You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
851 lines
103 KiB
851 lines
103 KiB
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<meta name="generator" content="Asciidoctor 2.0.10">
|
|
<meta name="description" content="Intro and Install">
|
|
<meta name="keywords" content="sec, tcpdump">
|
|
<meta name="author" content="Apostolos rootApostolos@swarmlab.io">
|
|
<title>Iptables with shorewall!</title>
|
|
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,400,400italic,600,600italic%7CNoto+Serif:400,400italic,700,700italic%7CDroid+Sans+Mono:400,700">
|
|
<style>
|
|
/* Asciidoctor default stylesheet | MIT License | https://asciidoctor.org */
|
|
/* Uncomment @import statement to use as custom stylesheet */
|
|
/*@import "https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,400,400italic,600,600italic%7CNoto+Serif:400,400italic,700,700italic%7CDroid+Sans+Mono:400,700";*/
|
|
article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section{display:block}
|
|
audio,video{display:inline-block}
|
|
audio:not([controls]){display:none;height:0}
|
|
html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}
|
|
a{background:none}
|
|
a:focus{outline:thin dotted}
|
|
a:active,a:hover{outline:0}
|
|
h1{font-size:2em;margin:.67em 0}
|
|
abbr[title]{border-bottom:1px dotted}
|
|
b,strong{font-weight:bold}
|
|
dfn{font-style:italic}
|
|
hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0}
|
|
mark{background:#ff0;color:#000}
|
|
code,kbd,pre,samp{font-family:monospace;font-size:1em}
|
|
pre{white-space:pre-wrap}
|
|
q{quotes:"\201C" "\201D" "\2018" "\2019"}
|
|
small{font-size:80%}
|
|
sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}
|
|
sup{top:-.5em}
|
|
sub{bottom:-.25em}
|
|
img{border:0}
|
|
svg:not(:root){overflow:hidden}
|
|
figure{margin:0}
|
|
fieldset{border:1px solid silver;margin:0 2px;padding:.35em .625em .75em}
|
|
legend{border:0;padding:0}
|
|
button,input,select,textarea{font-family:inherit;font-size:100%;margin:0}
|
|
button,input{line-height:normal}
|
|
button,select{text-transform:none}
|
|
button,html input[type="button"],input[type="reset"],input[type="submit"]{-webkit-appearance:button;cursor:pointer}
|
|
button[disabled],html input[disabled]{cursor:default}
|
|
input[type="checkbox"],input[type="radio"]{box-sizing:border-box;padding:0}
|
|
button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}
|
|
textarea{overflow:auto;vertical-align:top}
|
|
table{border-collapse:collapse;border-spacing:0}
|
|
*,*::before,*::after{-moz-box-sizing:border-box;-webkit-box-sizing:border-box;box-sizing:border-box}
|
|
html,body{font-size:100%}
|
|
body{background:#fff;color:rgba(0,0,0,.8);padding:0;margin:0;font-family:"Noto Serif","DejaVu Serif",serif;font-weight:400;font-style:normal;line-height:1;position:relative;cursor:auto;tab-size:4;-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased}
|
|
a:hover{cursor:pointer}
|
|
img,object,embed{max-width:100%;height:auto}
|
|
object,embed{height:100%}
|
|
img{-ms-interpolation-mode:bicubic}
|
|
.left{float:left!important}
|
|
.right{float:right!important}
|
|
.text-left{text-align:left!important}
|
|
.text-right{text-align:right!important}
|
|
.text-center{text-align:center!important}
|
|
.text-justify{text-align:justify!important}
|
|
.hide{display:none}
|
|
img,object,svg{display:inline-block;vertical-align:middle}
|
|
textarea{height:auto;min-height:50px}
|
|
select{width:100%}
|
|
.center{margin-left:auto;margin-right:auto}
|
|
.stretch{width:100%}
|
|
.subheader,.admonitionblock td.content>.title,.audioblock>.title,.exampleblock>.title,.imageblock>.title,.listingblock>.title,.literalblock>.title,.stemblock>.title,.openblock>.title,.paragraph>.title,.quoteblock>.title,table.tableblock>.title,.verseblock>.title,.videoblock>.title,.dlist>.title,.olist>.title,.ulist>.title,.qlist>.title,.hdlist>.title{line-height:1.45;color:#7a2518;font-weight:400;margin-top:0;margin-bottom:.25em}
|
|
div,dl,dt,dd,ul,ol,li,h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6,pre,form,p,blockquote,th,td{margin:0;padding:0;direction:ltr}
|
|
a{color:#2156a5;text-decoration:underline;line-height:inherit}
|
|
a:hover,a:focus{color:#1d4b8f}
|
|
a img{border:0}
|
|
p{font-family:inherit;font-weight:400;font-size:1em;line-height:1.6;margin-bottom:1.25em;text-rendering:optimizeLegibility}
|
|
p aside{font-size:.875em;line-height:1.35;font-style:italic}
|
|
h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{font-family:"Open Sans","DejaVu Sans",sans-serif;font-weight:300;font-style:normal;color:#ba3925;text-rendering:optimizeLegibility;margin-top:1em;margin-bottom:.5em;line-height:1.0125em}
|
|
h1 small,h2 small,h3 small,#toctitle small,.sidebarblock>.content>.title small,h4 small,h5 small,h6 small{font-size:60%;color:#e99b8f;line-height:0}
|
|
h1{font-size:2.125em}
|
|
h2{font-size:1.6875em}
|
|
h3,#toctitle,.sidebarblock>.content>.title{font-size:1.375em}
|
|
h4,h5{font-size:1.125em}
|
|
h6{font-size:1em}
|
|
hr{border:solid #dddddf;border-width:1px 0 0;clear:both;margin:1.25em 0 1.1875em;height:0}
|
|
em,i{font-style:italic;line-height:inherit}
|
|
strong,b{font-weight:bold;line-height:inherit}
|
|
small{font-size:60%;line-height:inherit}
|
|
code{font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;font-weight:400;color:rgba(0,0,0,.9)}
|
|
ul,ol,dl{font-size:1em;line-height:1.6;margin-bottom:1.25em;list-style-position:outside;font-family:inherit}
|
|
ul,ol{margin-left:1.5em}
|
|
ul li ul,ul li ol{margin-left:1.25em;margin-bottom:0;font-size:1em}
|
|
ul.square li ul,ul.circle li ul,ul.disc li ul{list-style:inherit}
|
|
ul.square{list-style-type:square}
|
|
ul.circle{list-style-type:circle}
|
|
ul.disc{list-style-type:disc}
|
|
ol li ul,ol li ol{margin-left:1.25em;margin-bottom:0}
|
|
dl dt{margin-bottom:.3125em;font-weight:bold}
|
|
dl dd{margin-bottom:1.25em}
|
|
abbr,acronym{text-transform:uppercase;font-size:90%;color:rgba(0,0,0,.8);border-bottom:1px dotted #ddd;cursor:help}
|
|
abbr{text-transform:none}
|
|
blockquote{margin:0 0 1.25em;padding:.5625em 1.25em 0 1.1875em;border-left:1px solid #ddd}
|
|
blockquote cite{display:block;font-size:.9375em;color:rgba(0,0,0,.6)}
|
|
blockquote cite::before{content:"\2014 \0020"}
|
|
blockquote cite a,blockquote cite a:visited{color:rgba(0,0,0,.6)}
|
|
blockquote,blockquote p{line-height:1.6;color:rgba(0,0,0,.85)}
|
|
@media screen and (min-width:768px){h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{line-height:1.2}
|
|
h1{font-size:2.75em}
|
|
h2{font-size:2.3125em}
|
|
h3,#toctitle,.sidebarblock>.content>.title{font-size:1.6875em}
|
|
h4{font-size:1.4375em}}
|
|
table{background:#fff;margin-bottom:1.25em;border:solid 1px #dedede}
|
|
table thead,table tfoot{background:#f7f8f7}
|
|
table thead tr th,table thead tr td,table tfoot tr th,table tfoot tr td{padding:.5em .625em .625em;font-size:inherit;color:rgba(0,0,0,.8);text-align:left}
|
|
table tr th,table tr td{padding:.5625em .625em;font-size:inherit;color:rgba(0,0,0,.8)}
|
|
table tr.even,table tr.alt{background:#f8f8f7}
|
|
table thead tr th,table tfoot tr th,table tbody tr td,table tr td,table tfoot tr td{display:table-cell;line-height:1.6}
|
|
h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{line-height:1.2;word-spacing:-.05em}
|
|
h1 strong,h2 strong,h3 strong,#toctitle strong,.sidebarblock>.content>.title strong,h4 strong,h5 strong,h6 strong{font-weight:400}
|
|
.clearfix::before,.clearfix::after,.float-group::before,.float-group::after{content:" ";display:table}
|
|
.clearfix::after,.float-group::after{clear:both}
|
|
:not(pre):not([class^=L])>code{font-size:.9375em;font-style:normal!important;letter-spacing:0;padding:.1em .5ex;word-spacing:-.15em;background:#f7f7f8;-webkit-border-radius:4px;border-radius:4px;line-height:1.45;text-rendering:optimizeSpeed;word-wrap:break-word}
|
|
:not(pre)>code.nobreak{word-wrap:normal}
|
|
:not(pre)>code.nowrap{white-space:nowrap}
|
|
pre{color:rgba(0,0,0,.9);font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;line-height:1.45;text-rendering:optimizeSpeed}
|
|
pre code,pre pre{color:inherit;font-size:inherit;line-height:inherit}
|
|
pre>code{display:block}
|
|
pre.nowrap,pre.nowrap pre{white-space:pre;word-wrap:normal}
|
|
em em{font-style:normal}
|
|
strong strong{font-weight:400}
|
|
.keyseq{color:rgba(51,51,51,.8)}
|
|
kbd{font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;display:inline-block;color:rgba(0,0,0,.8);font-size:.65em;line-height:1.45;background:#f7f7f7;border:1px solid #ccc;-webkit-border-radius:3px;border-radius:3px;-webkit-box-shadow:0 1px 0 rgba(0,0,0,.2),0 0 0 .1em white inset;box-shadow:0 1px 0 rgba(0,0,0,.2),0 0 0 .1em #fff inset;margin:0 .15em;padding:.2em .5em;vertical-align:middle;position:relative;top:-.1em;white-space:nowrap}
|
|
.keyseq kbd:first-child{margin-left:0}
|
|
.keyseq kbd:last-child{margin-right:0}
|
|
.menuseq,.menuref{color:#000}
|
|
.menuseq b:not(.caret),.menuref{font-weight:inherit}
|
|
