16 changed files with 5 additions and 820 deletions
--- a/FreeBSD/backup.sh
+++ b/FreeBSD/backup.sh
@ -1,14 +0,0 @@
 #!/bin/csh
 #Script to grab all relevant configuration files and installed packages, and back it up to github
 /usr/sbin/pkg prime-origins > /root/fw/pkg_prime-origins
 foreach i ( "/boot/loader.conf" "/etc/pf.conf" "/etc/rc.conf" "/etc/start_if.eth0" "/usr/local/etc/dhcpd.conf" "/usr/local/etc/namedb/named.conf" "/usr/local/etc/namedb/dynamic/example.com.db" "/var/cron/tabs/root" "/usr/local/etc/dhcp6c.conf" "/etc/rtadvd.conf" "/usr/local/etc/dhcpd6.conf" "/etc/dhclient.conf" )
 	echo "Backing up "$i
 	/bin/cp $i /root/fw$i
 end
 echo "git push"
 cd /root/fw/
 /usr/local/bin/git add .
 /usr/local/bin/git commit -S -m "nightly backup"
 /usr/local/bin/git push -u origin main
--- a/FreeBSD/boot/loader.conf
+++ b/FreeBSD/boot/loader.conf
@ -1,6 +0,0 @@
 netgraph_load="YES"
 ng_ether_load="YES"
 ng_etf_load="YES"
 ng_vlan_load="YES"
 ng_eiface_load="YES"
 ng_one2many_load="YES"
--- a/FreeBSD/etc/dhclient.conf
+++ b/FreeBSD/etc/dhclient.conf
@ -1,10 +0,0 @@
 # $FreeBSD$
 #
 #	This file is required by the ISC DHCP client.
 #	See ``man 5 dhclient.conf'' for details.
 #
 #	In most cases an empty file is sufficient for most people as the
 #	defaults are usually fine.
 #
 #
 supersede domain-name-servers 127.0.0.1;
--- a/FreeBSD/etc/pf.conf
+++ b/FreeBSD/etc/pf.conf
@ -1,60 +0,0 @@
 wan = "ngeth0"
 lan = "xxx"
 #options
 set skip on lo0
 set block-policy drop
 set fingerprints "/etc/pf.os"
 set ruleset-optimization basic
 set optimization normal
 set limit { states 1624000, src-nodes 1624000, frags 5000, table-entries 400000 }
 #scrub
 scrub on $wan all random-id fragment reassemble
 scrub on $lan all random-id fragment reassemble
 #NAT
 nat on $wan inet from ($lan:network) to any -> ($wan)
 #Filter
 #default deny
 block drop in inet all label "Default deny rule IPv4"
 block drop out inet all label "Default deny rule IPv4"
 block drop in inet6 all label "Default deny rule IPv6"
 block drop out inet6 all label "Default deny rule IPv6"
 #allow dhcp/dhcpv6 client
 pass in quick on $wan proto udp from any port = bootps to any port = bootpc keep state label "allow dhcp client out WAN"
 pass out quick on $wan proto udp from any port = bootpc to any port = bootps keep state label "allow dhcp client out WAN"
 pass in quick on $wan inet6 proto udp from fe80::/10 port = dhcpv6-client to fe80::/10 port = dhcpv6-client keep state label "allow dhcpv6 client in WAN"
 pass in quick on $wan proto udp from any port = dhcpv6-server to any port = dhcpv6-client keep state label "allow dhcpv6 client in WAN"
 pass out quick on $wan proto udp from any port = dhcpv6-client to any port = dhcpv6-server keep state label "allow dhcpv6 client out WAN"
 #allow dhcp/dhcpv6 server
 pass in quick on $lan inet proto udp from any port = bootpc to { 255.255.255.255, ($lan), ($lan:broadcast) } port = bootps keep state label "allow access to DHCP server"
 pass out quick on $lan inet proto udp from ($lan) port = bootps to any port = bootpc keep state label "allow access to DHCP server"
 pass quick on $lan inet6 proto udp from fe80::/10 to fe80::/10 port = dhcpv6-client keep state label "allow access to DHCPv6 server"
 pass quick on $lan inet6 proto udp from fe80::/10 to ff02::/16 port = dhcpv6-client keep state label "allow access to DHCPv6 server"
 pass quick on $lan inet6 proto udp from fe80::/10 to ff02::/16 port = dhcpv6-server keep state label "allow access to DHCPv6 server"
