdHMjZ3M2QwQ1d1Q2JQWlpxVDVRZlRDTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3CkRnWURWUjBQQVFIL0JBUURBZ0dHTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFCOWhKWjJYSGx4R2tHV1BWZGMKSi9ROG1LZ1JZclNzWFZDVEdmNVZLbDFOWG8yVk9CTWtYODNCdlphR0dPa0NOcGQwdTdXWkx0Skkya1cxcmNYcApWVFlQdlZnTC9PdGw3NUIySFo3L282NzRzYzY5aGt1RDlYdUlYc2srMVVWV1pES3BNVFpROGg2T0hZbmF5eVpmClhpNDFCRisreVJLbWtFZzV6YjlRQXR4WGVLeGdORG9TMWovYXE2a3dHdjdJTksyWGFNam50QlJXNW4vU3QwT28KRmtqZzlQUFo3cDk0UjZEa2JxMGFScDl3ektVUUE2NTVDUzI0OUJnWWdBcWlSTFAwc09laDN4bnRjblNwMEN1RApDSm8vMHFSRlhETGg4bG9LQjBvWTI5YlRRWGFydWxObW5uRGlnTmRQbEFrVE1GWVVvT2ltMEszRmtVK2RTME9LCm1kRnoKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2NINVhqSVJtbjZ4TW4KenNXUnNFT0NoelhaaDBuRHE4eXdxRHVrSFROOEUxVU5idXJVVGRReXMxTldRU1hIR05tV3NOQUk2bjMzbXJrbwpWTXhCa0tDTXNseGYxVHZXODdZZE9yMFVQYTVoVGd3Q2F1K0NpQmlrRS9US0NncHRHaExzTFB2YXJDWkc1QlN5CjhQWURsZnhVWWQ0SWtESDV1bGZNblR1dDhtaUZIeUZCV2JGelpGeXhSMm43aXRIYU0rbDBEUmo2UkRSU3RPMzAKWmFSeHZKaWl5eEdVUDI2MVNyNVVzNXh1ODBRdlR0NFlURGtMZUU4eDZqSkRES2htZlBGbTBmU2lZeDUxQ0dDNQpNOThRZG90Z1NZS3R3dVRsRmNrYVU2WnJkODZlZkM2M1BnUUF6WmE5ZTFCZWxYRnp5VU5EbVJSRlBxVFYyMlJ0Cm4yTkN2L2toQWdNQkFBRUNnZ0VBTjhKbUo0a21YeDBycWIrRk80dlBDTHJleGpLMTZ5OGNPNG5TUjBKd3BXTkkKTUxTSkpVc291dlRtRWp2UlVNTDB6NGVWdldGMm5PekRMWDdmdHBqL1psQzdnalNubXhWTzJUQ2w0Q2xKY3hKTApZcityakJ5c1pFbUdWM1J2bGRqR29saE1tU1I3eFR6bmthTlMwaVFLeTE1cXpQY25DakI5OUNQQjhWWE84NkFFClJJOEROT3dBQUVndVg1OEFIdDJnL3NONkJid3VpckJRRDhKa3A1b05hcSt2czRXQXI2WCtIdXh0VThXcDlBTlYKZW15REM0T2tyV0p6MzJ1UzF6YzNucVZ3UkkxVEdKMzBNK01td20rc3VybS9kVUlTOWd0YUgxK05Zd3kyR05TUAo1VnJaN2xQTW91UEt3RWJlWDBwaGt3U0o1UG9qYUpsZlBBVUt6RmRTV3dLQmdRRE4zQXlwbStNRDYwdXNqcmpZCnFZMEpmVTlsZUU1UlhYS3pjaWJxWXdXWUI0RW9jUS9JNVYvMENMQU5OMXlFR2hUUllrUzlGK0h1QUJlM0NOT24KU0hCVE5TSnp6NmluNGYvMVF4emFQdHpLSkYzYXN1RjdDUXg1K3hQYVp0ZVczV3hzMjBEU3ZrOGtlZGIyV1JWQgoybldGNkE1SUVRZlVFcGgvYXh6L0hJSmp2d0tCZ1FEQ0psYVdOM2NrclQzWG55WVgvWS9Rd0Y5eWhGTitsQlY0Cmw3V3JScWZ4RlkzRmVCeFl5L1M1UWY2MktCaTFWZExrQmFnNlFlRDYwVGxaQmQ5bmpvOFd1OVR6OFNwWHpFTEoKcWgvNjdqMStLY2FzKzlJZGs4S25RdytaZ1BsNVlHR0s3RXNvL1VQTDNyNEZBYU43NE5OcWNGYUFzd1RWZ3lmYwpHN0JtZHI5Ykh3S0JnUUNSd3JHa2xxQlRjaE9QQnkrVEdkcW5VWGNhWGVqMmE3aC9udUEzTGc0VDY1eGtTa25tCjhhTFRaQ05qK0VNbHRtSHZNQ21EeXBsS3IvNGF0OEZGdldEclNjQXZTR1lmR1VMbklySVhSbE9IUGVER3JjcEMKRjlJaHZNbjk1cnZZTXNoRys2Z1drSEh4WGVQN1luQk94S1JhUUVsOGRiS1pVdUZ2dHlRODdxN1VlUUtCZ0ZwaAptSnR6bEs1cFM4bk9GK0RCTktzY2N4S1BrWUx5a3hCQnA5dmxGNWQrempIb1dXSHBDTE1aaXVibndhRGhKRHpzCmVVVXRsL3VMWE9RWmZNZnJzS2NIcC9vc0FlYy9lclFBMDhSd0ZnWmVrbFBESXl5THRlbEJxY2h2SnpRZTd5bksKR0s4clA5MXZnd3czbUJDNk9CRnIzSWtyVFl2TDg4bGV4bjdjdHZaSEFvR0FCbUhJVitadnUvZkk1VGc0WUJDdQpYQk5SeFU0ekdjNFZZTFVpUkdNMXhMQkw1Uyt1dEcxNHpnQ3YrbUZQdHF3ZXR6KzBOUzRtNW9Xakk3UEJlYVNrCnB4YVpJTGNNUFNJN1ZOWVZPdFl6UDNDRUJreGdwMGRxM0lBS014V2JaeTl3TFd2dUs5VHZnaXNQd29FeEhiUmEKK3hxbzFielBxUDljdGxQZlhyVXBhR1E9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0Kv3_ca0661bb4ae115fdWeb GUI TLS certificateLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUhIakNDQlFhZ0F3SUJBZ0lVU2s5MUNyaUlZUkw5a2QzWmV6aXdnYk9PaURNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZa3hIVEFiQmdOVkJBTU1GRTlRVG5ObGJuTmxMbXh2WTJGc1pHOXRZV2x1TVFzd0NRWURWUVFHRXdKTwpUREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXdFd1lEVlFRSERBeE5hV1JrWld4b1lYSnVhWE14CkxUQXJCZ05WQkFvTUpFOVFUbk5sYm5ObElITmxiR1l0YzJsbmJtVmtJSGRsWWlCalpYSjBhV1pwWTJGMFpUQWUKRncweU5EQTBNVFF4TURRNU1UbGFGdzB5TlRBMU1UWXhNRFE1TVRsYU1JR0pNUjB3R3dZRFZRUUREQlJQVUU1egpaVzV6WlM1c2IyTmhiR1J2YldGcGJqRUxNQWtHQTFVRUJoTUNUa3d4RlRBVEJnTlZCQWdNREZwMWFXUXRTRzlzCmJHRnVaREVWTUJNR0ExVUVCd3dNVFdsa1pHVnNhR