.menuseq{word-spacing:-.02em}
|
|
.menuseq b.caret{font-size:1.25em;line-height:.8}
|
|
.menuseq i.caret{font-weight:bold;text-align:center;width:.45em}
|
|
b.button::before,b.button::after{position:relative;top:-1px;font-weight:400}
|
|
b.button::before{content:"[";padding:0 3px 0 2px}
|
|
b.button::after{content:"]";padding:0 2px 0 3px}
|
|
p a>code:hover{color:rgba(0,0,0,.9)}
|
|
#header,#content,#footnotes,#footer{width:100%;margin-left:auto;margin-right:auto;margin-top:0;margin-bottom:0;max-width:62.5em;*zoom:1;position:relative;padding-left:.9375em;padding-right:.9375em}
|
|
#header::before,#header::after,#content::before,#content::after,#footnotes::before,#footnotes::after,#footer::before,#footer::after{content:" ";display:table}
|
|
#header::after,#content::after,#footnotes::after,#footer::after{clear:both}
|
|
#content{margin-top:1.25em}
|
|
#content::before{content:none}
|
|
#header>h1:first-child{color:rgba(0,0,0,.85);margin-top:2.25rem;margin-bottom:0}
|
|
#header>h1:first-child+#toc{margin-top:8px;border-top:1px solid #dddddf}
|
|
#header>h1:only-child,body.toc2 #header>h1:nth-last-child(2){border-bottom:1px solid #dddddf;padding-bottom:8px}
|
|
#header .details{border-bottom:1px solid #dddddf;line-height:1.45;padding-top:.25em;padding-bottom:.25em;padding-left:.25em;color:rgba(0,0,0,.6);display:-ms-flexbox;display:-webkit-flex;display:flex;-ms-flex-flow:row wrap;-webkit-flex-flow:row wrap;flex-flow:row wrap}
|
|
#header .details span:first-child{margin-left:-.125em}
|
|
#header .details span.email a{color:rgba(0,0,0,.85)}
|
|
#header .details br{display:none}
|
|
#header .details br+span::before{content:"\00a0\2013\00a0"}
|
|
#header .details br+span.author::before{content:"\00a0\22c5\00a0";color:rgba(0,0,0,.85)}
|
|
#header .details br+span#revremark::before{content:"\00a0|\00a0"}
|
|
#header #revnumber{text-transform:capitalize}
|
|
#header #revnumber::after{content:"\00a0"}
|
|
#content>h1:first-child:not([class]){color:rgba(0,0,0,.85);border-bottom:1px solid #dddddf;padding-bottom:8px;margin-top:0;padding-top:1rem;margin-bottom:1.25rem}
|
|
#toc{border-bottom:1px solid #e7e7e9;padding-bottom:.5em}
|
|
#toc>ul{margin-left:.125em}
|
|
#toc ul.sectlevel0>li>a{font-style:italic}
|
|
#toc ul.sectlevel0 ul.sectlevel1{margin:.5em 0}
|
|
#toc ul{font-family:"Open Sans","DejaVu Sans",sans-serif;list-style-type:none}
|
|
#toc li{line-height:1.3334;margin-top:.3334em}
|
|
#toc a{text-decoration:none}
|
|
#toc a:active{text-decoration:underline}
|
|
#toctitle{color:#7a2518;font-size:1.2em}
|
|
@media screen and (min-width:768px){#toctitle{font-size:1.375em}
|
|
body.toc2{padding-left:15em;padding-right:0}
|
|
#toc.toc2{margin-top:0!important;background:#f8f8f7;position:fixed;width:15em;left:0;top:0;border-right:1px solid #e7e7e9;border-top-width:0!important;border-bottom-width:0!important;z-index:1000;padding:1.25em 1em;height:100%;overflow:auto}
|
|
#toc.toc2 #toctitle{margin-top:0;margin-bottom:.8rem;font-size:1.2em}
|
|
#toc.toc2>ul{font-size:.9em;margin-bottom:0}
|
|
#toc.toc2 ul ul{margin-left:0;padding-left:1em}
|
|
#toc.toc2 ul.sectlevel0 ul.sectlevel1{padding-left:0;margin-top:.5em;margin-bottom:.5em}
|
|
body.toc2.toc-right{padding-left:0;padding-right:15em}
|
|
body.toc2.toc-right #toc.toc2{border-right-width:0;border-left:1px solid #e7e7e9;left:auto;right:0}}
|
|
@media screen and (min-width:1280px){body.toc2{padding-left:20em;padding-right:0}
|
|
#toc.toc2{width:20em}
|
|
#toc.toc2 #toctitle{font-size:1.375em}
|
|
#toc.toc2>ul{font-size:.95em}
|
|
#toc.toc2 ul ul{padding-left:1.25em}
|
|
body.toc2.toc-right{padding-left:0;padding-right:20em}}
|
|
#content #toc{border-style:solid;border-width:1px;border-color:#e0e0dc;margin-bottom:1.25em;padding:1.25em;background:#f8f8f7;-webkit-border-radius:4px;border-radius:4px}
|
|
#content #toc>:first-child{margin-top:0}
|
|
#content #toc>:last-child{margin-bottom:0}
|
|
#footer{max-width:100%;background:rgba(0,0,0,.8);padding:1.25em}
|
|
#footer-text{color:rgba(255,255,255,.8);line-height:1.44}
|
|
#content{margin-bottom:.625em}
|
|
.sect1{padding-bottom:.625em}
|
|
@media screen and (min-width:768px){#content{margin-bottom:1.25em}
|
|
.sect1{padding-bottom:1.25em}}
|
|
.sect1:last-child{padding-bottom:0}
|
|
.sect1+.sect1{border-top:1px solid #e7e7e9}
|
|
#content h1>a.anchor,h2>a.anchor,h3>a.anchor,#toctitle>a.anchor,.sidebarblock>.content>.title>a.anchor,h4>a.anchor,h5>a.anchor,h6>a.anchor{position:absolute;z-index:1001;width:1.5ex;margin-left:-1.5ex;display:block;text-decoration:none!important;visibility:hidden;text-align:center;font-weight:400}
|
|
#content h1>a.anchor::before,h2>a.anchor::before,h3>a.anchor::before,#toctitle>a.anchor::before,.sidebarblock>.content>.title>a.anchor::before,h4>a.anchor::before,h5>a.anchor::before,h6>a.anchor::before{content:"\00A7";font-size:.85em;display:block;padding-top:.1em}
|
|
#content h1:hover>a.anchor,#content h1>a.anchor:hover,h2:hover>a.anchor,h2>a.anchor:hover,h3:hover>a.anchor,#toctitle:hover>a.anchor,.sidebarblock>.content>.title:hover>a.anchor,h3>a.anchor:hover,#toctitle>a.anchor:hover,.sidebarblock>.content>.title>a.anchor:hover,h4:hover>a.anchor,h4>a.anchor:hover,h5:hover>a.anchor,h5>a.anchor:hover,h6:hover>a.anchor,h6>a.anchor:hover{visibility:visible}
|
|
#content h1>a.link,h2>a.link,h3>a.link,#toctitle>a.link,.sidebarblock>.content>.title>a.link,h4>a.link,h5>a.link,h6>a.link{color:#ba3925;text-decoration:none}
|
|
#content h1>a.link:hover,h2>a.link:hover,h3>a.link:hover,#toctitle>a.link:hover,.sidebarblock>.content>.title>a.link:hover,h4>a.link:hover,h5>a.link:hover,h6>a.link:hover{color:#a53221}
|
|
details,.audioblock,.imageblock,.literalblock,.listingblock,.stemblock,.videoblock{margin-bottom:1.25em}
|
|
details>summary:first-of-type{cursor:pointer;display:list-item;outline:none;margin-bottom:.75em}
|
|
.admonitionblock td.content>.title,.audioblock>.title,.exampleblock>.title,.imageblock>.title,.listingblock>.title,.literalblock>.title,.stemblock>.title,.openblock>.title,.paragraph>.title,.quoteblock>.title,table.tableblock>.title,.verseblock>.title,.videoblock>.title,.dlist>.title,.olist>.title,.ulist>.title,.qlist>.title,.hdlist>.title{text-rendering:optimizeLegibility;text-align:left;font-family:"Noto Serif","DejaVu Serif",serif;font-size:1rem;font-style:italic}
|
|
table.tableblock.fit-content>caption.title{white-space:nowrap;width:0}
|
|
.paragraph.lead>p,#preamble>.sectionbody>[class="paragraph"]:first-of-type p{font-size:1.21875em;line-height:1.6;color:rgba(0,0,0,.85)}
|
|
table.tableblock #preamble>.sectionbody>[class="paragraph"]:first-of-type p{font-size:inherit}
|
|
.admonitionblock>table{border-collapse:separate;border:0;background:none;width:100%}
|
|
.admonitionblock>table td.icon{text-align:center;width:80px}
|
|
.admonitionblock>table td.icon img{max-width:none}
|
|
.admonitionblock>table td.icon .title{font-weight:bold;font-family:"Open Sans","DejaVu Sans",sans-serif;text-transform:uppercase}
|
|
.admonitionblock>table td.content{padding-left:1.125em;padding-right:1.25em;border-left:1px solid #dddddf;color:rgba(0,0,0,.6)}
|
|
.admonitionblock>table td.content>:last-child>:last-child{margin-bottom:0}
|
|
.exampleblock>.content{border-style:solid;border-width:1px;border-color:#e6e6e6;margin-bottom:1.25em;padding:1.25em;background:#fff;-webkit-border-radius:4px;border-radius:4px}
|
|
.exampleblock>.content>:first-child{margin-top:0}
|
|
.exampleblock>.content>:last-child{margin-bottom:0}
|
|
.sidebarblock{border-style:solid;border-width:1px;border-color:#dbdbd6;margin-bottom:1.25em;padding:1.25em;background:#f3f3f2;-webkit-border-radius:4px;border-radius:4px}
|
|
.sidebarblock>:first-child{margin-top:0}
|
|
.sidebarblock>:last-child{margin-bottom:0}
|
|
.sidebarblock>.content>.title{color:#7a2518;margin-top:0;text-align:center}
|
|
.exampleblock>.content>:last-child>:last-child,.exampleblock>.content .olist>ol>li:last-child>:last-child,.exampleblock>.content .ulist>ul>li:last-child>:last-child,.exampleblock>.content .qlist>ol>li:last-child>:last-child,.sidebarblock>.content>:last-child>:last-child,.sidebarblock>.content .olist>ol>li:last-child>:last-child,.sidebarblock>.content .ulist>ul>li:last-child>:last-child,.sidebarblock>.content .qlist>ol>li:last-child>:last-child{margin-bottom:0}
|
|
.literalblock pre,.listingblock>.content>pre{-webkit-border-radius:4px;border-radius:4px;word-wrap:break-word;overflow-x:auto;padding:1em;font-size:.8125em}
|
|
@media screen and (min-width:768px){.literalblock pre,.listingblock>.content>pre{font-size:.90625em}}
|
|
@media screen and (min-width:1280px){.literalblock pre,.listingblock>.content>pre{font-size:1em}}
|
|
.literalblock pre,.listingblock>.content>pre:not(.highlight),.listingblock>.content>pre[class="highlight"],.listingblock>.content>pre[class^="highlight "]{background:#f7f7f8}
|
|
.literalblock.output pre{color:#f7f7f8;background:rgba(0,0,0,.9)}
|
|
.listingblock>.content{position:relative}
|
|