 pass quick on $lan inet6 proto udp from ff02::/16 to fe80::/10 port = dhcpv6-server keep state label "allow access to DHCPv6 server"
 pass in quick on $lan inet6 proto udp from fe80::/10 to ($lan) port = dhcpv6-client keep state label "allow access to DHCPv6 server"
 pass out quick on $lan inet6 proto udp from ($lan) port = dhcpv6-server to fe80::/10 keep state label "allow access to DHCPv6 server"
 #icmpv6
 pass quick inet6 proto ipv6-icmp all icmp6-type { unreach, toobig, neighbrsol, neighbradv } keep state
 pass out quick inet6 proto ipv6-icmp from fe80::/10 to { fe80::/10, ff02::/16 } icmp6-type { echorep, routersol, routeradv, neighbrsol, neighbradv } keep state
 pass in quick inet6 proto ipv6-icmp from fe80::/10 to { fe80::/10, ff02::/16 } icmp6-type { echorep, routersol, routeradv, neighbrsol, neighbradv } keep state
 pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type { echorep, routersol, routeradv, neighbrsol, neighbradv } keep state
 pass in quick inet6 proto ipv6-icmp from :: to ff02::/16 icmp6-type { echorep, routersol, routeradv, neighbrsol, neighbradv } keep state
 #allow self
 pass out inet all flags S/SA keep state allow-opts label "let out anything IPv4 from firewall host itself"
 pass out inet6 all flags S/SA keep state allow-opts label "let out anything IPv6 from firewall host itself"
 #allow LAN
 pass in on $lan inet all flags S/SA keep state label "Default allow LAN to any rule"
 pass in on $lan inet6 all flags S/SA keep state label "Default allow LAN to any rule"
--- a/FreeBSD/etc/rc.conf
+++ b/FreeBSD/etc/rc.conf
@ -1,44 +0,0 @@
 hostname="fw"
 ifconfig_eth0=""
 ifconfig_ngeth0="DHCP"
 ifconfig_ngeth0_ipv6="inet6 accept_rtadv up"
 ipv6_cpe_wanif="ngeth0"
 ifconfig_eth2="inet 192.168.1.1 netmask 255.255.255.0"
 ifconfig_eth2_ipv6="inet6 -accept-rtadv up"
 gateway_enable="YES"
 ipv6_gateway_enable="YES"
 ipv6_activate_all_interfaces="YES"
 rtadvd_enable="YES"
 rtadvd_interfaces="eth2"
 dhcp6c_enable="YES"
 dhcp6c_interfaces="ngeth0"
 dhcpd_enable="YES"
 dhcpd_flags="-q"
 dhcpd_conf="/usr/local/etc/dhcpd.conf"
 dhcpd_ifaces="eth2"
 dhcpd_withumask="022"
 dhcpd_chuser_enable="YES"
 dhcpd_withuser="dhcpd"
 dhcpd_withgroup="dhcpd"
 dhcpd_chroot_enable="YES"
 dhcpd_devfs_enable="YES"
 dhcpd_rootdir="/var/db/dhcpd"
 dhcpd6_enable="YES"
 dhcpd6_flags="-q"
 dhcpd6_conf="/usr/local/etc/dhcpd6.conf"
 dhcpd6_ifaces="eth2"
 dhcpd6_withumask="022"
 dhcpd6_chuser_enable="YES"
 dhcpd6_withuser="dhcpd"
 dhcpd6_withgroup="dhcpd"
 dhcpd6_chroot_enable="YES"
 dhcpd6_devfs_enable="YES"
 dhcpd6_rootdir="/var/db/dhcpd"
 pf_enable="YES"
 pf_rules="/etc/pf.conf"
 pflog_enable="YES"
 pflog_logfile="/var/log/pflog"
 powerd_enable="YES"
 powerd_flags="-b hadp -n hadp -a hadp"
 ntpd_enable="YES"
 sshd_enable="YES"
--- a/FreeBSD/etc/rtadvd.conf
+++ b/FreeBSD/etc/rtadvd.conf
@ -1,2 +0,0 @@
 default:\
 	:raflags="m"::prefixlen#64:\
--- a/FreeBSD/etc/start_if.eth0
+++ b/FreeBSD/etc/start_if.eth0
@ -1,87 +0,0 @@
 #!/bin/sh
 set -e
 ONT_IF='eth0'
 RG_IF='eth1'
 RG_ETHER_ADDR='00:11:22:33:44'
 LOG=/var/log/freeatt.log
 getTimestamp(){
    echo `date "+%Y-%m-%d %H:%M:%S :: [freeatt.sh] ::"`
 }
 {
    echo "$(getTimestamp) FreeBSD pf + AT&T U-verse Residential Gateway for true bridge mode"
    echo "$(getTimestamp) Configuration: "
    echo "$(getTimestamp)        ONT_IF: $ONT_IF"
    echo "$(getTimestamp)         RG_IF: $RG_IF"
    echo "$(getTimestamp) RG_ETHER_ADDR: $RG_ETHER_ADDR"
    echo "$(getTimestamp) building netgraph nodes..."