0Z5Ym1sek1TMHdLd1lEVlFRS0RDUlBVRTV6Wlc1elpTQnoKWld4bUxYTnBaMjVsWkNCM1pXSWdZMlZ5ZEdsbWFXTmhkR1V3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQwpEd0F3Z2dJS0FvSUNBUURSd3VjR24wWnM3a0xkWmNZY1J4aFhYSkV4UDh0RkdZZ0RNMExhVHVVTmZrUmVEakVGCmhGSjl3NkdJODFBQ1k5bHBKVkk4NTFqNzNUQ1h0UDVsM0w4WFEzaS8xMjUyOGV2ZldoenZKclhVejkyYlFXb2MKUEl0bHdPVW1rL0VubzZVN1cwVFBsRFNla3NQY3JHUUd5V1Vxd3E3UUg5OXE5SGMrT29BaUdQME82bXZNU0FMKwpEbVFMci9iNGhtek5mQVE2c1RsbkFVa3BBb3lla1ZYMlo1RDVmNWEwUHRvZmtLM3JPY3RJNXcxbldFeWFpSzVKCnBFOWFvbmJXbGUrdDFJNG5tTEx6Mnc1eUNBTHpORTNGejhiMTgvTGVaUHFNb043MXNQUEMrQ0tYTUw2U05YRUcKc0NES0toWExGSEVjVXhYVVVRU21LNlNuU3NMdlI2L285ZUZpVU15bXhwbWgrWW81b05DUWZZZnQ3TlJub2FHVAo2V0t6K1ZzbVhkV3pHTWVqazJxV0lYcnJjSmJvVWE2WFd0VzFKQXY1c3l0R0xFNHRVenkwWWtuKytvMDNJRTJGCjcrNWNnR2F4Skpad1VPdHkzZjhmZGY2QUllN0NKanBMS0NWMEZZVGpMRmgxd203L3REWEFKRDlqbjRMQjFDaEUKeTV3VW5NRVJwYmNQSWdjeFEzejMzU0UvQlhsb0RvTjZuckI0ME9UYWdFc3BZUmJ2ZDlRYnYvQ3Z5WGZRakMxUwowTmJJczg1T21iRFBSWFlGRmQ0NmY1ZmlhQTV1L3BWNTlBVFdrL2JFUU03a3lNTXhmR0UwNzZibVZaRGJIblNiCnlOMm51Q2VIc2x5eS9hc05oMjlFTkVhWDA1d1JVNTlIOE9QSXRIeVdFQVNqNUtzQnVwRGhkV2YxQndJREFRQUIKbzRJQmVqQ0NBWFl3Q1FZRFZSMFRCQUl3QURBUkJnbGdoa2dCaHZoQ0FRRUVCQU1DQmtBd05BWUpZSVpJQVliNApRZ0VOQkNjV0pVOVFUbk5sYm5ObElFZGxibVZ5WVhSbFpDQlRaWEoyWlhJZ1EyVnlkR2xtYVdOaGRHVXdIUVlEClZSME9CQllFRkhjd3RyaWxLM01MV3hkSTlsTkZyMmVLeUhOSk1JR3pCZ05WSFNNRWdhc3dnYWloZ1kra2dZd3cKZ1lreEhUQWJCZ05WQkFNTUZFOVFUbk5sYm5ObExteHZZMkZzWkc5dFlXbHVNUXN3Q1FZRFZRUUdFd0pPVERFVgpNQk1HQTFVRUNBd01XblZwWkMxSWIyeHNZVzVrTVJVd0V3WURWUVFIREF4TmFXUmtaV3hvWVhKdWFYTXhMVEFyCkJnTlZCQW9NSkU5UVRuTmxibk5sSUhObGJHWXRjMmxuYm1Wa0lIZGxZaUJqWlhKMGFXWnBZMkYwWllJVVNrOTEKQ3JpSVlSTDlrZDNaZXppd2diT09pRE13SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQ0FJQwpNQXNHQTFVZER3UUVBd0lGb0RBZkJnTlZIUkVFR0RBV2doUlBVRTV6Wlc1elpTNXNiMk5oYkdSdmJXRnBiakFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQVZQYUdsdElFWXNOU1diT2M5bzdid2tlUk85NWNLSUdnMFU5WEZRN2IKTGRsZ0YrWUwxRnJPZUQycnQ1QTh4bWVqR3dOMGttUDI2RHpOL2xyMHBOOE9Vc1RqSEFLbkhucmJPWWFIM0dKNgoxZUdDdkpaS0pzZjNoS0x2cGoreWxrT0kzMllTdnpiZXF2NVJqdXJtSStZcTlMVE9sMlBudGh4QjNSeVMraGsxClU3STdROER3NWNwdHYxK2tUSm1nWkFXSmptMWE2UDR0d3VKcXRCRHduSk9FZWtpRFB4RTN2SG00UkxaTXlYeHQKRnREYi9JWFh2QnA2RHBxVWNwaXZTZEtTanlhOEllaUFzZm9zdlVvams2VW8yZ3VSUUwvNlVNREtSVXhTMnZxTQpSdk16WEcyazhhcEN2VCtmbUNuZTFwWlZpYmZJd2V0QjhLNDRWb2RVWkltUDJPNGdGN244UlY0YUc4ZUFQS2JQCmlPWmhZcGJxeE1hdmVKM3oxV2VJWDQvSlVuU3dxVnJRTWhZZ1B3Z3NxeW1SaUdFbmVocVNKU3Q3czFUN2VZVHQKREVCQnBUUTRLd1VadUVlVnNldWlGTE03TDN6Tng3OHhhWEN5UHdvR0phSFF6dUlEc3pqU2J1bXJ4SFVsNmx2QQppcWRJWU5Mdnd1cy9leUtLYzBET3dIVHptMTBDUXZCeTZXVXZ2RTBtZDhPVCt3TzExRnl2TmZ0dzYyM3hDbG9iClVsS1cxekNueHpyc3dvQWhVbUFrbHlkNUYzWW8rMS9VdTZGODFoL0lsYmdCTjlHTTBNcCt2QnBBR0d2OVJJc2QKaDI2aStiU0EzUDQ0dk5tNXVWTnZHZ004RktNNkJxR0Mrcm0rdVhxdWF6NlFLdjduWFBnS2NBeXY4SUh0VkxybApwa0E9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRRFJ3dWNHbjBaczdrTGQKWmNZY1J4aFhYSkV4UDh0RkdZZ0RNMExhVHVVTmZrUmVEakVGaEZKOXc2R0k4MUFDWTlscEpWSTg1MWo3M1RDWAp0UDVsM0w4WFEzaS8xMjUyOGV2ZldoenZKclhVejkyYlFXb2NQSXRsd09VbWsvRW5vNlU3VzBUUGxEU2Vrc1BjCnJHUUd5V1Vxd3E3UUg5OXE5SGMrT29BaUdQME82bXZNU0FMK0RtUUxyL2I0aG16TmZBUTZzVGxuQVVrcEFveWUKa1ZYMlo1RDVmNWEwUHRvZmtLM3JPY3RJNXcxbldFeWFpSzVKcEU5YW9uYldsZSt0MUk0bm1MTHoydzV5Q0FMegpORTNGejhiMTgvTGVaUHFNb043MXNQUEMrQ0tYTUw2U05YRUdzQ0RLS2hYTEZIRWNVeFhVVVFTbUs2U25Tc0x2ClI2L285ZUZpVU15bXhwbWgrWW81b05DUWZZZnQ3TlJub2FHVDZXS3orVnNtWGRXekdNZWprMnFXSVhycmNKYm8KVWE2WFd0VzFKQXY1c3l0R0xFNHRVenkwWWtuKytvMDNJRTJGNys1Y2dHYXhKSlp3VU90eTNmOGZkZjZBSWU3QwpKanBMS0NWMEZZVGpMRmgxd203L3REWEFKRDlqbjRMQjFDaEV5NXdVbk1FUnBiY1BJZ2N4UTN6MzNTRS9CWGxvCkRvTjZuckI0ME9UYWdFc3BZUmJ2ZDlRYnYvQ3Z5WGZRakMxUzBOYklzODVPbWJEUFJYWUZGZDQ2ZjVmaWFBNXUKL3BWNTlBVFdrL2JFUU03a3lNTXhmR0UwNzZibVZaRGJIblNieU4ybnVDZUhzbHl5L2FzTmgyOUVORWFYMDV3UgpVNTlIOE9QSXRIeVdFQVNqNUtzQnVwRGhkV2YxQndJREFRQUJBb0lDQUFxeWRxZFM5N3VndWtrM0lrOXVpQkpyCklUNW40MGUwQWNpRC96ZEozd3JTbmMyY0gxVGUzQ1FYYTIvNVZJMjMrNE9PQ0lVY1ErQ2RvRUpFVTlXWEF5bSsKWWtuZm1kTU5ZRkF2ZE1WS0dKWWJQdnU4R01ZSzNRMnZOTXNaci8vV1ZuRlIrZzdmU2RXdEQyUlJhRTBqb25uMwo4VmxNeVhuWFcyaThMQUpSSlpWSCt0VUdvUnh3QXhzZUpLbFBsYWMwV1YrSU5UQ3pFMERqcFRuYTdlTFhMT3RaCnN6SksrRU1KZjZKbmUvTk0rOVVzTkJxTXVOMVVPS0J3ZU90VmtjMEZjaUJ1ZkVYTkF6aStmdGxaN3FqQUFWbisKcGF2cmJnN281S1hyN3hVZmVWMXplaGNwRERRTDhiTE5vRXlQSk5Eakl5Y0U0TE5SWU1xNm1IbFh2YmxTMGcrMwo3SUZ6Wko4dVMwZHhHcDAxaVF1anRCWW5aWEdsZnhiS2hleWVqSkIyb0I0VDhkbXN5dWprUzVOOXppdmpzUFBjCjI3Rm5VYSs2ejRZZ3ZVNWJveVZzVXRaUmw5QWg4dU5WZ1lMUlFWS3h6ZTd0N3hpUWs4eEZoLzN2NVVubXBxeVoKTWtKcVM2VW01dmRZRldJVnZHN2RlZU0xQjA4VG83M3ExcndncEZJTG95ditDa0d2VFNiUDlMU0N6blNjT2tMaAp0VUorMEpITGx4Q2FQUDlEUnVQWTJvSmFISnhvc3BRZlJ0RUMxbVZoYVBkcGlZazFuMnR2R0dLbUJyNUhFY0xkCmRmVXNobXgrNUV0VUlVa1g2dzdidEdRY0tIV1A0L0lZRzZjNEJzWncvUXA3eTNrWStpR3JNSThDYmNRcmI4dWIKWXpES1FzWloxdGM4d0N3RmRTTXBBb0lCQVFEODFxSkcwYUsyQzFRTEhCS0NhYnhmRmRjeFVEVmxVVVZOcnI0dgo3L3NVTHFLaW5rQTJnWjdjMXdHS3dId0VlYnpiMmdGMFdxbEd2QzRmQzBZSHVSSWpvYktzaVF3cDFSMHJWcFJkCnNrMjVqWUxITXJRREFvQmtGOTlnVVNuS25ocGI0ZkQ2NTlyNk0rY0lkQkZwUkdSSEZnTE9FRmVUWCs2Mm1GTlAKU0RKTFBmOWFCd215ckpseitQSlByT0h0NUZPZWpoZjJ3RGFyVmNvMmtkVkVacFJ2dGl2UUowdXJLbkFIVS8rUAovczgrYkxDbkRYcFdHUGphMTh4L0JUTFdUSlg5OXhicXYwdzNtb3NTTWxUQ0Faa0k0bTdSNUNtWGRLZzZ4TGxlClZFZE1PQVlCYlhST1l5aGlLc2d0M3JuK003VExxcDFSLzhhNEN6MEEySXZDV0g0cEFvSUJBUURVWWwrb1NHRisKTmRzenU3R2J6ODhFb1pWS2pFdG8xU1FsV0JhWHZZZXJzMXp0eW5ac0gyZWdMN0xLSHpkUmk3WVF6R3VaZkhFWQpwQjNtSzl1SXpndUJsVy9kb0pLY0NGTEZRRXJ1aURqNUx5N1lUbUVpTXFNU2YwbHI5S2syKzF6enZ3a3VTRERpCkZnZXpiS1dlZFo4YnM4bms3UHhuRC9rRkVURkg2TDFjWVVmN0w4TlV0aURrNDVyRU55UCthYThwdVVMSHo2ankKbFUzMHJnV084Zk03d1JEbjNZdDRiS3QxN3NDaDJZSHBuMFR5ZlZzYkQySDVSN1hCcGtuMjY1MllsQXhIalJLegp5L2FyTVVWNW13ZVFPSWRsM0lxR0tnWVBiTDBSUU9hU3FKKzR0N1oxZHZtOWIxUjhHMkRVWHU3Q045Ryt6amRZCmhtaXpMWTcxWk4rdkFvSUJBRitia2ZXUnBDT09tUk15WkZWb1FsRDZZMHRFZDB4K3RPUXhKYjNlMDJUSVZidUUKZCtla2tEd1dHWUVzVkRrbEI2TmpCcFhIQ3FleTFRWHNMMmtRTktuQXBWM1UzUUtja2RFbmhpY0FHNkFFd09VdQphUitTUEphYzZGejFsQVlJVHhOYmx0SnFCa1lDaG1TTjcxK00reFplWG1VcGpOUXZ2SWJUaHYwOTRiYk9GTmNvClBpU1FXOTZjenBRT1hjaWxSSEY2YmRsaXljbDBRV2p0TUdZVEhDSTZFc3M5Y01HaTVJWUEzMnpGLy93dEFZZkoKOHU3SHRxS2FZN3ZNYlhMWHR3ZzMvVFI3YmdqQXFjSVJ3amN5ZjNuNmxjbE1xK1dYdVYydnNpRFhZYmFTb01LOQpidk9OVDJIL3AzNmc4RmdObVZwQ2hBYlQzNE1Nek42YkJBNVRoREVDZ2dFQkFMaG1xWE50Vk9qR1RncCszdGpQCjk0aW4ydjJkRGlSNVd5YnBjc1JSRlNqcFZMaEozOFJGQ0M0Mis5OHVkMU5nSUxZNUp2dGU1cnRrVTJsemp1c2IKS3paWno0VDRWQk1SenZ2Z3RLNmlyQVQvQ0lkYWxrK2c4Nkd0enN2aTQ4RVBRa2VJQ0txY2w0VFZaOTVMYVFsSwpTdGs4b3dFWEdwZEpjUWNMUkdTUkdVaktWanNyMzBiLzAxT29vc25Xcm5QSXd3TlJEVUI3ZHM4WS8xU0FlK2IvCkFCZFRyQ0FGWllFcnFUdCtEdGI0Q1NvVTFVSk53UHFmd29zenpnWFRJY2s0RGQ5YU84Y3NINTdvYXNWOHhEdXYKZFVPdE1USXA2RVJRM0c0c0ZZU1RleDYvTmQ2bDg4L05lMDBWQ3ArdkRjV1duMnNXR0JDNDc2ajNHcFRuNjRYNQpEWlVDZ2dFQVRnYkRFUXl6V0NVRkJtSWFheUkrUFgydDNLNS91Tzl4blZxa1ZTUkdqT1NmckNaaHRLbkhNOHZqCm9TZy9MOWg5RFBXQnh4czI4TTkvUXdxb0RFQ2FnVDRMVEdOZEwrNm5oeHFIQzA4MVlNZk5sZjBaS3BtRDIwdW8KTDFzRnQxbll3RG9QVi9jZ2R0QkxGWkhGWFR5V0J0ZlZWbEh5UzBjbmp0a05hRmphZGVoN2JjeGRhM3d3Z2NDdAorL0dtMXU5OXRDbTA5aktMUmpVMmVDNmFBaGFrNjg0cjBsQWtDeGlHL3ljOVFGNGlYZzJXSmo2NUhYaC9OdGhSCk9vM2JhZ09jWExBSnFEd2J0eE02ZC95VllsaTc4a0NRL0xnOE5PTllkUjVleTU2eFdzWjZ5MVA0eCtUMmlzRk0KTVZUL0tHNERmYm13V2Vxb1NaNTh2eU51VXY0Vlp3PT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=