.listingblock code[data-lang]::before{display:none;content:attr(data-lang);position:absolute;font-size:.75em;top:.425rem;right:.5rem;line-height:1;text-transform:uppercase;color:inherit;opacity:.5}
|
|
.listingblock:hover code[data-lang]::before{display:block}
|
|
.listingblock.terminal pre .command::before{content:attr(data-prompt);padding-right:.5em;color:inherit;opacity:.5}
|
|
.listingblock.terminal pre .command:not([data-prompt])::before{content:"$"}
|
|
.listingblock pre.highlightjs{padding:0}
|
|
.listingblock pre.highlightjs>code{padding:1em;-webkit-border-radius:4px;border-radius:4px}
|
|
.listingblock pre.prettyprint{border-width:0}
|
|
.prettyprint{background:#f7f7f8}
|
|
pre.prettyprint .linenums{line-height:1.45;margin-left:2em}
|
|
pre.prettyprint li{background:none;list-style-type:inherit;padding-left:0}
|
|
pre.prettyprint li code[data-lang]::before{opacity:1}
|
|
pre.prettyprint li:not(:first-child) code[data-lang]::before{display:none}
|
|
table.linenotable{border-collapse:separate;border:0;margin-bottom:0;background:none}
|
|
table.linenotable td[class]{color:inherit;vertical-align:top;padding:0;line-height:inherit;white-space:normal}
|
|
table.linenotable td.code{padding-left:.75em}
|
|
table.linenotable td.linenos{border-right:1px solid currentColor;opacity:.35;padding-right:.5em}
|
|
pre.pygments .lineno{border-right:1px solid currentColor;opacity:.35;display:inline-block;margin-right:.75em}
|
|
pre.pygments .lineno::before{content:"";margin-right:-.125em}
|
|
.quoteblock{margin:0 1em 1.25em 1.5em;display:table}
|
|
.quoteblock:not(.excerpt)>.title{margin-left:-1.5em;margin-bottom:.75em}
|
|
.quoteblock blockquote,.quoteblock p{color:rgba(0,0,0,.85);font-size:1.15rem;line-height:1.75;word-spacing:.1em;letter-spacing:0;font-style:italic;text-align:justify}
|
|
.quoteblock blockquote{margin:0;padding:0;border:0}
|
|
.quoteblock blockquote::before{content:"\201c";float:left;font-size:2.75em;font-weight:bold;line-height:.6em;margin-left:-.6em;color:#7a2518;text-shadow:0 1px 2px rgba(0,0,0,.1)}
|
|
.quoteblock blockquote>.paragraph:last-child p{margin-bottom:0}
|
|
.quoteblock .attribution{margin-top:.75em;margin-right:.5ex;text-align:right}
|
|
.verseblock{margin:0 1em 1.25em}
|
|
.verseblock pre{font-family:"Open Sans","DejaVu Sans",sans;font-size:1.15rem;color:rgba(0,0,0,.85);font-weight:300;text-rendering:optimizeLegibility}
|
|
.verseblock pre strong{font-weight:400}
|
|
.verseblock .attribution{margin-top:1.25rem;margin-left:.5ex}
|
|
.quoteblock .attribution,.verseblock .attribution{font-size:.9375em;line-height:1.45;font-style:italic}
|
|
.quoteblock .attribution br,.verseblock .attribution br{display:none}
|
|
.quoteblock .attribution cite,.verseblock .attribution cite{display:block;letter-spacing:-.025em;color:rgba(0,0,0,.6)}
|
|
.quoteblock.abstract blockquote::before,.quoteblock.excerpt blockquote::before,.quoteblock .quoteblock blockquote::before{display:none}
|
|
.quoteblock.abstract blockquote,.quoteblock.abstract p,.quoteblock.excerpt blockquote,.quoteblock.excerpt p,.quoteblock .quoteblock blockquote,.quoteblock .quoteblock p{line-height:1.6;word-spacing:0}
|
|
.quoteblock.abstract{margin:0 1em 1.25em;display:block}
|
|
.quoteblock.abstract>.title{margin:0 0 .375em;font-size:1.15em;text-align:center}
|
|
.quoteblock.excerpt>blockquote,.quoteblock .quoteblock{padding:0 0 .25em 1em;border-left:.25em solid #dddddf}
|
|
.quoteblock.excerpt,.quoteblock .quoteblock{margin-left:0}
|
|
.quoteblock.excerpt blockquote,.quoteblock.excerpt p,.quoteblock .quoteblock blockquote,.quoteblock .quoteblock p{color:inherit;font-size:1.0625rem}
|
|
.quoteblock.excerpt .attribution,.quoteblock .quoteblock .attribution{color:inherit;text-align:left;margin-right:0}
|
|
table.tableblock{max-width:100%;border-collapse:separate}
|
|
p.tableblock:last-child{margin-bottom:0}
|
|
td.tableblock>.content>:last-child{margin-bottom:-1.25em}
|
|
td.tableblock>.content>:last-child.sidebarblock{margin-bottom:0}
|
|
table.tableblock,th.tableblock,td.tableblock{border:0 solid #dedede}
|
|
table.grid-all>thead>tr>.tableblock,table.grid-all>tbody>tr>.tableblock{border-width:0 1px 1px 0}
|
|
table.grid-all>tfoot>tr>.tableblock{border-width:1px 1px 0 0}
|
|
table.grid-cols>*>tr>.tableblock{border-width:0 1px 0 0}
|
|
table.grid-rows>thead>tr>.tableblock,table.grid-rows>tbody>tr>.tableblock{border-width:0 0 1px}
|
|
table.grid-rows>tfoot>tr>.tableblock{border-width:1px 0 0}
|
|
table.grid-all>*>tr>.tableblock:last-child,table.grid-cols>*>tr>.tableblock:last-child{border-right-width:0}
|
|
table.grid-all>tbody>tr:last-child>.tableblock,table.grid-all>thead:last-child>tr>.tableblock,table.grid-rows>tbody>tr:last-child>.tableblock,table.grid-rows>thead:last-child>tr>.tableblock{border-bottom-width:0}
|
|
table.frame-all{border-width:1px}
|
|
table.frame-sides{border-width:0 1px}
|
|
table.frame-topbot,table.frame-ends{border-width:1px 0}
|
|
table.stripes-all tr,table.stripes-odd tr:nth-of-type(odd),table.stripes-even tr:nth-of-type(even),table.stripes-hover tr:hover{background:#f8f8f7}
|
|
th.halign-left,td.halign-left{text-align:left}
|
|
th.halign-right,td.halign-right{text-align:right}
|
|
th.halign-center,td.halign-center{text-align:center}
|
|
th.valign-top,td.valign-top{vertical-align:top}
|
|
th.valign-bottom,td.valign-bottom{vertical-align:bottom}
|
|
th.valign-middle,td.valign-middle{vertical-align:middle}
|
|
table thead th,table tfoot th{font-weight:bold}
|
|
tbody tr th{display:table-cell;line-height:1.6;background:#f7f8f7}
|
|
tbody tr th,tbody tr th p,tfoot tr th,tfoot tr th p{color:rgba(0,0,0,.8);font-weight:bold}
|
|
p.tableblock>code:only-child{background:none;padding:0}
|
|
p.tableblock{font-size:1em}
|
|
ol{margin-left:1.75em}
|
|
ul li ol{margin-left:1.5em}
|
|
dl dd{margin-left:1.125em}
|
|
dl dd:last-child,dl dd:last-child>:last-child{margin-bottom:0}
|
|
ol>li p,ul>li p,ul dd,ol dd,.olist .olist,.ulist .ulist,.ulist .olist,.olist .ulist{margin-bottom:.625em}
|
|
ul.checklist,ul.none,ol.none,ul.no-bullet,ol.no-bullet,ol.unnumbered,ul.unstyled,ol.unstyled{list-style-type:none}
|
|
ul.no-bullet,ol.no-bullet,ol.unnumbered{margin-left:.625em}
|
|
ul.unstyled,ol.unstyled{margin-left:0}
|
|
ul.checklist{margin-left:.625em}
|
|
ul.checklist li>p:first-child>.fa-square-o:first-child,ul.checklist li>p:first-child>.fa-check-square-o:first-child{width:1.25em;font-size:.8em;position:relative;bottom:.125em}
|
|
ul.checklist li>p:first-child>input[type="checkbox"]:first-child{margin-right:.25em}
|
|
ul.inline{display:-ms-flexbox;display:-webkit-box;display:flex;-ms-flex-flow:row wrap;-webkit-flex-flow:row wrap;flex-flow:row wrap;list-style:none;margin:0 0 .625em -1.25em}
|
|
ul.inline>li{margin-left:1.25em}
|
|
.unstyled dl dt{font-weight:400;font-style:normal}
|
|
ol.arabic{list-style-type:decimal}
|
|
ol.decimal{list-style-type:decimal-leading-zero}
|
|
ol.loweralpha{list-style-type:lower-alpha}
|
|
ol.upperalpha{list-style-type:upper-alpha}
|
|
ol.lowerroman{list-style-type:lower-roman}
|
|
ol.upperroman{list-style-type:upper-roman}
|
|
ol.lowergreek{list-style-type:lower-greek}
|
|
.hdlist>table,.colist>table{border:0;background:none}
|
|
.hdlist>table>tbody>tr,.colist>table>tbody>tr{background:none}
|
|
td.hdlist1,td.hdlist2{vertical-align:top;padding:0 .625em}
|
|
td.hdlist1{font-weight:bold;padding-bottom:1.25em}
|
|
.literalblock+.colist,.listingblock+.colist{margin-top:-.5em}
|
|
.colist td:not([class]):first-child{padding:.4em .75em 0;line-height:1;vertical-align:top}
|
|
.colist td:not([class]):first-child img{max-width:none}
|
|
.colist td:not([class]):last-child{padding:.25em 0}
|
|
.thumb,.th{line-height:0;display:inline-block;border:solid 4px #fff;-webkit-box-shadow:0 0 0 1px #ddd;box-shadow:0 0 0 1px #ddd}
|
|
.imageblock.left{margin:.25em .625em 1.25em 0}
|
|
.imageblock.right{margin:.25em 0 1.25em .625em}
|
|
.imageblock>.title{margin-bottom:0}
|
|
.imageblock.thumb,.imageblock.th{border-width:6px}
|
|
.imageblock.thumb>.title,.imageblock.th>.title{padding:0 .125em}
|
|
.image.left,.image.right{margin-top:.25em;margin-bottom:.25em;display:inline-block;line-height:0}
|
|
.image.left{margin-right:.625em}
|
|
.image.right{margin-left:.625em}
|
|
a.image{text-decoration:none;display:inline-block}
|
|
a.image object{pointer-events:none}
|
|
sup.footnote,sup.footnoteref{font-size:.875em;position:static;vertical-align:super}
|
|
sup.footnote a,sup.footnoteref a{text-decoration:none}
|
|
sup.footnote a:active,sup.footnoteref a:active{text-decoration:underline}
|
|
#footnotes{padding-top:.75em;padding-bottom:.75em;margin-bottom:.625em}
|
|
#footnotes hr{width:20%;min-width:6.25em;margin:-.25em 0 .75em;border-width:1px 0 0}
|
|
#footnotes .footnote{padding:0 .375em 0 .225em;line-height:1.3334;font-size:.875em;margin-left:1.2em;margin-bottom:.2em}
|
|
#footnotes .footnote a:first-of-type{font-weight:bold;text-decoration:none;margin-left:-1.05em}
|
|
#footnotes .footnote:last-of-type{margin-bottom:0}