    echo -n "$(getTimestamp)   creating ng_one2many... "
    /usr/sbin/ngctl mkpeer $ONT_IF: one2many lower one
    /usr/sbin/ngctl name $ONT_IF:lower o2m
    echo "OK!"
    echo -n "$(getTimestamp)   creating vlan node and interface... "
    /usr/sbin/ngctl mkpeer o2m: vlan many0 downstream
    /usr/sbin/ngctl name o2m:many0 vlan0
    /usr/sbin/ngctl mkpeer vlan0: eiface vlan0 ether
    /usr/sbin/ngctl msg vlan0: 'addfilter { vlan=0 hook="vlan0" }'
    /usr/sbin/ngctl msg ngeth0: set $RG_ETHER_ADDR
    echo "OK!"
    echo -n "$(getTimestamp)   defining etf for $ONT_IF (ONT)... "
    /usr/sbin/ngctl mkpeer o2m: etf many1 downstream
    /usr/sbin/ngctl name o2m:many1 waneapfilter
    /usr/sbin/ngctl connect waneapfilter: $ONT_IF: nomatch upper
    echo "OK!"
    echo -n "$(getTimestamp)   defining etf for $RG_IF (RG)... "
    /usr/sbin/ngctl mkpeer $RG_IF: etf lower downstream
    /usr/sbin/ngctl name $RG_IF:lower laneapfilter
    /usr/sbin/ngctl connect laneapfilter: $RG_IF: nomatch upper
    echo "OK!"
    echo -n "$(getTimestamp)   bridging etf for $ONT_IF <-> $RG_IF... "
    /usr/sbin/ngctl connect waneapfilter: laneapfilter: eapout eapout
    echo "OK!"
    echo -n "$(getTimestamp)   defining filters for EAP traffic... "
    /usr/sbin/ngctl msg waneapfilter: 'setfilter { matchhook="eapout" ethertype=0x888e }'
    /usr/sbin/ngctl msg laneapfilter: 'setfilter { matchhook="eapout" ethertype=0x888e }'
    echo "OK!"
    echo -n "$(getTimestamp)   enabling one2many links... "
    /usr/sbin/ngctl msg o2m: setconfig "{ xmitAlg=2 failAlg=1 enabledLinks=[ 1 1 ] }"
    echo "OK!"
    echo -n "$(getTimestamp)   removing waneapfilter:nomatch hook... "
    /usr/sbin/ngctl rmhook waneapfilter: nomatch
    echo "OK!"
    echo -n "$(getTimestamp) enabling $RG_IF interface... "
    /sbin/ifconfig $RG_IF up
    echo "OK!"
    echo -n "$(getTimestamp) enabling $ONT_IF interface... "
    /sbin/ifconfig $ONT_IF up
    echo "OK!"
    echo -n "$(getTimestamp) enabling promiscuous mode on $RG_IF... "
    /sbin/ifconfig $RG_IF promisc
    echo "OK!"
    echo -n "$(getTimestamp) enabling promiscuous mode on $ONT_IF... "
    /sbin/ifconfig $ONT_IF promisc
    echo "OK!"
    echo -n "$(getTimestamp) set mac address on ngeth0..."
    /sbin/ifconfig ngeth0 ether $RG_ETHER_ADDR
    echo "OK!"
    echo "$(getTimestamp) ngeth0 should now be available to configure as your pf WAN"
    echo "$(getTimestamp) done!"
 } >> $LOG
--- a/FreeBSD/pkg_prime-origins
+++ b/FreeBSD/pkg_prime-origins
@ -1,6 +0,0 @@
 dns/bind916
 net/dhcp6
 devel/git
 security/gnupg
 net/isc-dhcp44-server
 ports-mgmt/pkg
--- a/FreeBSD/usr/local/etc/dhcp6c.conf
+++ b/FreeBSD/usr/local/etc/dhcp6c.conf
@ -1,12 +0,0 @@
 interface ngeth0 {
        send ia-pd 0;   # request prefix delegation
        request domain-name-servers;
        request domain-name;
 };
 id-assoc pd 0 {
        prefix ::/60 infinity;
        prefix-interface igb1 {
                sla-id 1;
                sla-len 4;
        };
 };
--- a/FreeBSD/usr/local/etc/dhcpd.conf
+++ b/FreeBSD/usr/local/etc/dhcpd.conf
@ -1,44 +0,0 @@
 option domain-name "example.com";
 option ldap-server code 95 = text;
 option domain-search-list code 119 = text;
 option arch code 93 = unsigned integer 16; # RFC4578
 default-lease-time 7200;
 max-lease-time 86400;
 log-facility local7;
 one-lease-per-client true;
 deny duplicates;
 update-conflict-detection false;
 authoritative;
 subnet 192.168.1.0 netmask 255.255.255.0 {
        pool {
                range 192.168.1.100 192.168.1.199;
        }
        option routers 192.168.1.1;
        option domain-name-servers 192.168.1.1;
        ping-check true;
 }
 host s_lan_0 {
        hardware ethernet 00:11:22:33:44:55;
        fixed-address 192.168.1.50
        option host-name "example-host1";
 }
 host s_lan_1 {
        hardware ethernet 66:77:88:99:aa:bb;
        fixed-address 192.168.1.51;
        option host-name "example-host2";
 }
 ddns-update-style interim;
 ddns-dual-stack-mixed-mode true;
 update-conflict-detection true;
 update-optimization false;
 deny client-updates;
 ddns-domainname "example.com.";
 ddns-hostname=pick(option fqdn.hostname, option host-name, concat("dyn-",binary-to-ascii(10,8,"-",leased-address)));
 zone example.com. {
 	primary 127.0.0.1;
 }
--- a/FreeBSD/usr/local/etc/dhcpd6.conf
+++ b/FreeBSD/usr/local/etc/dhcpd6.conf
@ -1,31 +0,0 @@
 option domain-name "example.com";
 option ldap-server code 95 = text;
 option domain-search-list code 119 = text;
 default-lease-time 7200;
 max-lease-time 86400;
 log-facility local7;
 one-lease-per-client true;
 deny duplicates;
 ping-check true;
 authoritative;
 subnet6 2600:1234:5678:90ab::/64 {
        range6 2600:1234:5678:90ab::1000 2600:1234:5678:90ab::2000;
        do-forward-updates false;
        option dhcp6.name-servers 2600:1234:5678:90ab::1;
 }
 ddns-update-style interim;
 ddns-dual-stack-mixed-mode true;
 update-conflict-detection true;
 update-optimization false;
 deny client-updates;
 ddns-domainname "example.com.";
 ddns-hostname=pick(option fqdn.hostname, concat("dyn-",binary-to-ascii(16,16,"-",substring(option dhcp6.ia-na, 16, 16))));
 zone example.com. {
        primary 127.0.0.1;
 }
--- a/FreeBSD/usr/local/etc/namedb/named.conf
+++ b/FreeBSD/usr/local/etc/namedb/named.conf
@ -1,385 +0,0 @@
 // Refer to the named.conf(5) and named(8) man pages, and the documentation
 // in /usr/local/share/doc/bind for more details.
 //
 // If you are going to set up an authoritative server, make sure you
 // understand the hairy details of how DNS works.  Even with
 // simple mistakes, you can break connectivity for affected parties,
 // or cause huge amounts of useless Internet traffic.
 options {
 	allow-query	{ any; };
 	recursion yes;
 	query-source-v6 address 2600:1234:5678:90ab::1;
 	// All file and path names are relative to the chroot directory,
 	// if any, and should be fully qualified.
 	directory	"/usr/local/etc/namedb/working";
 	pid-file	"/var/run/named/pid";
 	dump-file	"/var/dump/named_dump.db";
 	statistics-file	"/var/stats/named.stats";
 // If named is being used only as a local resolver, this is a safe default.
 // For named to be accessible to the network, comment this option, specify
 // the proper IP address, or delete this option.
 	#listen-on	{ 127.0.0.1; };
 // If you have IPv6 enabled on this system, uncomment this option for
 // use as a local resolver.  To give access to the network, specify
 // an IPv6 address, or the keyword "any".
 //	listen-on-v6	{ ::1; };
 	listen-on-v6	{ any; };
 // These zones are already covered by the empty zones listed below.