|
|
#content #footnotes{margin-top:-.625em;margin-bottom:0;padding:.75em 0}
|
|
.gist .file-data>table{border:0;background:#fff;width:100%;margin-bottom:0}
|
|
.gist .file-data>table td.line-data{width:99%}
|
|
div.unbreakable{page-break-inside:avoid}
|
|
.big{font-size:larger}
|
|
.small{font-size:smaller}
|
|
.underline{text-decoration:underline}
|
|
.overline{text-decoration:overline}
|
|
.line-through{text-decoration:line-through}
|
|
.aqua{color:#00bfbf}
|
|
.aqua-background{background:#00fafa}
|
|
.black{color:#000}
|
|
.black-background{background:#000}
|
|
.blue{color:#0000bf}
|
|
.blue-background{background:#0000fa}
|
|
.fuchsia{color:#bf00bf}
|
|
.fuchsia-background{background:#fa00fa}
|
|
.gray{color:#606060}
|
|
.gray-background{background:#7d7d7d}
|
|
.green{color:#006000}
|
|
.green-background{background:#007d00}
|
|
.lime{color:#00bf00}
|
|
.lime-background{background:#00fa00}
|
|
.maroon{color:#600000}
|
|
.maroon-background{background:#7d0000}
|
|
.navy{color:#000060}
|
|
.navy-background{background:#00007d}
|
|
.olive{color:#606000}
|
|
.olive-background{background:#7d7d00}
|
|
.purple{color:#600060}
|
|
.purple-background{background:#7d007d}
|
|
.red{color:#bf0000}
|
|
.red-background{background:#fa0000}
|
|
.silver{color:#909090}
|
|
.silver-background{background:#bcbcbc}
|
|
.teal{color:#006060}
|
|
.teal-background{background:#007d7d}
|
|
.white{color:#bfbfbf}
|
|
.white-background{background:#fafafa}
|
|
.yellow{color:#bfbf00}
|
|
.yellow-background{background:#fafa00}
|
|
span.icon>.fa{cursor:default}
|
|
a span.icon>.fa{cursor:inherit}
|
|
.admonitionblock td.icon [class^="fa icon-"]{font-size:2.5em;text-shadow:1px 1px 2px rgba(0,0,0,.5);cursor:default}
|
|
.admonitionblock td.icon .icon-note::before{content:"\f05a";color:#19407c}
|
|
.admonitionblock td.icon .icon-tip::before{content:"\f0eb";text-shadow:1px 1px 2px rgba(155,155,0,.8);color:#111}
|
|
.admonitionblock td.icon .icon-warning::before{content:"\f071";color:#bf6900}
|
|
.admonitionblock td.icon .icon-caution::before{content:"\f06d";color:#bf3400}
|
|
.admonitionblock td.icon .icon-important::before{content:"\f06a";color:#bf0000}
|
|
.conum[data-value]{display:inline-block;color:#fff!important;background:rgba(0,0,0,.8);-webkit-border-radius:100px;border-radius:100px;text-align:center;font-size:.75em;width:1.67em;height:1.67em;line-height:1.67em;font-family:"Open Sans","DejaVu Sans",sans-serif;font-style:normal;font-weight:bold}
|
|
.conum[data-value] *{color:#fff!important}
|
|
.conum[data-value]+b{display:none}
|
|
.conum[data-value]::after{content:attr(data-value)}
|
|
pre .conum[data-value]{position:relative;top:-.125em}
|
|
b.conum *{color:inherit!important}
|
|
.conum:not([data-value]):empty{display:none}
|
|
dt,th.tableblock,td.content,div.footnote{text-rendering:optimizeLegibility}
|
|
h1,h2,p,td.content,span.alt{letter-spacing:-.01em}
|
|
p strong,td.content strong,div.footnote strong{letter-spacing:-.005em}
|
|
p,blockquote,dt,td.content,span.alt{font-size:1.0625rem}
|
|
p{margin-bottom:1.25rem}
|
|
.sidebarblock p,.sidebarblock dt,.sidebarblock td.content,p.tableblock{font-size:1em}
|
|
.exampleblock>.content{background:#fffef7;border-color:#e0e0dc;-webkit-box-shadow:0 1px 4px #e0e0dc;box-shadow:0 1px 4px #e0e0dc}
|
|
.print-only{display:none!important}
|
|
@page{margin:1.25cm .75cm}
|
|
@media print{*{-webkit-box-shadow:none!important;box-shadow:none!important;text-shadow:none!important}
|
|
html{font-size:80%}
|
|
a{color:inherit!important;text-decoration:underline!important}
|
|
a.bare,a[href^="#"],a[href^="mailto:"]{text-decoration:none!important}
|
|
a[href^="http:"]:not(.bare)::after,a[href^="https:"]:not(.bare)::after{content:"(" attr(href) ")";display:inline-block;font-size:.875em;padding-left:.25em}
|
|
abbr[title]::after{content:" (" attr(title) ")"}
|
|
pre,blockquote,tr,img,object,svg{page-break-inside:avoid}
|
|
thead{display:table-header-group}
|
|
svg{max-width:100%}
|
|
p,blockquote,dt,td.content{font-size:1em;orphans:3;widows:3}
|
|
h2,h3,#toctitle,.sidebarblock>.content>.title{page-break-after:avoid}
|
|
#toc,.sidebarblock,.exampleblock>.content{background:none!important}
|
|
#toc{border-bottom:1px solid #dddddf!important;padding-bottom:0!important}
|
|
body.book #header{text-align:center}
|
|
body.book #header>h1:first-child{border:0!important;margin:2.5em 0 1em}
|
|
body.book #header .details{border:0!important;display:block;padding:0!important}
|
|
body.book #header .details span:first-child{margin-left:0!important}
|
|
body.book #header .details br{display:block}
|
|
body.book #header .details br+span::before{content:none!important}
|
|
body.book #toc{border:0!important;text-align:left!important;padding:0!important;margin:0!important}
|
|
body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-break-before:always}
|
|
.listingblock code[data-lang]::before{display:block}
|
|
#footer{padding:0 .9375em}
|
|
.hide-on-print{display:none!important}
|
|
.print-only{display:block!important}
|
|
.hide-for-print{display:none!important}
|
|
.show-for-print{display:inherit!important}}
|
|
@media print,amzn-kf8{#header>h1:first-child{margin-top:1.25rem}
|
|
.sect1{padding:0!important}
|
|
.sect1+.sect1{border:0}
|
|
#footer{background:none}
|
|
#footer-text{color:rgba(0,0,0,.6);font-size:.9em}}
|
|
@media amzn-kf8{#header,#content,#footnotes,#footer{padding:0}}
|
|
</style>
|
|
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
|
|
</head>
|
|
<body class="article toc2 toc-right">
|
|
<div id="header">
|
|
<h1>Iptables with shorewall!</h1>
|
|
<div class="details">
|
|
<span id="author" class="author">Apostolos rootApostolos@swarmlab.io</span><br>
|
|
</div>
|
|
<div id="toc" class="toc2">
|
|
<div id="toctitle">Table of Contents</div>
|
|
<ul class="sectlevel1">
|
|
<li><a href="#cheat-Docker">1. Install swarmlab-sec (Home PC)</a></li>
|
|
<li><a href="#_shorewall">2. shorewall</a>
|
|
<ul class="sectlevel2">
|
|
<li><a href="#_installation">2.1. Installation</a></li>
|
|
</ul>
|
|
</li>
|
|
<li><a href="#_basic_two_interface_firewall">3. Basic Two-Interface Firewall</a></li>
|
|
<li><a href="#_shorewall_concepts">4. Shorewall Concepts</a>
|
|
<ul class="sectlevel2">
|
|
<li><a href="#_zones_shorewall_zone_declaration_file">4.1. zones — Shorewall zone declaration file</a></li>
|
|
<li><a href="#_interfaces_shorewall_interfaces_file">4.2. interfaces — Shorewall interfaces file</a></li>
|
|
<li><a href="#_policy_shorewall_policy_file">4.3. policy — Shorewall policy file</a></li>
|
|
<li><a href="#_rules_shorewall_rules_file">4.4. rules — Shorewall rules file</a></li>
|
|
<li><a href="#_compile_then_execute">4.5. Compile then Execute</a></li>
|
|
</ul>
|
|
</li>
|
|
<li><a href="#_three_interface_firewall">5. Three-Interface Firewall</a>
|
|
<ul class="sectlevel2">
|
|
<li><a href="#_zones">5.1. zones</a></li>
|
|
<li><a href="#_interfaces">5.2. interfaces</a></li>
|
|
<li><a href="#_policy">5.3. policy</a></li>
|
|
<li><a href="#_rules">5.4. rules</a></li>
|
|
<li><a href="#_masq_shorewall_masqueradesnat_definition_file">5.5. masq - Shorewall Masquerade/SNAT definition file</a></li>
|
|
<li><a href="#_snat_shorewall_snatmasquerade_definition_file">5.6. snat — Shorewall SNAT/Masquerade definition file</a></li>
|
|
<li><a href="#_compile_and_execute">5.7. Compile and Execute</a></li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</div>
|
|
</div>
|
|
<div id="content">
|
|
<div id="preamble">
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p><br></p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="cheat-Docker">1. Install swarmlab-sec (Home PC)</h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>HowTo: See <a href="http://docs.swarmlab.io/lab/sec/sec.adoc.html" class="bare">http://docs.swarmlab.io/lab/sec/sec.adoc.html</a></p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
<div class="title">NOTE</div>
|
|
<div class="paragraph">
|
|
<p>Assuming you’re already logged in</p>
|
|
</div>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_shorewall">2. shorewall</h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p><strong>Shorewall</strong> is an open source firewall tool for Linux that builds upon the Netfilter (iptables/ipchains) system built into the Linux kernel, making it easier to manage more complex configuration schemes by providing a higher level of abstraction for describing rules using text files.</p>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p><a href="https://en.wikipedia.org/wiki/Shorewall">More: wikipedia</a></p>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
<div class="title">NOTE</div>
|
|
<div class="paragraph">
|
|
<p>Our docker instances have only one nic</p>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p>to add more nic’s:</p>
|
|
</div>
|
|
<div class="listingblock">
|
|
<div class="title">create netowrk frist</div>
|
|
<div class="content">
|
|