 // If you remove the related empty zones below, comment these lines out.
 	disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
 	disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
 	disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
 // If you've got a DNS server around at your upstream provider, enter
 // its IP address here, and enable the line below.  This will make you
 // benefit from its cache, thus reduce overall DNS traffic in the Internet.
 /*
 	forwarders {
 		127.0.0.1;
 	};
 */
 // If the 'forwarders' clause is not empty the default is to 'forward first'
 // which will fall back to sending a query from your local server if the name
 // servers in 'forwarders' do not have the answer.  Alternatively you can
 // force your name server to never initiate queries of its own by enabling the
 // following line:
 //	forward only;
 // If you wish to have forwarding configured automatically based on
 // the entries in /etc/resolv.conf, uncomment the following line and
 // set named_auto_forward=yes in /etc/rc.conf.  You can also enable
 // named_auto_forward_only (the effect of which is described above).
 //	include "/usr/local/etc/namedb/auto_forward.conf";
 	/*
 	   Modern versions of BIND use a random UDP port for each outgoing
 	   query by default in order to dramatically reduce the possibility
 	   of cache poisoning.  All users are strongly encouraged to utilize
 	   this feature, and to configure their firewalls to accommodate it.
 	   AS A LAST RESORT in order to get around a restrictive firewall
 	   policy you can try enabling the option below.  Use of this option
 	   will significantly reduce your ability to withstand cache poisoning
 	   attacks, and should be avoided if at all possible.
 	   Replace NNNNN in the example with a number between 49160 and 65530.
 	*/
 	// query-source address * port NNNNN;
 };
 zone "thundat00th.net." { type master; allow-update { 127.0.0.1; }; file "/usr/local/etc/namedb/dynamic/example.com.db"; };
 // If you enable a local name server, don't forget to enter 127.0.0.1
 // first in your /etc/resolv.conf so this server will be queried.
 // Also, make sure to enable it in /etc/rc.conf.
 // The traditional root hints mechanism. Use this, OR the slave zones below.
 zone "." { type hint; file "/usr/local/etc/namedb/named.root"; };
 /*	Slaving the following zones from the root name servers has some
 	significant advantages:
 	1. Faster local resolution for your users
 	2. No spurious traffic will be sent from your network to the roots
 	3. Greater resilience to any potential root server failure/DDoS
 	On the other hand, this method requires more monitoring than the
 	hints file to be sure that an unexpected failure mode has not
 	incapacitated your server.  Name servers that are serving a lot
 	of clients will benefit more from this approach than individual
 	hosts.  Use with caution.
 	To use this mechanism, uncomment the entries below, and comment
 	the hint zone above.
 	As documented at http://dns.icann.org/services/axfr/ these zones:
 	"." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and a few others
 	are available for AXFR from these servers on IPv4 and IPv6:
 	xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org
 */
 /*
 zone "." {
 	type slave;
 	file "/usr/local/etc/namedb/slave/root.slave";
 	masters {
 		192.0.32.132;           // lax.xfr.dns.icann.org
 		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
 		192.0.47.132;           // iad.xfr.dns.icann.org
 		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
 	};
 	notify no;
 };
 zone "arpa" {
 	type slave;
 	file "/usr/local/etc/namedb/slave/arpa.slave";
 	masters {
 		192.0.32.132;           // lax.xfr.dns.icann.org
 		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
 		192.0.47.132;           // iad.xfr.dns.icann.org
 		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
 	};
 	notify no;
 };
 zone "in-addr.arpa" {
 	type slave;
 	file "/usr/local/etc/namedb/slave/in-addr.arpa.slave";
 	masters {
 		192.0.32.132;           // lax.xfr.dns.icann.org
 		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
 		192.0.47.132;           // iad.xfr.dns.icann.org
 		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
 	};
 	notify no;
 };
 zone "ip6.arpa" {
 	type slave;
 	file "/usr/local/etc/namedb/slave/ip6.arpa.slave";
 	masters {
 		192.0.32.132;           // lax.xfr.dns.icann.org
 		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
 		192.0.47.132;           // iad.xfr.dns.icann.org
 		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
 	};
 	notify no;
 };
 */
 /*	Serving the following zones locally will prevent any queries
 	for these zones leaving your network and going to the root
 	name servers.  This has two significant advantages:
 	1. Faster local resolution for your users
 	2. No spurious traffic will be sent from your network to the roots
 */
 // RFCs 1912, 5735 and 6303 (and BCP 32 for localhost)
 zone "localhost"	{ type master; file "/usr/local/etc/namedb/master/localhost-forward.db"; };
 zone "127.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/localhost-reverse.db"; };
 zone "255.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 // RFC 1912-style zone for IPv6 localhost address (RFC 6303)
 zone "0.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/localhost-reverse.db"; };
 // "This" Network (RFCs 1912, 5735 and 6303)
 zone "0.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 // Private Use Networks (RFCs 1918, 5735 and 6303)
 zone "10.in-addr.arpa"	   { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "16.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "17.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "18.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "19.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "20.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "21.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "22.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "23.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "24.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "25.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "26.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "27.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "28.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "29.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "30.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "31.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "168.192.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 // Shared Address Space (RFC 6598)
 zone "64.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "65.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "66.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "67.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "68.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "69.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "70.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "71.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "72.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "73.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "74.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "75.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "76.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "77.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "78.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "79.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "80.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "81.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "82.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "83.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "84.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "85.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "86.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "87.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "88.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "89.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "90.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "91.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "92.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "93.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "94.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "95.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "96.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "97.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "98.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "99.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "100.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "101.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "102.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "103.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "104.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "105.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "106.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "107.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "108.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "109.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "110.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "111.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "112.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "113.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "114.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "115.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "116.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "117.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "118.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "119.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "120.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "121.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "122.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "123.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "124.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "125.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "126.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "127.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 // Link-local/APIPA (RFCs 3927, 5735 and 6303)
 zone "254.169.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 // IETF protocol assignments (RFCs 5735 and 5736)
 zone "0.0.192.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 // TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303)
 zone "2.0.192.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "100.51.198.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "113.0.203.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 // IPv6 Example Range for Documentation (RFCs 3849 and 6303)
 zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 // Router Benchmark Testing (RFCs 2544 and 5735)
 zone "18.198.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "19.198.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
 // IANA Reserved - Old Class E Space (RFC 5735)
 zone "240.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "241.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "242.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "243.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "244.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "245.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "246.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "247.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "248.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "249.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "250.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "251.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "252.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "253.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "254.in-addr.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 // IPv6 Unassigned Addresses (RFC 4291)
 zone "1.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "3.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "4.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "5.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "6.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "7.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "8.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "9.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "a.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "b.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "c.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "d.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "e.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "0.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "1.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "2.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "3.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "4.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "5.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "6.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "7.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "8.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "9.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "a.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "b.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "0.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "1.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "2.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "3.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "4.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "5.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "6.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "7.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 // IPv6 ULA (RFCs 4193 and 6303)
 zone "c.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "d.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 // IPv6 Link Local (RFCs 4291 and 6303)
 zone "8.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "9.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "a.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "b.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 // IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303)
 zone "c.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "d.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "e.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 zone "f.e.f.ip6.arpa"	{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 // IP6.INT is Deprecated (RFC 4159)
 zone "ip6.int"		{ type master; file "/usr/local/etc/namedb/master/empty.db"; };
 // NB: Do not use the IP addresses below, they are faked, and only
 // serve demonstration/documentation purposes!
 //
 // Example slave zone config entries.  It can be convenient to become
 // a slave at least for the zone your own domain is in.  Ask
 // your network administrator for the IP address of the responsible
 // master name server.
 //
 // Do not forget to include the reverse lookup zone!
 // This is named after the first bytes of the IP address, in reverse
 // order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6.
 //
 // Before starting to set up a master zone, make sure you fully
 // understand how DNS and BIND work.  There are sometimes
 // non-obvious pitfalls.  Setting up a slave zone is usually simpler.
 //
 // NB: Don't blindly enable the examples below. :-)  Use actual names
 // and addresses instead.
 /* An example dynamic zone
 key "exampleorgkey" {
 	algorithm hmac-md5;
 	secret "sf87HJqjkqh8ac87a02lla==";
 };
 zone "example.org" {
 	type master;
 	allow-update {
 		key "exampleorgkey";
 	};
 	file "/usr/local/etc/namedb/dynamic/example.org";
 };
 */
 /* Example of a slave reverse zone
 zone "1.168.192.in-addr.arpa" {
 	type slave;
 	file "/usr/local/etc/namedb/slave/1.168.192.in-addr.arpa";
 	masters {
 		192.168.1.1;
 	};
 };
 */
--- a/FreeBSD/var/cron/tabs/root
+++ b/FreeBSD/var/cron/tabs/root
@ -1,8 +0,0 @@
 # DO NOT EDIT THIS FILE - edit the master and reinstall.
 # (/tmp/crontab.q40BAzenoV installed on Sun Apr 18 22:56:27 2021)
 # (Cron version -- $FreeBSD$)
 # monthly zpool scrub
 0 2 1 * * /sbin/zpool scrub zrootmirror
 # nightly config backup
 0 3 * * * /root/fw/backup.sh
--- a/README.md
+++ b/README.md
@ -301,7 +301,7 @@ There is a whole thread on this at [DSLreports](http://www.dslreports.com/forum/
 However, I don't think this works for everyone. I had to explicitly tag my WAN traffic to VLAN0 which wasn't supported on my switch.