<pre class="highlight"><code class="language-bash" data-lang="bash">docker network create --driver=bridge --subnet=192.168.0.0/16 net1
|
|
docker network create --driver=bridge --subnet=192.168.0.0/16 net2
|
|
docker network create --driver=bridge --subnet=192.168.0.0/16 net3</code></pre>
|
|
</div>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p>then connect network to container</p>
|
|
</div>
|
|
<div class="listingblock">
|
|
<div class="title">connect network created to container</div>
|
|
<div class="content">
|
|
<pre class="highlight"><code class="language-bash" data-lang="bash">docker network connect net1 master
|
|
docker network connect net1 worker1
|
|
docker network connect net2 master
|
|
docker network connect net2 worker2</code></pre>
|
|
</div>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p>now let’s look at the following image</p>
|
|
</div>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
<div class="sect2">
|
|
<h3 id="_installation">2.1. Installation</h3>
|
|
<div class="paragraph">
|
|
<p>Shorewall is already installed on swarmlab-sec.</p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_basic_two_interface_firewall">3. Basic Two-Interface Firewall</h2>
|
|
<div class="sectionbody">
|
|
<div class="imageblock">
|
|
<div class="content">
|
|
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAbwAAAJ7CAIAAAAX17MZAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAgY0hSTQAAeiYAAICEAAD6AAAAgOgAAHUwAADqYAAAOpgAABdwnLpRPAAASLxJREFUeF7tnTGoJUeWpnOZ1o66W62u7undFrvsoIEtkDNDmTJk1DDGNmOpQMsIFhYtxdJaY5iGLWjBGmUMhYw1BDsFWsYYwZRRrNWU1WaZ7RTIFGXJK5mCKUNm7f/eKZ2KF5k3b0ZkRGZG5pdcHvdmRp488ceJL09E5L3vX7148aLL3f7vP/zD//unf8o9m/NQAAVQoDEF3vmLv+gEzeztow8++KTrHvNCARRAgQMo8LDr3v7FL+ZC84uuU6bKCwVQAAV2r8DXQHP3bUwFUQAFCioANEmQUQAFUCBBAaCZIFbBmxWmUAAFGlUAaAJNFEABFEhQAGgmiNXojRG3UQAFCioANIEmCqAACiQoADQTxCp4s8IUCqBAowoATaCJAiiAAgkKAM0EsRq9MeI2CqBAQQWAJtBEARRAgQQFgGaCWAVvVphCARRoVAGgCTRRAAVQIEEBoJkgVqM3RtxGARQoqADQBJoogAIokKAA0EwQq+DNClMogAKNKgA0gSYKoAAKJCgANBPEavTGiNsogAIFFQCaQBMFUCBTAf/PPgWRVMNmQfdkCmhmhkvZZsAaCrSiQPgv0Pwfi13Zmf6fb2rYrKcn0JwEzeddd6/rnvai4X7X6WXNozcq0389vjw6eMh2ynjUwKcKhyWfXV7x1uVLb/QxNKKLykg/brTT/Blxqe9PvfjDckMKGNrO/gfGl8WmobOGzdqSAs1J0Hxy2bbv9eJAe3yn3mi73nsZvML9UTEZj5q5b8Riy0s++N6gOWDltdPt6KLabg9Zdpj2r2J7+v7UjkLsb1yBiWgLeXoWnTVsLiMj0EyAppr5zlUMRdDsU3WwFQWmwTTwVJOLYjrFCSg49oGoo9qcmwZNbY+uOhxeOtWNZSKSq2xNAUXR2ezyVIGLc4deNWwuphvQTICmBsLafHirRloAmhosi24hjkOAhoEi93TIh956b3vC4TbQXKxr7eNCc+hmJO1zs4bNJdUGmgnQVMYXUnIZaNro26dTbaIgBLeHi3Zqs8G1Mk07KyIs0Fyyd7V+rfl063Ozhs2FdQaaadA0DPkgPco0DUnRq7+uMn1cbIPuEJE27u4vSSlutBbklg2a2qk1onCQHkFTqWjf4YVDkMttU4FSdAu5WcPm8uoBzTRoWhLnIOtD0/aErz7gJkLT5i59dT4cd58KlD40VTIcpEfQtIF/+FLh5aOQK25NgbJ0e8XN7MnREyf2x/4LKAk0JzHCBsW+rOysrDenGS3+eCgYSQcXuEVnbbYW5JmmZ6C2jsTwfIFO1folahCzNC1f2Vuem0AzB5o+SK8Ezf7ij/dDG4NH6acd1U4dsgc2Q2j6IN0eVNIhKz8x4W0dAfifqgDQHFcMaOZA0wfpNrw1iaM1ohHdz9LKFn+i59XdoA23o6MGUx9cR9D0Qbr6A9BMhcihyrdFzFML9FWbDGhmQtMoqS2CpgbO0St1TlOrTJZL9k35mpJRVZmjWKmXP+vuJO1D06gaQVPXGrlK1cjD+AYVaJGYy3MTaE6FpogTzSTaIN2TO0sA+6/+0sp4pnnKTnSW5ijDa+ljuEzfh6aP38NMc9BhL7DBXo1LVRUAmlPkBZqToDlFylXKWJ64yqW56M4UaJeYCyebQBPioAAKXCgANCfeBYEmHQYFUKB5Yg5+X3MiBFOLAU06DAqgwB6guRg3gSYdBgWOqMDlcPzltoOxefRlzbBqqYnk2fJA84gd5mxYUGDHChhQot++rPeNnYUt96tW/CtDQBNoosCBFGh9tScPwWW5CTQP1GF2nD1RtSkKHJOYxR9IAppAEwUOocCRiVmWm0DzEB1mShpCmR0rADELchNoAk0U2LkCEDNe9Zr3JTqgufMOs+PsiapNVABoAk0whwIoMFWBVGLev9ymLFI/f/58SrENlpm5mE6mOTX4Jt7VKYYCm1IgFZrvXW5nSXfv3r1bt26dLVakgOisaz158qSItflfHAKaQBMFdqtAKjEFlInQnFisCOaES1UEaO42TDeVZeDMwRWYCU3j1LNnz5RXatMbg+DTp08NmiHItNOK6Y2zUu+VJz5+/Nj32ym2pz8PMGjkwYOL/4ylv6HlmTieM0In0wTfKLBbBWZC8/r163fu3NFf8VF/tQl2otXt27fto/YbyGyPkVQX1VkGNX30wnojYqqYFzYjjr9BIwZo2TRTM1nppwPN3Qb9wRMlqj9TgfnQFNR8wUfvfR4zHJ4rB9QhzzotMTS8Gm3tvTYbaDv7jKGWb44YKT48nzmtSaYJcFFgtwrMh6bnjJZO+hpRCM3+/KZnhdEhw58zVDYFTY3TB+dS3QjQ3G2AzkwKOB0FiiswH5pGNNv0fhCaAp8uZGNt22w03UdhH38qZpcYMQI0gSYKoMBCCiwGTZuvDDeb6xzMNMPloxCap4wAzYXCpfhNG4Mo0JwCy0BTE53Ro53C36NHj5KgOWKkBjTnTGsypwnEUWCfCmQQM8KcTzj2h+dinC/+aI4yXN7RNGi4EBTydGR4PmJESasMar2o4CNHQHOfQd9cXoPDW1Mgg5uioS+R96Hph5RI2vSljbVt7ds3fTTOhtZs9TxcZ7cCPm16yoihPFy792nWOW+ynzoi0wS4KLBbBTKgOQdDygTnJ4NFjJytRTYxdV8EmrvtMFvLevBneQUWhuZZVG2nANAEfCiAAgMKAM1TmAaadBgUQAGgmZDIAk06DAqgANAEmvN+kn75+SOuiAJbU4DhOcNzsgkUQIE0BeBmn5tzxuasnqfF39byCPxBgbMKAE2gCeZQAAUSFACaQDMhXM7ehCmAAkdQAG6G3Jw5Nmd4DoJRYP8KAE2guf8oP0L6Qx2XVABuGjfnp5lkmvAXBY6iANwsQkygeZQOs2RSw7U2q8CRuVmKmEATaKLAsRQ4JjcLEhNoHqvDbDYDwrElFRBBbPPlkT2RNKrXy5oW/XohPw0HN1HgoAq8oudVhiZ8hXtjRS2jDOtV424ENA/aYWoEEzbbVWAfyWbZYfip1gSaQBMFUODKaH1j6eNUd5YhJnOa9BYUQIGXCrSebAJNQhkFUGBRBZqG5mLEJNNcNCjbnfDC84Mo0C43gSYsQwEUWEGBRqG5JDHJNFeIy4PkLFSzUQVa5CbQBGQogAJrKtAWNxcmJpnmmqHZaCaC27tXoCFoLk9MoAk0UQAFBhSowc1aNot+RXLKHZGH2+kzKIAC1bnpX3Cc+qj6hHKrpJlkmvQWFECBkwqUyg1DutWwOSU9LFiGTJM+gwIoUJGb/XxwPjfXyjGNvECTDoMCKDCmwBzGnaJbtk37BaOCaWOGKaC5cgNktBmnoMDCCrxE1YR5xvA3Osfplmdz4YoPXg5oAk0UQIFJCkzEXFIyOMWmlVk9wXSAAs1J4bKF+xs+oMAWFHCEnXqT4eS4zQyDVU8BmkATBXaowFdd93Dtub+q5FrRONDcYYdZMZ649EYUePe17ndAs44CQBNoosDeFPj8te7GD/dWqY3cjXjkiMBCgb0p8E3XXfvXpJkVm5VMs6K427k34slxFPjwZ92NN4nqigoAzYriHqejUtONKPD7y3VoZjOrNgfQBJoosBMFvuu6t3/S3fjpTqpTFXxzjANNIgwFdqLAJz8mzVyiKYHmEirPua1xLgpMUUAPZr6uRXPSzDqPGYVNADSBJgrsQYGb17prP2E2c4mmBJpLqDwlU6AMCmQr8IVyzHdIMxfqy0BzIaGz+wMnosC4Anow88Zb3bt/Tpq5UF8GmgsJTc9HgUoKfPTT7sP/3P3qGpG8kAJAcyGhK3UYzB5cgcddd/NGd+PPui/rL4AcXGqvPtAEmijQqgJ6MPPGz7tPP+3eZ9F8wXsG0Gy1w3DbR4G7b3R3/ydp5tJdGGgurThdHQWKKKAHM2/8affwIWnm0l0YaC6teJEOgxEU0IOZjx+TZq7Qf4HmCqLT4VFgpgJ6MPOjW93vfkeauUL/BZoriD6zw3D6wRWwBzO/+YY0c53OCzTX0f3g3Z7qz1FAD2Z+8Y+kmav1XKC5mvRzug3nHlYBezDzxQvSzNV6LtBcTfrDdnsqnq2APZj51VekmWt2W6C5pvrZnYcTm1ZA7Mvz/9PXu0/+ljQzU708zftnAc2VG6BUQ2KnIQXe/0mnfxiZ6rD66jtvdd99R5qZLF2q1OPlgebKDVC2ObG2fQW+FPv+fff2m11qvqmf5Pj970kz1++wQHP9Nth+P8fDggroe+J6vvLDv+4epgzSH77WffifLojJs5kF2yLPFNAEmiiwnAJKM/WLRGLfl18m/Gbwt0pO/+TiwUwWzfMwV/YsoLlchynbclhrUQFLM8U+vX71bqf/uDulFh9rDvT/kGZO0mqKnjPLAM2ttMTMhuT07SvgaaZBc+JA+w9d9+47LznL72ZuoZWBJtBEgYUU0L+K1KjciGmvsxDUYtG7f/LyrImQ3QJW9u0D0Fyow+w7jKjdWQV+13Xv/+UVYgqan3/effyjsQj0BzOnEPasDxQoogDQBJoosIQC/TRTHNRDl2//vNMPcAx2ZnVOezBz+li+CBQwMq4A0FyiwxCFB1dgMM20Efrd/9Xd/cFwEPqDmaSZm4ofoAk0UaC6AoNppkFTDxINPujuD2aSZm6KmHIGaFbvMFtrcvxZWIGRNNO4+Zv/3n12Ndn8Nngwc3wIv3BduBzQhJgoUF2BkTTToNl/0N0fzNTRz/5395sfV3cSGk5XgEyTcESBigqcTTONm1pYV0nrt+GDmaSZ01m2WEmgWbHDLNaKXGizCpxNMw2a+hdp+kdpVovwFNLMDbYs0ASaKFBLgYlpZviguyY3NcVpe0gzN0hM5jRr9ZZtNjZeLaxAmDNqlfzj/xY/3B5+O0hf+Ln5xsVjm/ZgJrOZCzfW9MuRacJNFKiiQJRmfvxfurdee/VrHSEuX+WVv3z5i5mkmdMRtnxJoFmlwyzfkFxxawqEaeYf/tC9e6378vvfhesT07nph5jN3FqDuj9AE2iiQHkFwjRTw+13r18QM1rkOYVO0szN4tIcA5rlO8zGmxz3FlAgTDM/vdt98v2DlhOXhkgzF2ij7EsATaCJAoUVCMn49dfdO9eu/Dugt9/otJM0M5tZq58INAt3mNVbFAdWVyBMM/s/zx4+VDSITtLM1Vtw3AGgCTRRoKQCYZr58J+7D38WG9fvCusXOuwf/gyvoZ/+sbiN0+Qg7gHNkh3mIEFDNUcU8DTz22+7d/7N8G9l6rvkSidJMxsNJKAJNFGgmAJhmqkHMz9/bdiyfnU4fIjd6clXgJrAKNAs1mGaaG+crKqAp5n2YObItT56o/viizjZZDazauuUMg40gSYKlFHA08zwwcxTHfXL3oPupJmloFbbDtAs02FqtxP2t6+Ap5nhg5kjbof/A51vmm+/fd1DoAk0UaCAAv4gUf/BzFM4CCdASTOBZoEobEhEXD24AuFTRP0HM6cstTOb2VAIkWnCdxSYq4Cnmfp5Nw26p/f/L7ruow/43cwExaZrW68k0GysweqFApbzFPA0M2OIbed+cof/AtRSNwSaLbVWXq/mrKoKeJrZ/6eSU66r01//wfAz8FNOp8zyCgBNoIkC+Qp4mtn/j5ITO7Ms6D+pTSxMsS0oADSJVxTIV8DTzBt/9vIXM7fQq/GhqgJAM7/DVG0YjG9fAU8zWfvefmMV9BBoAk0UyFTA0kz9XpEWcwTQgt0SU1tWAGgS6yiQo4Cnme//Zfc7iHkkBYBmTofZ8m0Q35ZRwNLM1Aczl/GNq1RVAGgCTRRIVsDSTH1jUr/wpt95q9pFMb41BYAmEY8CyQpYmpn3YObWEIA/qQoAzeQOkyox5XemgKWZv/99p5812lnVqM4UBYAmcY8CaQpYmsmDmVP4sssyQDOtw+wyCKjUdAX4tvh0rfZaEmgCTRRIUEBp5ofv82BmgmL7QyfQPHTz7y+gq9bI0sx3/5wHMw/da4DmoZu/KmL2Z1xp5jv/sfvV6H9M21+tqVGkANAEmigwSQGlmW/9uLv2w059Bo4cWQGgSQdAgUkKKM3U9unrkwofmSm7rzvQpA+gwHkFLM288TN+mOO8VkDzxdntow8++IIBy6oK6Jt8jzv6c8X+rARTG78WvHsgTqkgmWbFnjalAfLKiJK/77q73cWixFs/6t5686JLf7kquPMq0sRZUlv/keLjnzQZKk0o3JaTQLONntCnpP5V7N27F1/m0+858ls7VXvdb358MTb/lnsSClwqADQ3Cs1xSr540YUvvtJXD5oXaeYfdQ9f22ic1Ks4lk8pADS30hmSKBkS8+E/dx/+bCu12F9PU5r5qzeRFwVeKQA0V4uGbEqGxMz4X9v741q9GqmNrv0RD2au1kfqtewcy+1B82LJo+Y2R83xc4tQMhqY8y+96rWXLH/edXo8s+olMN6cAo1BsyYtX9ku1YozKfnVV1cmLiNc6uPqaeYyzbGPq5QKKuysrkBL0LTOc/a50ZkFXl4la6Ewg5KPH3d6ff75xVL4x/+1u3nj4uWbDvVZ6Xs++duVv6AiP/+FbZoCF6HLaxcKAM2YsUnQnEJJPRJkZBQW9frwry+w+M6/ewnGm9c6vT7+0cVDlxoMPr58qXd92V38zO0IMbfwn2OB5jRgXpQCmru5ZwDNNGieouSnn3YPH168jIyWMNoz53r43MgoLOr18BKLX5275b7/04unL0eguYV/UAM0geZuUDi9IkDzDDQjSvrA+e3/0L3zp6+G0vp3McLih2++JKMljNn/p/B3Xaf/pj1CTP0fxHeurf+9SaAJNKezZjcl9wBNn+sM32TPbJoRpYQX31B87coihCWMv/njeChdPBqE4C+/HIOmkCqwFr/uWYP2JXe9vr28OtAEmmdjZn8F9gBN8TFcIBpcL7ICEV59Z/+QDaUFpilD6bJhcTbNFE+r/h/ELy9rrWkEE8FuFZpksE3PLd78/nvuQBNolg3+JqztAZqeDYbsCzPNPiv7p8Tp6hp5nCJGP0F24+fd+MNG89NMXcUSxs8usahlKCOjbW//2yv59bU/fjkhK5orXMKwBppAswnMlXVyP9A0SoY0dG5eYcDVD+EpV7LRlaBp/x52ZDZTv9Ax8d8t2FDafgxJL60sCYvvXK5N6Td7bKnqN//jYtlKq1gXi1c3LyZS3/5FN0LJKPiAJtAsy6MmrO0BmtnTl4Mnvkw514Cm/d8uPUs0As3otzlsKP3FJRY/EQovE0ZRT5vW7oVF+zEkvbQWr8eeLIf99tuXj0ClUrIPzZEbEociBZogAk6eVQBopj1ydFbQOQXOppkCn35xR1h89/uhtBgqMn70wcuE0R4IFRMj7JaiJJnm9NQyKnkxjuG1CwVaguarsXflHGaV4NZo+u2fX3wzcvxJoy++uMDiH/5w5huWlShJpjkn9FaJKy5aXIHGoLkAN4tLPNGgfoJMv74xQszxQ8tQEmgCzYnxvONi7UEzqTH0cIym/JJOWaXwlDRzmRF3UvXnEOSA5yZpS+HNKgA0N4HUj37affGPmxhxJ0Xq+Oq5jt79fmOdnTnNpNDacmGguT40vzzx2xyrjLiTgnUwW/z7BeZQ2kxTk7Sl8GYVAJrrQ9N/m2P7lJwypwk0TyF9sxTAsSQFgObK0FSa+fpryU+VJ7VxvcIMuqc/gcTwvF4cLmwZaK4MTa1T3b38krtaYuG2n3+5NkfJq3k9X3AsbEEBoNkeqrYQN+7DagRq7cKbajWcmaMA0ASaKIACKJCgANBMEGvO3YlzUQAF9qEA0ASaKIACKJCgANBMEGsf90lqgQIoMEcBoAk0UQAFUCBBAaCZINacuxPnogAK7EMBoAk0UQAFUCBBAaCZINY+7pPUAgVQYI4CQBNoogAKoECCAkAzQaw5dyfORQEU2IcCQBNoogAKoECCAkAzQax93CepBQqgwBwFgCbQRAEUQIEEBYBmglhz7k6HOvdp173XdfrrtX7Qdbe67vrlS28eBYfuXxYOX3eu/mcnlVeZ6QLe7hlMtXDqWs+7Tq/pnlBylwoATfpAeQWeXP5um/5an7l3+VEs0xu9hDBtehMejbipAkKnFdAhLzylE6q80GzXCq+o/VNOP1VG9wCZ9UrNMcW5TSsANGd1pKbbvp7zETTFGiegXVQA1U6Hpr93l8ICylL1mu6t8Tcqr1xV2+MUO5GFqFLT/aHkzhQAmgm9cWdtX686fWhGqeKzyxzQhrp604em6Ga5qsoIoO6qxvVKVMVE7TxFwEFomkuhGz4tEI79ZTMso6ubn3qJ+5b/enmbc9DltNOH7XaK0lIdkpMM5+uF2VqWgSbQLK9ABE2bzTSU9AN9EJq2U2wNy4tWlrTqqHh0KnMchKZNEZgDApmVscG7bHpmGjnjFelD03Jhc8YmBIyPOsUMDrqxVj/nugUVAJrlkVGweRo11R/JGje16a/eh8Nt45RO8ZfldCoWVd8STN8ZLSj5fkNYf5LUzzXeeQ5omLP88RQ0jYaW/Oq9JcJhquu+WbFoOqLRdsTtQQWAJtAsr8Dg9J/SRrHSgBUy0XJA7QxfIRw9cC27jNbW+2EdQdOuFSa5liGGJ3pWOBGafdD7JCxTn7tHLdAsj4zdB83ZCp4Fhy3LDCZ348YFuzBjHSwcjYtFam3CnBeWhfCj9qdCU+X7oJfZKCE9KxQFWlQAaALN8gqE0Ixytz65ThUY6U5KG21+sz+EDwkYpag+mp6faRq7Bz08e8NoERP4HCoANMsjgwgLwSHA9ef4RqYRR9QTIsNh9Sly9VdgNH0ZrvbYBKtfyI6a5YjglqXaPGZYKe23eVg3YmvlZJpHCH6gCTTLKxBlWzYXKZYJSXoZ7PTROtj0TNNOFLBk37A1uN4yuGytZ5Wc3faYurySHaWfNgdq60KGeDtkyaxDU3OydpbNKthZ5oytXNnXnMg0d89NoFkeGbsPmrMVHPwapVHGcBlOKYpBg6PswavoRF/nieYlw8H4qXUknetw9K91qnD4bJPYZ5dQAREwXEQSHHUoWoW3GvkXQ/t1PysXBdpSAGgCTRRAARRIUABoJojV1v0Qb1EABWooADSBJgqgAAokKAA0E8SqcdfCJgqgQFsKAE2giQIogAIJCgDNBLHauh/iLQqgQA0FgCbQRAEUQIEEBYBmglg17lrYRAEUaEsBoAk0UQAFUCBBAaCZIFZb90O8RQEUqKEA0ASaKIACKJCgANBMEKvGXQubKIACbSkANIEmCqAACiQoADQTxGrrfoi3KIACNRQAmkATBVAABRIUAJoJYtW4a2ETBVCgLQWAJtBEARRAgQQFgGaCWG3dD/EWBVCghgJAE2iiAAqgQIICQDNBrBp3LWyiAAq0pQDQBJoogAIokKBACWj+zd+886Mf3bx2bYOvaz/4wY033tigY7iEAijQqALvvvnm27/8ZfdixvbNN9883up248aNzz77bKve4RcKoECTCnz11VezoDmDt9VPvXnzptqk+mW4AAqgwMEUAJoHa3CqiwIoME8BoDlPP85GARQ4mAJA82ANTnVRAAXmKQA05+nH2SiAAgdT4EDQvHdie/78+XYaXT4Orl9ppw5V9fP+/fu3bt26c+dO1atgHAVaV+BA0Lx+Ynvy5MlIKwqpQsl4mYJBIB8H4aidOnT2QtnePnjwoOu699577/bt22evQgEUOLICx4JmRrImXIomrUAz21spI2IeuSdQdxSYqADQfCmUcPP06VNXTe8NlJaC6W94VB9FGf0NVfbyGucq41N5G/jr4+Cg24xoCy1PyTTNuPkWudH39tmzZ4MOmLc6ZFXTqFzQ1E6frLAJgUHPVd4OyXiogO8PazQxECmGAq0oADRftpSoIWAZBfRX77VHnV8oCcetwoqN8rXf/jo49FFjWzsqEtlQ18qYEc9zZdaN2CGfSZwCTcsKfdPpmkCQ231v5YY7oDdWTJvVQh/NDXdbNoVRFfDa+RsP6LBSVlM7FFWWudFWEICfqQocC5rCRH81yCUTIAwrxiPnSzg8j2b9/BQVNgA5Qw03Pq43pphNXcX5pY/Gazs0EZpyyeimTW/00ZK7cHhu6PdiBkoDtxWz6UtLLcPhuc2fesr56NEjV8Ao7JXymdZovyW8fCMrtTdSvgkFjgVNT7s8TQvhZQmgwc4HmCGG7H3IAgHFQak3YXoVklehYFixmBDOwiX7DGi6KbPmIAu97a8d+YX6FYnmNMPxdQjNqFLG3+g2Y3VkTamJ/o+TGQocC5pnF4KElXAcHeVultNZRumbZ2FRkhjxxRI9byGZsgJuJynTDE1ZfmrwCqGp+0HfWzuxv14UQVOI1+nuntdRewY1lNnoWjankRGRnIICG1cAaF5poP4UXsgXyxaVaWpnuA3ybgSaNploayzKE8OUcOLwfAo0NfqWD5Grfbaa89Hw3KZZbY0oVEAGBycr5Y8uF12L5aCNd37cy1MAaL7SzaYdbZDujyuGyNAh0UTDVT9H7wURG2tPzDTNSLjyPnN4firTVDIbTk2qmC4Uzmn61GQEzbD6OiSye6Zp6adX32cGov0qIAFDofKik7NQYIMKHAuaokY/8zLk2cyd9fPwvTFOALK8yZJEm9Y0vPqs6ERoGuMcyjYr6pnjzEwz8lbWxDhbm7ILTYGm5cgmi6/IG2ENoL64ZMms7/dK2SwHC0Eb7PC4NF+BY0EznIv098aRKL2yrNNwY2N2h6M/qRPu7Gea0RJ5OKdpw3zbVMxH/X0j3sDhEL6/wiM7njaG3mpnOG3qI2tzJso0oweSzD2dbu75uaHzOupj8HC/ykcPsc6PVCygwEYUOBA0yyoeEifPsixED4fn2Tl7lq6S4a1oODIpeero+FlnXaUACmxfAaC5/TbCQxRAgQ0psDdoairNNv7dxYaiDFdQYEcKbAWawlwRVS/tXLxYiCiiJ0ZQAAUiBcqgar6slh7OtyMLITeLGMQICqAACrgCZThVRNAp3JxYxpPNIo5hBAVQAAU2Ck0bVo83D9wkfFEABVZUYEOZpo+sx7lpo+8pZc4WW1F3Lo0CKNCoAluEZh92ISJHoNkvBjcbjUvcRoHNKrBRaEawi/LKU9wEmpuNMxxDgd0o0Aw0pwAxnO70NXSSzd0EKxVBgS0osA40Ty3mhKQbSTZPPVQENLcQUviAAvtWYAVo9gfXDrtxaJ5NNiMW88DmvmOX2qHAKgpsGpphshmhdhCIU8qsojIXRQEU2I0CtaA58kjQYD5o5aNMcwo0p5Q5++znbpqTiqAACtRWoCI0B1E1ODb3L/CchaYh8tQoPko/GZ7Xjh7so8ABFagIzcFl6/nQNMKGL6cz0DxgBFNlFFhYgbrQPPGYuqWKF1s/tTzFxPGS/dF9mJAyPF84qrgcCuxYgZWhOYWbp6Y7+8lmCNbe+x03IlVDARRYToH9QHMkFSXTXC6guBIK7F2B6tAcekb91fC8YKaZCs1oEX/vDU39UAAFyihQC5ohDcNEr7+ifXZac+LwPBWa5iFJaJk4wgoKHEaBHGhOBM3gEz/RVGO4XNNfAuo/gzlYZvA5pMHl9ahZ+0v5h2l3KooCKJCpQCY0p3BzcCmmnw9OWRY/O4ofh697G7kNNDOjhtNQ4MAKZEIzSO5OijcRmqeSx/BfVkwbwsfPb7rlEJrjcwUHjgSqjgIoMEmBfGiGUBu81JLQHCevD/OjSczBCYRJslEIBVDgqArkQDMaLJ8aqkfp4ZT1nLwn288S8yw0B7+8dNSQoN4ogAJjChSA5inibBOapxaXpszSEkoogAIokAnN/srM4BrL+Jd2pmSI3zPu5HxlipGL5g5H6IMTCMQECqAACowoUAyagw+xF4HmRCxOWVBy1vfnCsg06ScogAJTFMiHZj/ZPPtY5dmnMovwceRZTqA5JSYogwIokJlpGuP6W2hu8LnLU3BcF5rRSH9wypVYQQEUQIFxBc5kmoOYizB6+ps8Az98efaJy6rJ5ojx/pzsqXtGuJ/wQgEUOJoCk4bnjon5RNs+NKenw4EsRwsb6osCx1VgEjRdnulAmY/XhS1MvzHAyuN2F2qOApdgSt42my3W5mz4uFKyapyAAiiwCwVyoOlr0LUhtR374HIX0U4lUKCAAkDz/GPzPMJZINAwgQJ7USATmsdJNiHmXkKdeqBAGQWA5limCTHLRBlWUGBHCgDN87/COd7c9+7de/z48ZSQeP78+ZRi88vIH3k1aKe2t0+fPr1z586tW7cmajK/slhAgYUVKADNKQ+BN1EmWneamGZev379FKHCtlQZoWSZ1tW15NXgtSZ6e/v27SmV6l/ivffe0yX0F2gu09ZcZXkF8qFp05ra1D3a3bwK2d+qnIghcUTbMg08H5oTK9Wvjk4El8u0MldZS4FMaO4Jl0b8EJoTc0xrs5AvT5480Z5nz54JW9r0xspo0GrQtAK+04rpaLhTo3gbX9t+O8X23L9/PwoU2x8NuidC85S32q9KaZQdeusOeKWsXqG3duKDBw/8RBWWz+Z5eKKpZIciyJ7av1YP4booECmQDM394bIgNI01Nj7VX0+7NNq1j9pvKLQ9RlJJqrOsYfTRC+uNYcgLmxFvQh8L+xs7NBGap7zVNIJc0lGfT4gu9OjRo0FvrS76ayeKnl5H89xPjA6pgmYw2r/YhAZcQIHpCiRAc6+4jKCZlGZK6DDTNDT4gk/EHR+eGxo8HdNHm+UwaDpqLc3UIWeKMdTyTSOjX0s8UkmzOR2ap7wNK6Wryyu/kBHcoRl6a2p4vUIjVjVTQLmk10IfLc3X32i/VTZvanV6B6AkCqQqMAma+8ZlCM1UYvah6TmjDhlunC+D78OULSSL7TdohgPYkCPhuD4Pmqe8je4EYTHRU0cF+r63ETRD98LCfaarmjLb329pe2pMUx4FqiowBk1f8m59nWfKalX2FyUjvoSZkd4PglKn2PjXNxvVnoJmOLeoYn4JkUsDWJ8KyMg0T3nrlRL4IlfNeTvRk0eP0TDTVOYo6oXuWR1tZz+sfVogVAZoVu3/GM9Q4CQ0m3hIaIqTE4mfkWOa3HnQtPnKcLO8LMKQZZqD0BS2bDJU6NS5Ycnpw/Oz0PQhc+StjdbHoSllDPHmvxcO7yVhyFpiHl0orHtGfHMKChRXYAyaE3HjxaYkdKk2feycemLqlMKS0LT0MOKFLZJMh6aQ5HOdOtFmBlPnNM9C0+4K4fBcGNV1BxEfDs818aoTwxVzr5odCqtvbLX94VcAdF3mNIv3eQzOVOAMNKekco6n2tCc7kzGxEJtaAqUPnQ1wDnyhIZwISjk6UimaQwyxNgjTWWhabmwjFtKa6tPupxVxMJuJNO0OvozUpb8etVC4od4tTKGWt1FWAia2b05vYYCZJovU9hK0PSHZgwBzk1bQPfN1lW0qXz4nI2tIIdDVB215MsO2SbQmEFLCbOH535pW4FxOPpHu5b7E3kbZpp6789OGSJDr2TB5zp11B9FivaHGW6N6McmCmQoUBiaGcngxFM2OzzPEN1PUYYYLTGnWptvYfoVRbToAfUp545MSsra4NFT+6dcjjIoUFuBYgtB33+pporDNnqdiNew2HTUZmeaVSqMURRAga0qUDjTrFTNjNnSxRaCKlUZsyiAAttUgExz7pzmNtsVr1AABSopQKYJNCuFFmZRYJ8KFH7kqJJIzGlWEhazKIACqQoUzjQz1momnjJ9Scefh0+aCZ3oBsVaUeDGjRupnYHyKDBFgcLQTEXbxPJJ+MuG5hS9KNOKAjwO0UpLNedn4YUgfzAoIle4lu0EHN/ZP5qR40yBspltruVweFwB2pQIqaRA+UzzkkAXf0KARgQcODp4SrBzCv7CMlMeOQKXlaJqC2aB5hZaYZc+lM80jZUZjOufEuakSQ+3RwnvoGU61S4D2itF++67fVesXflMMxWXU8rnUXjwLLLLFaNtyUsDzSXVPtS1qmSaUziYVCYczifNbPYH7Idq3SNXFmgeufWr1v0QmSbZZdUY2qZxoLnNdtmBVzuHJrjcQYzmVQFo5unGWWcVKDY8Txo1L1b4bP0psFcFgOZeW3b1evF84upNgANVFACaVWTF6IsXQJMo2KcCQHOf7bqBWgHNDTQCLlRQAGhWEBWTFwoATeJgnwoAzX226wZqBTQ30Ai4UEEBoFlBVEySaRID+1UAaO63bVeuGZnmyg3A5SspADQrCYtZoEkM7FMBoLnPdt1ArYDmBhoBFyooADQriIpJ5jSJgf0qADT327Yr14xMc+UG4PKVFACalYTFLNAkBvapANDcZ7tuoFYFoHnr1q33etvt27dVu6dPn+qIvV94iy4tH+SJdrob169fN8f6/mv/gwcPCjocXregWUyNKAA0CY9KChSApujT/9UiEUoeP3nyRIfs/cJbdGn5IE+009ywo0bGQf91tAjrHz16pEvfu3dv4epzOaBJDFRSoBg0BSCRyDfPrbRnlTxrHJqimFj57Nkzh2bov3CpLucF5khvsAaaczTMOxdo5unGWWcVKAZNT+LCSz5//ly8uH//vu3Ue23aqRGxNr3RTpHLxs76q/9OYSV1ikoa1Pyjw9eO2kf9vXPnjk0P6I2fMg5NFRYTzbhlmpH//Z26aP8qYaXMmqrgVdYpZkeVdW4O1tfrKE2sOi7F2SakwKACQJPAqKRAXWhG5BJBtFnyZXmcChhW7JAnZZbrOWjskGjimLPTRczodE8Px6HpE5qD0BTsbMLBMe0+++U07h5krnz2GQk7yzZj9Kn66pAV9lPKTqpWip4tmwWaW26dpn0rBk2jnm8mSh+axgXtNygYI4yGBhSjnv0PXpsMVUnjjn0MD4lQlmBqv3I0I5rlaCPQtEOe/9pZvpRlH7X5nKYRXAUsjfXB+1lo2mKUVdAy2VP19UO6unAMMed3KqA5X0MsDA9i5usS5npToOm0EoOsvI3THRy+PmPZmUMq/OhGnM4+Frb8dASalgx6Fhnlqjqk0XSIrZDFISiNznbUR/dhpuk1MpfG62s81aXntwgWpADQJAwqKVAs0xyc0xzMNKMlbBu62mYpniHGWCl42SGDkbIwz0ZNEVEmop7xdASadooLGlLPAd2HZljBcHlnOjTNpVP1ZcmobIgDzbJ6Ys0VWBOayvWMIOGyu95b4mnDcAOc/lphvfFxuhHTxtGWNobPFY1A0wwOQtNtqkyUiobQNFCGTyz5UY3EQw9DFI7XF2iW7ZZAs6yeWNsENH1sa7lhtKruRxX9ViBKRX2PrclMnNM0coWj+yhVtEF0H83OWVsm8lw1hJ37YNOvzvFoRWuwvkCzbLcEmmX1xNpWoBku8kSoCpM+W4GxvFKb54C2Rycq2fQB/vicpiEv+mqQ9oSJpK+eG936a/SeZuqojegNsu6DQzOakB2pL9As2y2BZlk9sVYSmvY1xMEn2KPvMg6WtO/MGG6iL+HYIU/xoo9WBxu/26SnFbDF9FNfo4wmNM1C3397dDR6mNQupP3+vJH54Mi2JzRVwCtibthZVvhUfe2K0QIXkZqtANDMlo4TxxUoMKeJxCiwQQWA5gYbZR8uAc19tCO1iBUAmsREJQWAZiVhMbuyAkBz5QbY7+WB5n7b9tg1A5rHbv+KtQeaFcXF9IoKAM0Vxd/3pYHmvtv3uLUDmsdt+8o1B5qVBcb8SgoAzZWE3/9lgeb+2/iYNQSax2z3BWoNNBcQmUusoADQXEH0Y1wSaB6jnY9XS6B5vDZfqMZAcyGhuczCCgDNhQU/zuWA5nHa+lg1BZrHau8Faws0FxSbSy2oANBcUOxjXQpoHqu9j1NboHmctl64pmnQ1K+p37h5gxcKbF8BQXP7TuLh9hX4q/f/6rvvvgu5nAbNu3fvdh/p/z3yQoHNKyBqEqgoMFuBH771w6+//noeNO92nf7THy8U2LgCF+NzXigwV4E33n4DaM4Vka7YhgJAk3tGCQWAJsQ8jAJAswQy2rhB1qwp0DwMMmqGURsdCWgSAyUUAJpA8zAKAM0SyGjjBlmzpkDzMMioGUZtdKRjQvNJ1z07F+RPJ5RZJn7k7TIXmnEVoNlAI20/jNrwcE/QFFyud90IYsTBW5dltOmvXvd6of68626fKyO46BkdnS5rEWi0p7+zDyNd1xyIXuG5j7ruvcATvdee0JTO1c7IuFm2nVOuMgOU4aWBJtA8jAI7g6aqcwqahlRR5sFlGb3uXNJTiHRwKP2Myog7URkrLLoZ0aKMVTv7IOuDScyV5fAlN7TJJSssJ+26KilX9dcKaL9bM/pH3O9DM7qQPt4vH95As7ymbaRdhe66LVX2ONAczMuMTc4dy0OVbIaRYNwUtqIsT+f2c9WJ0IwiTSlw6J6uNUhq46Z74lmqTneDfWguEtVAE2geRoGDQNPgGMLFUWKg1EdLMwezMO0MSaqPdooSQx8Lm8E8aFrS6pew+YFB2Gm/p8Z6LweiKwLNlnKWRW5oCFJYgYNAcwRDRhkR08A6ZdVFnDJyicLRkDkDmuZbeN3BpNih7Dy1PNfSUk+WgWbhHgLXUCBS4CDQHGGZaGWsDHEzEicGSh8jy3K4epMKTRv7hzOVurSlkIM+hE765IAlvJZHR9CUcR/F+xsnbLnuwPD8MIPTckHT6u3tONA8NeC1TE3Q1KD71BA+jBNPDG01yT76clASNLUarq3Px3AMHoVoOCHg0AynBfqZpvkZvqJJ2xK9AGgCzcMocBBojmSRjiFLOaMFHwOKeOrzof3ELQTfdGja4s/g80kjRsJDITR9kM7wvNX8pcS9i7ovocBBoGlj6sFFnpBcgyleuEA0OO/pS0lJC0EjZLSFpv7sqvZov9cihKavSoWztxMnHEr0VjLNw+RZJcJlCbTV8/Mg0JSARpPw+XCNUo13nkXaDGPIVpWxpW1rAns8M2oOy/JsXnJiptlf/Ils2kXD5f7osSSb+oxmJ3WWTWKaNaDZdues1+2xPEeB/UHTsOWv8Nl1e85RhzQkN1xGGDW2Gnf0xstY0jfyTJLKG0wNdpEP0aNONg/QL9ZfU7Iy9lyRvQ9N9aFp+A6hafWNXlO+s5QYVGSaZJqHUWBP0FRWqNwqekVDcmHFGCRwnPpijJdRsbCM9sv44CqKElg7pPJ9H6JTBv30s0JaKXsVu+WG/kYr7JZIyqWIbuaA7TSHB1+JTDybsQHNwyCjdOicja3NFdgTNGnN9RQAmkDzMAoAzfVAs7k76AwpgOZhkDEjSnYS8UCTGCihANAEmodRAGiWQMZO7qAzpACah0HGjCjZST8BmsRACQWAJtA8jAJAswQydnIHnSEF0DwMMmZEyU76CdAkBkooADSB5mEUAJolkLGTO+gMKYDmYZAxI0p20k+AJjFQQgGg2SA07csP/eYf/NZEVMy+oTHye1n2D7n8LPuehvborMEfAx+JQn1hI/pq83jIRuVLxPcVlYBmcUkPaRBoNgjNU79N0P9+bj+m7bvA/R+V8ZIybl9htm8f+7eG9Ubbqd+LHew84Q86yOYg6MMTJ/4ARHZHBZrZ0nFioADQBJpXFRC57Ju/9uM0YU5q/9Fwer6pkuEvMwJN0LMLBYDmTqEZ5ZL6aPjzTNPG+PobxbH/bMxg3qdxuiG1bz+0Y0cdmvoos2JueJY5EI7f/Yr2Qwx932Z2OTLNmQJy+qUCQHOP0OyPwX3kbof817ds9O2dQZzyj5Zp9n9vxgrrkPNOZbT5R///hQ5BodZ+xctnS0MHtN9gajt9QiB1NuBslwaaZyWiwAQFgGab0DTwRS/ttCHwWWg6vCwH9IFzNPMo+wY7vYkWguxXvCzC7KcYw482KxrmqtFVdMgH/v5jtwZNz0aN2hOCeGoZoFlQzAObAppFu+UykWQLQfobvaJ0MhwLjxyK/n1VNO5W7um/Cyvo+M/cKrt0opnx8KONrE9BMwSoiomenmlGaS/QXCaiuEqKAkCzWWj2m3kiNCMSOe/sfwycih4tpqtkOGRWYcHRzhL4LEnUHjcyAs0IzXbRsLzly0AzpTNPzbixOU8BoHlIaPp/YVX0ODQ1F+nDdqFQCOsvlIdcU2EloTrd0kMbwttDnX0Ihtml0bYfuEBzXmcGmssoADSPB01liyGzwinFcNlHaPPBuHfmkGu24KM9tgTko3g3MpJphs97+kgfaALNFhQAmnuEpiLPkaekUuyL1oiEJ0s2xTtt9m8LdUqYgdpTmTpXhNVIWS+z4//j0J5+12YJqa0+hQPqCJo63UblltsauGVExfoLRwzPW8DHMpnd1q4CNHcKTUvf7GX/j1CochJZkmgvSwyFsHARxnqs0c3IaEll+F9hbUgeUlLvw69g6r1/tOUmL+wfw3w2LA80geZWFQCaDUJzejANrrf46eFRreSc+qqPkkGVDJPQ6Q6Ml6xk9tRFeeSoVMMd2w7Q3DU0jx3c8bAOaBIPJRQAmkDzMAoAzRLI2NoM4/L+AM3DIIMOAzSJgRIKAE2geRgFgGYJZCyf2W3tikDzMMigwwBNYqCEAkATaB5GAaBZAhlby/uW9wdoHgYZdJi3aGsUKKAA0Cwg4vL3uo1e8fIpeLZ8BbixtaAA0ASa5RTQF4tKbHe3sYl9JWozZsPwaiUu3rWADJwEmkRqOQVKUObF5WY08Tfh+8GdUYFTJ6ZaBpogsq8A0CyHDNKEUWha+ngWQyHv8se5hc486+38AmSazXEZaG4AmhqZ7eM1Ck3nmI9GbUzq3LH3h4bmPsJgei2+2kDvS891gObazfaw67Sqe3MXrx4Bw0QsmiKMGOoATYLmqcJJRgazUrMwP5E8a+FKprmPMJhei9fX7n3pxFReDDTXbrYvuu6jtX3ICp2BUdX3lBkZhoes7GP06JlmqYZoxU6ba19Ac21g7RSa6g6GziuZ1NWk7u9frve82psKzb1lmq3ArpSfQLO5Cd1NOLxHaJ4dk44UEGr7a9zRkroVGNxp+93ISBlfoA8v55b7swdzKnXqXLvKcR85ApqbYFCpe+BidoDmVaKcXfd+hZizRU8XKGJkxvWvnAo020IHw3OG50UVKAWSA9pZ7D69nQuRabZ1u9iKt3vKNLfTG/GkCQWA5lYw1ES4uJNAs632wtuCCgBNoJmjANAs2Akx1ZYCQDMHGW21cQ1vgWYNVbHZhAJAE2jmKAA0m+jeOFlDAaCZg4waLdGWTaDZVnvhbUEFgCbQzFEAaBbshJhqSwGgmYOMttq4hrdAs4aq2GxCAaAJNHMUAJpNdG+crKEA0MxBRo2WaMsm0GyrvfC2oAJAE2jmKAA0C3ZCTLWlANDMQUZbbVzDW6BZQ1VsNqEA0ASaOQoAzSa6N07WUABo5iCjRku0ZRNottVeeFtQAaAJNHMUAJoFOyGm2lIAaOYgo602ruEt0KyhKjabUABoAs0cBYBmE90bJ2soADRzkFGjJdqyCTTbai+8LagA0ASaOQoAzYKdEFNtKQA0c5DRVhvX8BZo1lAVm00oADSBZo4CQLOJ7o2TNRQAmjnIqNESbdkEmm21F94WVABoAs0cBYBmwU6IqbYUAJo5yGirjWt4CzRrqIrNJhQAmkAzRwGg2UT3xskaCgDNHGTUaIm2bALNttoLbwsqADSBZo4CQLNgJ8RUWwoAzRxktNXGNbwFmjVUxWYTCgBNoJmjANBsonvjZA0FgGYOMmq0RFs2gWZb7YW3BRUAmkAzRwGgWbATYqotBYBmDjLaauMa3gLNGqpiswkFgCbQzFEAaDbRvXGyhgJAMwcZNVqiLZtAs632wtuCCgBNoJmjANAs2Akx1ZYCQDMHGW21cQ1vgWYNVbHZhAJAE2jmKAA0m+jeOFlDAaCZg4waLdGWTaDZVnvhbUEFgCbQzFEAaBbshJhqSwGgmYOMttq4hrdAs4aq2GxCAaAJNHMUAJpNdG+crKEA0MxBRo2WaMsm0GyrvfC2oAJAE2jmKAA0C3ZCTLWlANDMQUZbbVzDW6BZQ1VsNqEA0ASaOQoAzSa6N07WUABo5iCjRku0ZRNottVeeFtQAaAJNHMUAJoFOyGm2lIAaOYgo602ruEt0KyhKjabUABoAs0cBYBmE90bJ2soADRzkFGjJdqyCTTbai+8LagA0ASaOQoAzYKdEFNtKQA0c5DRVhvX8BZo1lAVm00oADSBZo4CQLOJ7o2TNRQAmjnIqNESbdkEmm21F94WVABoAs0cBYBmwU6IqbYUAJo5yGirjWt4CzRrqIrNJhQAmkAzRwGg2UT3xskaCgDNHGTUaIm2bALNttoLbwsqADSBZo4CQLNgJ8RUWwoAzRxktNXGNbwFmjVUxWYTCgBNoJmjANBsonvjZA0FgGYOMmq0RFs2gWZb7YW3BRUAmkAzRwGgWbATYqotBYBmDjLaauMa3gLNGqpiswkFgCbQzFEAaDbRvXGyhgJAMwcZNVqiLZtAs632wtuCCgBNoJmjANAs2Akx1ZYCQDMHGW21cQ1vgWYNVbHZhAJAE2jmKAA0m+jeOFlDAaCZg4waLdGWTaDZVnvhbUEFgCbQzFEAaBbshJhqSwGgmYOMttq4hrdAs4aq2GxCAaAJNHMUAJpNdG+crKEA0MxBRo2WaMsm0GyrvfC2oAJAE2jmKAA0C3ZCTLWlANDMQUZbbVzDW6BZQ1VsNqEA0ASaOQoAzSa6N07WUABo5iCjRku0ZRNottVeeFtQAaAJNHMUAJoFOyGm2lIAaOYgo602ruEt0KyhKjabUABoAs0cBYBmE90bJ2soADRzkFGjJdqyCTTbai+8LagA0ASaOQoAzYKdEFNtKQA0c5DRVhvX8BZo1lAVm00oADSBZo4CQLOJ7o2TNRQAmjnIqNESbdkEmm21F94WVABoAs0cBYBmwU6IqbYUAJo5yGirjWt4CzRrqIrNJhQAmkAzRwGg2UT3xskaCgDNHGTUaIm2bALNttoLbwsqADSBZo4CQLNgJ8RUWwoAzRxktNXGNbwFmjVUxWYTCgBNoJmjANBsonvjZA0FgGYOMmq0RFs2gWZb7YW3BRUAmkAzRwGgWbATYqotBYBmDjLaauMa3gLNGqpiswkFgCbQzFEAaDbRvXGyhgJAMwcZNVqiLZtAs632wtuCCgBNoJmjANAs2Akx1ZYCQDMHGW21cQ1vgWYNVbHZhAJAE2jmKAA0m+jeOFlDAaCZg4waLdGWTaDZVnvhbUEFgCbQzFEAaBbshJhqSwGgmYOMttq4hrdAs4aq2GxCAaAJNHMUAJpNdG+crKEA0MxBRo2WaMsm0GyrvfC2oAJAE2jmKAA0C3ZCTLWlANDMQUZbbVzDW6BZQ1VsNqEA0ASaOQoAzSa6N07WUABo5iCjRku0ZRNottVeeFtQAaAJNHMUAJoFOyGm2lIAaOYgo602ruEt0KyhKjabUABoAs0cBYBmE90bJ2soADRzkFGjJaraVDOf2O7evXv64PARnfLb3/727/7u78JzM+wMWK8qAsaPqUDp4P/1r38dRX6B4K/fNG+8/cbXX3/9Iti68MPZ9xeVFCvqO7qVS3Tdv5zYJIW2U0cH93v58MRwp9mcvtlVLmL7OC1CTRdTYDT48yJfZ0UBb3tStyUjH2gm8mVZaD5+/Hhi9qqSHnxAk3tGFQUWhKbieWLwLx/5QHN9aPZvqnbb1P4obkZG8cuHTpVuuVjSxIUyFCgNzcF0cvuRDzQ3Ac2XY+quC8f4/fmd8alPMk04XleBCtCMIt9ieOORDzS3Ak3PLsMpnoljcysGNOsiIyM129kpdaAZRv4paI53hIUjH2huGpo2s+NbFDrR0YVDB0IdToEFoRnFdjRPtW7kA82tQFNA9HXD6N47fSVxyTXEwyFjZ2ljRnWqQdPGST43NT3gw7MWe24EaOZAc6RRMx688AyxD83+/XZkD5kmHK+rQHBfD7tA+NjQxPj3YbiXj6C55cgHmmWgGfFuZuiEq+fTowdo1kVGRmq2s1OA5mWDAs0y0IyGCUATfu1QAaAJNHPCejRuwoH2FG6eGqSQaeY0zc7Sug1WB2gCzZyeeSJuKmWaqTPiLATltOkG8bRNlxaE5pYjn+F5meH5zDlNf5Yoerh9+oQm3wgCl9UVqADNKPJ97LXlyAeaZaCZkWn6KeHTl0Czes/fZhLXhFdFoWmhPhj82g80E8G05QCqM6dJpgkrG1CgKDSjr0vyyNGOKBkRvA40oxkcFoIaIMiWb+2VfKsAzf7cpf9gx/Rkc+GH7RieJ/J98Z+G22zowLXDKVD6G0GeHEQ/vMDwPJFKlW6SpcwuC80tryEeDhmlQqhdOwtCc8uRT6aZyPTSv/jfXw6KZseTfujoVeF2eyaeb1aBOsEfTehnBryfVl89oJkIzfpNQgaHAiiwZQWAJtBEARRAgQQFgGaCWFu+++EbCqDAMgoATaCJAiiAAgkKAM0EsZa5j3EVFECBLSsANIEmCqAACiQoADQTxNry3Q/fUAAFllEAaI5C8wlIRYGDKUDMn3usEGgOdYmnXXer665fPi+rv+913aNt9JwH5dx4flk1esi5HrJM8rL+VRThinOPecW/esHq4jwr1PXuXFbNXvfm1gto9hRU9EhZBc3jS6bodfuSngWBlReLamw5lndudJaIqR6iDWgW0bN1I2KKNsW5Bbwi3wC6OjdLMO6iXrKjfq2qqRfrveo7o8mAZk8+I2akqSWeM4QucG4paFrcWE4BNNdt0y1cXYjUFuVfNhDpd4SFHZ4PTeWqMhJmPJZ1zqgI0Lwqn8TV1r/Bak+ou/HLXvcDCwoyYcgI6+3tH92Cbn06y4cM+uhNqPfhRxWzwNUbw5xSALuizyFYcCs4zIiOyoIZV+F+cJhj8hNozug5c3rdts61RKwvhVIz8dT2i6FWzILK91uw+W3Y4jD86GYHu4aFsQyGPU4lLcL1xubHnN0+hxBliyrgh/ojQu2R/+7J7OQDaF4Nl1MBFIaUlVFLiDtq3fAu7az0Qb0Tys4ytNnYR3v00YZCHhZ6H5LOG1itbhyUZb23+6ePp8Kz7BTt0Ru9TnEBaEJMU+DUzTXUxwJMseqBbdz0YNNHm9dyqho6PQPwrqHotUMWnP04DA8ZHG08JPvW1/TRrhUZt1zBs4dT7Rt2t6wYAJpXsRIxq6+pbona+lmnx184ognvh4Y5a36DphtXwHl6ewqaHqB2VgR3BaIM2v1ZUTWYLEd1AZpZHWZbSWKRKkRZW9+mjXJCGCnI7dYeBZvd1z2tU5R6BqD9YdfwbGAEmgZ0v/HLVDgIC3tNZHxEFus48+ZqgeZVaJ6du7QAClslbPWwjaMmt48OzbD5w5IToWnYVTz5y+7wEVtHogdoFiHODoycJY4j0ivryPM3dqj/MYRmmGp4+E2HpvkZxbwhNep3pxrFx4jzWg1oXiVg1Oouro0p9LdfIA+afv/0FNX2TISmosQoGb4MxKeqQKY5r6vsMMc0QU6NrpTK6TVYIA+aljHYKxWaVj4KeH200dUUaFqeEfqQGw9A8yo0+6NvU1bEtDGvTceEQ5U8aEbrkrJp9+GJ0FSxyIK7BDRzO8NusTguSH/0beV9Cqg/0Z8HzXDJVDi2fpSUaYYW5KHH/FloWreaNyr38ACavaUSG6HbPdbvij6EsanJME8MQyo61P/ow3Md8qmfMGqj+YHwY0hDe++3zdAroAk0UxWwUUuYCliWYHFu78Me4ffsKNj6H8PheXib9+nOKE3RVaKVVe9r0SyBpS/WBcaheSqVTlXp+/JAswdNS/dsLKCJbcvqve09htTqak6DmtbyTNAkaMqmLMhOuLJkS4Q2d2ONLZtm3OLJhyR2SB5apLqHQDO3Mxw007TBskLIoshiXls47W6ZgQWbBZ4RNgmaOssC23qN3/I9ku0qYSeyQ0Zb4dU8lAVbcQpXz52tUesb8e1Ef0WjtMSAAZpD0DQy2s1Q+oYT2M4vi63oEQe1XHhD7n+07NIaT3yUcV0lPMXgqJ12XZtF9UZVThratKc49YoGPqcCKAwOs+zZbmLcHJcvOxbKwkmR2Y/JsEeMBJtCN4w9ffTChkJ97PcaGQ/36733CIFSZ7lNkdqoLQ/DXhl1tLCNzKX+a0Y7As0T0Jyh6XmglB4vnL9i1epgHAXOKhDmj2cLb7sA0ASaayiw7V7BTai8AkDzxffbxf+bvUuvS1RAg4twwgiCoMDuFYgmkVquL5lmIu9abuzy6QNqoMDxFACaQBMFUAAFEhQAmglikamhAAqgANAEmiiAAiiQoADQTBCLeywKoAAKAE2giQIogAIJCgDNBLG4x6IACqAA0ASaKIACKJCgANBMEIt7LAqgAAoATaCJAiiAAgkKAM0EsbjHogAKoADQBJoogAIokKAA0EwQi3ssCqAACgBNoIkCKIACCQoAzQSxuMeiAAqgANAEmiiAAiiQoADQTBCLeywKoAAKAE2giQIogAIJCgDNBLG4x6IACqAA0ASaKIACKJCgANBMEIt7LAqgAAoATaCJAiiAAgkKAM0EsbjHogAKoADQBJoogAIokKAA0EwQi3ssCqAACgBNoIkCKIACCQoAzQSxuMeiAAqgANAEmiiAAiiQoADQTBCLeywKoAAKAE2giQIogAIJCgDNBLG4x6IACqAA0ASaKIACKJCgANBMEIt7LAqgAAoATaCJAiiAAgkKAM0EsbjHogAKoADQBJoogAIokKAA0EwQi3ssCqAACgBNoIkCKIACCQoAzQSxuMeiAAqgANAEmiiAAiiQoADQTBCLeywKoAAKAE2giQIogAIJCgDNBLG4x6IACqAA0ASaKIACKJCgANBMEIt7LAqgAAoATaCJAiiAAgkKAM0EsbjHogAKoADQBJoogAIokKAA0EwQi3ssCqAACgBNoIkCKIACCQoAzQSxuMeiAAqgANAEmiiAAiiQoADQTBCLeywKoAAKzIXmZ5991rGhAAqgwGEUeO3117755psXwfb/AcyDiBmNY2liAAAAAElFTkSuQmCC" alt="Basic Two-Interface Firewall">
|
|
</div>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
<div class="title">connect to master first</div>
|
|
<div class="paragraph">
|
|
<p>Assuming you’re already logged in master!</p>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p>master is now our Firewall/Router</p>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p>swarmlab-sec login</p>
|
|
</div>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_shorewall_concepts">4. Shorewall Concepts</h2>
|
|
<div class="sectionbody">