-## OPNSense
+## OPNSense / FreeBSD
 For OPNSense 20.1:
 follow the pfSense instructions, EXCEPT:
 1) use file opnatt.sh
@ -310,23 +310,7 @@ follow the pfSense instructions, EXCEPT:
 4) do *NOT* modify config.xml, nor do any of the duid stuff
 5) note: You *CAN* use IPv6 Prefix id 0, as OPNSense does *NOT* assign a routeable IPv6 address to ngeth0
-## FreeBSD (tested on 13.0-RELEASE)
+I haven't tried this with native FreeBSD, but I imagine the process is ultimately the same with netgraph. Feel free to submit a PR with notes on your experience.
 For FreeBSD:
 1) use file freeatt.sh
 2) ng_etf.ko is not needed, standard FreeBSD includes all of the required modules
 3) modules can be loaded from /boot/loader.conf, an example loader.conf with the modules listed is included (loading modules in the script should work, but lets do things "properly")
 4) put the freeatt.sh script into '/etc' and rename to `start_if.$ONT_IF` in my case the file is `/etc/start_if.igb0` this will depend on your hardware
 5) in rc.conf, add the line `ifconfig_$ONT_IF=""` this will trigger rc to run our start_if.$ONT_IF script to create the ngeth0 interface, and then do nothing else to the interface, in my case this line is `ifconfig_igb0=""` (using $RG_IF instead probably gives the same result)
 6) configure the rest of rc.conf, an example is provided with the essentials, gateway_enable, DHCP settings etc.
 7) configure pf, dhcpd, etc. to taste, generic examples provided
 Once you have IPv4 connectivity you're done, unless you want IPv6 as well.  The default dhclient still does not support IPv6, so:
 1) Install KAME dhcp6c 'pkg install dhcp6'
 2) Configure rc.conf with 'ipv6_cpe_wanif="ngeth0"' in addition to the other ipv6, dhcp6c, and rtadvd configuration in rc.conf, filling in with your lan interface(s)
 3) use the example configuration in `/usr/local/etc/dhcp6c.conf` to configure dhcp6c
 4) Set some inet6 rules in pf.conf and test
 Example configuration files are provided for bind, dhcpd, dhcpd6, rtadvd, etc. based off of a currently working dual stack router running FreeBSD 13, other versions of FreeBSD may work
 # U-verse TV
--- a/bin/freeatt.sh
+++ b/bin/freeatt.sh
@ -1,87 +0,0 @@
 #!/bin/sh
 set -e
 ONT_IF='xx0'
 RG_IF='xx1'
 RG_ETHER_ADDR='xx:xx:xx:xx:xx:xx'
 LOG=/var/log/freeatt.log
 getTimestamp(){
    echo `date "+%Y-%m-%d %H:%M:%S :: [freeatt.sh] ::"`
 }
 {
    echo "$(getTimestamp) FreeBSD pf + AT&T U-verse Residential Gateway for true bridge mode"
    echo "$(getTimestamp) Configuration: "
    echo "$(getTimestamp)        ONT_IF: $ONT_IF"
    echo "$(getTimestamp)         RG_IF: $RG_IF"
    echo "$(getTimestamp) RG_ETHER_ADDR: $RG_ETHER_ADDR"
    echo "$(getTimestamp) building netgraph nodes..."
    echo -n "$(getTimestamp)   creating ng_one2many... "
    /usr/sbin/ngctl mkpeer $ONT_IF: one2many lower one
    /usr/sbin/ngctl name $ONT_IF:lower o2m
    echo "OK!"
    echo -n "$(getTimestamp)   creating vlan node and interface... "
    /usr/sbin/ngctl mkpeer o2m: vlan many0 downstream
    /usr/sbin/ngctl name o2m:many0 vlan0
    /usr/sbin/ngctl mkpeer vlan0: eiface vlan0 ether
    /usr/sbin/ngctl msg vlan0: 'addfilter { vlan=0 hook="vlan0" }'
    /usr/sbin/ngctl msg ngeth0: set $RG_ETHER_ADDR
    echo "OK!"
    echo -n "$(getTimestamp)   defining etf for $ONT_IF (ONT)... "
    /usr/sbin/ngctl mkpeer o2m: etf many1 downstream
    /usr/sbin/ngctl name o2m:many1 waneapfilter
    /usr/sbin/ngctl connect waneapfilter: $ONT_IF: nomatch upper
    echo "OK!"
    echo -n "$(getTimestamp)   defining etf for $RG_IF (RG)... "
    /usr/sbin/ngctl mkpeer $RG_IF: etf lower downstream
    /usr/sbin/ngctl name $RG_IF:lower laneapfilter
    /usr/sbin/ngctl connect laneapfilter: $RG_IF: nomatch upper
    echo "OK!"
    echo -n "$(getTimestamp)   bridging etf for $ONT_IF <-> $RG_IF... "
    /usr/sbin/ngctl connect waneapfilter: laneapfilter: eapout eapout
    echo "OK!"
    echo -n "$(getTimestamp)   defining filters for EAP traffic... "
    /usr/sbin/ngctl msg waneapfilter: 'setfilter { matchhook="eapout" ethertype=0x888e }'
    /usr/sbin/ngctl msg laneapfilter: 'setfilter { matchhook="eapout" ethertype=0x888e }'
    echo "OK!"
    echo -n "$(getTimestamp)   enabling one2many links... "
    /usr/sbin/ngctl msg o2m: setconfig "{ xmitAlg=2 failAlg=1 enabledLinks=[ 1 1 ] }"
    echo "OK!"
    echo -n "$(getTimestamp)   removing waneapfilter:nomatch hook... "
    /usr/sbin/ngctl rmhook waneapfilter: nomatch
    echo "OK!"
    echo -n "$(getTimestamp) enabling $RG_IF interface... "
    /sbin/ifconfig $RG_IF up
    echo "OK!"
    echo -n "$(getTimestamp) enabling $ONT_IF interface... "
    /sbin/ifconfig $ONT_IF up
    echo "OK!"
    echo -n "$(getTimestamp) enabling promiscuous mode on $RG_IF... "
    /sbin/ifconfig $RG_IF promisc
    echo "OK!"
    echo -n "$(getTimestamp) enabling promiscuous mode on $ONT_IF... "
    /sbin/ifconfig $ONT_IF promisc
    echo "OK!"
    echo -n "$(getTimestamp) set mac address on ngeth0..."
    /sbin/ifconfig ngeth0 ether $RG_ETHER_ADDR
    echo "OK!"
    echo "$(getTimestamp) ngeth0 should now be available to configure as your pf WAN"
    echo "$(getTimestamp) done!"
 } >> $LOG
--- a/bin/pfatt.sh
+++ b/bin/pfatt.sh
@ -18,10 +18,8 @@ getTimestamp(){
    echo "$(getTimestamp) RG_ETHER_ADDR: $RG_ETHER_ADDR"
    echo -n "$(getTimestamp) attaching interfaces to ng_ether... "
-    # Only needed for older versions of pfatt. Newer versions handle this automatically.
+    /usr/local/bin/php -r "pfSense_ngctl_attach('.', '$ONT_IF');"
-    # Eventually this can be remove.
+    /usr/local/bin/php -r "pfSense_ngctl_attach('.', '$RG_IF');"
    /usr/local/bin/php -r "function_exists('pfSense_ngctl_attach') && pfSense_ngctl_attach('.', '$ONT_IF');"
    /usr/local/bin/php -r "function_exists('pfSense_ngctl_attach') && pfSense_ngctl_attach('.', '$RG_IF');"
    echo "OK!"
    echo "$(getTimestamp) building netgraph nodes..."
@ -82,8 +80,7 @@ getTimestamp(){
    echo "OK!"
    echo -n "$(getTimestamp) enabling promiscuous mode on $ONT_IF... "
-    # Updated as per https://github.com/MonkWho/pfatt/issues/65
+    /sbin/ifconfig $ONT_IF promisc
    /sbin/ifconfig $ONT_IF promisc -vlanhwtag -vlanhwfilter -vlanhwtso
    echo "OK!"
    echo "$(getTimestamp) ngeth0 should now be available to configure as your pfSense WAN"