|
|
<div class="paragraph">
|
|
<p>The configuration files for Shorewall are contained in the directory /etc/shorewall</p>
|
|
</div>
|
|
<div class="sect2">
|
|
<h3 id="_zones_shorewall_zone_declaration_file">4.1. zones — Shorewall zone declaration file</h3>
|
|
<div class="paragraph">
|
|
<p>The /etc/shorewall/zones file declares your network zones. You specify the hosts in each zone through entries in /etc/shorewall/interfaces</p>
|
|
</div>
|
|
<div class="listingblock">
|
|
<div class="title">/etc/shorewall/zones</div>
|
|
<div class="content">
|
|
<pre class="highlight"><code class="language-bash" data-lang="bash">#ZONE TYPE OPTIONS IN_OPTIONS OUT_OPTIONS
|
|
fw firewall
|
|
net ipv4
|
|
loc ipv4</code></pre>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="sect2">
|
|
<h3 id="_interfaces_shorewall_interfaces_file">4.2. interfaces — Shorewall interfaces file</h3>
|
|
<div class="paragraph">
|
|
<p>The interfaces file serves to define the firewall’s network interfaces to Shorewall.</p>
|
|
</div>
|
|
<div class="listingblock">
|
|
<div class="title">/etc/shorewall/interfaces</div>
|
|
<div class="content">
|
|
<pre class="highlight"><code class="language-bash" data-lang="bash">#ZONE INTERFACE BROADCAST OPTIONS
|
|
net eth0 dhcp,routefilter
|
|
loc eth1 detect</code></pre>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="sect2">
|
|
<h3 id="_policy_shorewall_policy_file">4.3. policy — Shorewall policy file</h3>
|
|
<div class="paragraph">
|
|
<p>This file defines the high-level policy for connections between zone</p>
|
|
</div>
|
|
<div class="listingblock">
|
|
<div class="title">/etc/shorewall/policy</div>
|
|
<div class="content">
|
|
<pre class="highlight"><code class="language-bash" data-lang="bash">#SOURCE DEST POLICY LOGLEVEL LIMIT
|
|
loc net ACCEPT
|
|
net all DROP info
|
|
all all REJECT info</code></pre>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="sect2">
|
|
<h3 id="_rules_shorewall_rules_file">4.4. rules — Shorewall rules file</h3>
|
|
<div class="paragraph">
|
|
<p>Entries in this file govern connection establishment by defining exceptions to the policies</p>
|
|
</div>
|
|
<div class="listingblock">
|
|
<div class="title">/etc/shorewall/rules</div>
|
|
<div class="content">
|
|
<pre class="highlight"><code class="language-bash" data-lang="bash">#ACTION SOURCE DEST PROTO DPORT
|
|
ACCEPT $FW net udp 53
|
|
ACCEPT net $FW udp 53
|
|
ACCEPT $FW net tcp 80
|
|
ACCEPT net $FW tcp 80</code></pre>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="sect2">
|
|
<h3 id="_compile_then_execute">4.5. Compile then Execute</h3>
|
|
<div class="paragraph">
|
|
<p>Shorewall uses a "compile" then "execute" approach. The Shorewall configuration compiler reads the configuration files and generates a shell script. Errors in the compilation step cause the script to be discarded and the command to be aborted. If the compilation step doesn’t find any errors then the shell script is executed.</p>
|
|
</div>
|
|
<div class="listingblock">
|
|
<div class="title">/sbin/shorewall</div>
|
|
<div class="content">
|
|
<pre class="highlight"><code class="language-bash" data-lang="bash">/sbin/shorewall start
|
|
/sbin/shorewall stop
|
|
/sbin/shorewall clear</code></pre>
|
|
</div>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
<div class="title">NOTE</div>
|
|
<div class="paragraph">
|
|
<p>The 'compiled' scripts are placed by default in the directory /var/lib/shorewall and are named to correspond to the command being executed. For example, the command /sbin/shorewall start will generate a script named /var/lib/shorewall/.start and, if the compilation is error free, that script will then be executed. If the script executes successfully, it then copies itself to /var/lib/shorewall/firewall. When an /sbin/shorewall stop or /sbin/shorewall clear command is subsequently executed, /var/lib/shorewall/firewall is run to perform the requested operation.</p>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p>The AUTOMAKE option in /etc/shorewall/shorewall.conf may be set to automatically generate a new script when one of the configuration files is changed. When no file has changed since the last compilation, the /sbin/shorewall start, /sbin/shorewall reload and /sbin/shorewall restart commands will simply execute the current /var/lib/shorewall/firewall script.</p>
|
|
</div>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="sect1">
|
|
<h2 id="_three_interface_firewall">5. Three-Interface Firewall</h2>
|
|
<div class="sectionbody">
|
|
<div class="imageblock">
|
|
<div class="content">
|
|
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAArQAAAJ7CAIAAACd4pXsAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAgY0hSTQAAeiYAAICEAAD6AAAAgOgAAHUwAADqYAAAOpgAABdwnLpRPAAAZjJJREFUeF7tnT2oZVd6pveMW1juru6+trsHRZ5q6GIU3lA0YrhObIUq8IDAYAuEsZIBQVfQWQVNocCBzCBoxolgKlAoKmoc3bATQYWNoopcAicCK2hnNd+5362lVWv/nLXWXr97PYfD5dxz1t9+99nf++xvrb3Pf3nx4sXEAwVQYF2B//zP//znf/5n+YtIKIACKDCCAnfv3p0EDnigAApsKHB9fX339dcfThNPFEABFBhBgRMA4QoogALbCggcXF1cSIaNJwqgAAqMoABwgC2iwHkFgIMRoiHbiAIoYBQADs4bAyVQADggaKIACgylAHCA8aHAeQWAg6HCIhuLAigAHJw3BkqgAHBArEQBFBhKAeAA40OB8woAB0OFRTYWBVAAODhvDJRAAeCAWIkCKDCUAsABxocC5xUADoYKi2wsCqAAcHDeGCiBAsABsRIFUGAoBYADjA8FzisAHAwVFtlYFEAB4OC8MVACBYADYiUKoMBQCgAHGB8KnFcAOBgqLLKxKIACwMF5Y6AECgAHxEoUQIGhFAAOMD4UOK8AcDBUWGRjUQAFgIPzxkAJFAAOiJUogAJDKQAcYHwocF4B4GCosMjGogAKAAfnjYESKAAcECtRAAWGUgA4wPhQ4LwCwMFQYZGNRQEUAA7OGwMlUAA4IFaiwJgKnDzy5pFw83O0mXB42hRwgPGhwHkFgIPkoYcGUaBZBYx5n5jg5eOVN8NZIUebWQUEDs4bAyVQYBA4+Gqa5DmPOF9ab8rrxafU+nblIyk/b3at8Lzk9TQ9mib5uz0w86m9Ff69ZI2zNN6LAp4nzEG5hBxtFtATOMD4UOC8AoPAwds3YcyxYbF2eSgf6Ov5497Np2Lhaw9p2Qlna4Xtkg+mSVq2n/KOaUcHc3/WsrRgGvHppUCcpYv2FfC0cDtYnEWEHG0WUxI4OG8MlECBoeDAMfI5HDxeyhA4mQP1dZNj8MkcSBV5SOMa/j64+fdTy/vltTzkfS1gSMUuI+87cGAPY2M8xWIuHTWogHyvoqPcqe7SM0ebJaUDDqK/ElQcSIFx4EBP0+cn6HbmwJ5lWItWcsqu6QTP55NXjV8QwQYF04jygQKEwoGggHT03OpoDgeeY6DYmArscXENgnM+yNFm4b0DHAzkcGxqtALjwIE4q6bizeTCPHOQHA4kryAGb2csZLJgjS3kfZ1K0IHJOM07Gj2Bg8Iu0nV3+118zgc52iwvMnAQ7RdUHEiBoeDA8VefaYX5rEFQ5sC2cw2CDivYkdFwgxmYZh3M5ILPtIIsVCwfbemxNQVSubjNBznarKIbcDCQw7Gp0QqMBgd6Kq+TC3M4cBYJOifuGsj84UDWEOiyADsCyjvSwmJMNC3bA9NGdHJhviBxPuC1xqtEYTqtokBaF/+OD6KjzErF+ZxFGbmAg9R7kvaOqMBocKDurkn7rNMK2otZhGii3iJw6KfKAQ61SCbAVGFaoYx5dN1LDjLIF/mq8AFwkG+H0vJxFBgQDswpuPCBPHIsSNTpAHvxo/Eb/zUHJuVgJheAg65tu8zggYOzOgMHxzEwtiSfAmPCgVknmAMOtPH5XQo0Zq1drWC/b6c07KSCvV7Bf3bjbKykwGEU6IsM1i6IyL07gIN8hkLLx1FgTDgwkws54EDP7zcWBur0gXOfA5sn5nCgkwvyMBc+AAe5LaS79nskgyp8ABwcx8DYknwKDAsHOrngwMF8fd98ReG2K6uvL7ZjX8Fo7pCoNzMwayTVkOZwIG/q5IINB2sddedqDDiJAsCBp4zAQT5DoeXjKDAIHCz+toL+PIEJKPJ68elEHKfWPB6tteNctiAXIMhUgqCG/LXvdGT4YLFlc2nlxs89eIZIih1JgX7JoHzyADg4joGxJfkUGAQOjmQDbAsKzBUADvy/FcBBPkOh5eMoABz4xxRKokCbCvROBhJPT5tQ6gkcHMfA2JJ8CgAHxUISHaFAJgUOAAcl+QA4yGcotHwcBYCDTPGaZlEgnwI3i1NvH6eT7h0/vdhOLNPkgbNpOTQ8iF7t7DlGckgFgIMc0Yc2USCTAuqddiw6Bhl8tyzR2rbbjU093QAcHNLL2KjECgAHmYI4zaJAcgWOxAH+gSz5cgTgwF98So6rAHCQPILTIArkUGBMMshxoSNwMK7hseX+CgAHOeI4baJAWgVGJoPkfAAc+BsEJcdVADhIG8RpDQWSKwAZpOUD4GBcw2PL/RUADpKHchpEgYQKQAbu6svd6xOBA3+DoOS4CgAHCeM4TaFAcgWAA+BgXH9iyysqABwkj+Y0iAKpFAglg69uHhXjSYGu91+8QOagwG6ii+4VAA5SxXHaQYHkCoTCwds3j7NR6fnz5x988MHZYqkKPH78+NNPP03VGnCQSknaQYEtBYCD5AGdBlEgiQKhZCDHuSccPHr06N69e8Uio/QlPabqDjhIpSTtoABwUO43XZK4Ao2ggCiQCg5kouHLL7+0o8AiHEgZp5ipMn9f3lmcv5j3JY2khQNpcCcfxCiLjaDAaAqQOcCHUKBNBXbCwf379x88eCB/xZv18eTJE4lvSgbSuPFsSfubMqaYlpTq8tDCAgTyVyYItLC8KR/ZACF5C9OOSRWYvhLmKoCD0XyK7a2gAHDQpjEwKhTYCQdq1TrZ/+2339ozDnbmQCKAdGTWBMhaBKklixIUDuQjeUewQIrJX/lX2tFPBSnkX/mrYUtqmXUM+pGyCJmDCmGdLlFgvwLAASaEAm0qkAQOTIjQM37914YDOft31jBKMUk5mGKKAvJQODA0YLu+3bgWFlAwzTKtsD9Q0wIKlFYAOGjTGBgVCuyHA9v1dVJgDgc6EaB5BX3ovw5DGDiw1x9IMZ0+EBTQpILdiOkOOCgd1ukPBfYrABxgQijQpgLF4ECSB+Lx9kNnGZx1i5o5WIQDXdngNGIvO0h4tYIMjDUH+yM/LaDAGQWAgzaNgVGhQBk4mF/9KBMHeiWCPxzML3+QBQcGI5JnDnbyAVcr4IsocF4B4AATQoEGFYggAznabad3XH8+rSCrFKWKs65QTN0sLPCHA1mXYC9IdP41ixjOxyPvEnuSB8CBt8wUHFgB4KBBY2BIKLD/PgcbcCCJAftSRnvFgF6eMF+asL3mQCHDLF8wqxa0HXMxZMJACxwkFJOmUGBBAeAAH0KBNhWISB7Yv60w/50Fe7mA3q1IkwfykH9lnYE87FsbyafO7Y+cf6WwaUEakYSBIILkGxZvmrR2h6WIuLyHDJS6poheqYICQykAHLRpDIwKBbCwtVAMHAxlUmxsHQWAA0wIBdpUADgADuq4Ar2igCgAHLRpDIwKBYAD4ACTQoFqCgAHmBAKtKkAcAAcVDMGOkYB4KBNY2BUKAAcAAc4FApUUwA4wIRQoFkF4IN5ZNy5GpGrFaqZDR33pQBw0KwxMDAUAA6Ag74MhdEeRwHgAAdCgWYVAA6Ag+OYDVvSlwLAQbPGwMBQQHPgfYWUrKPdP6fAtELWHUTjx1EAOMCBUKBlBYADO9oCB8fxHrakcQWAg5aNgbGhAMkDE0KTkAGZg8YtieG1ogBwgP2gQPsKkD9IRQbAQSvewzgaVwA4aN8YGCEKDJ4/SEgGwEHjlsTwWlEAOMB4UKAXBcbMH6QlA+CgFe9hHI0rABz0YgyMEwVuje3VSxiORAz2tuhPKycnA+CgcUtieK0oABxgOSjQowK2dx6DD5QD8jGB2ctcHtqK/TCOlhUADno0BsaMArYCR4KDAnsWOGjZkhhbKwoABwWCEV2gQFYFDgAHOaYP1jQHDlqxH8bRsgLAQdaoTeMoUEaB3vkAOGjZJhjbiAoAB2ViN72gQFYFuoaDkmTAgsQRfY5tjlAAOMgasmkcBYop0C8fAAcRoZsqKJBXAeCgWOymIxTIqkCncFCYDMgc5HUUWj+MAsBB1nhN4yhQUoEe+QA4OIybsCGHUgA4KBm76QsFcivQFx+UJwMyB4cyMDYmnwLAQe5gTfsoUFKBjuCgChkAB/nchJYPpQBwUDJw0xcKFFAgBx/kavPmroiFn9zn4FAexsZkUgA4KByY6A4FCiiQ1svNjY0TRqFaaQMyBwl3Ik0dWQHgoECkpgsUKK9AKj6wXTxHm1WUmY4c1Nk2FEihAHBQPjbRIwqUUWC/l8/P73O0WUYN0wvTCimsgzaOrgBwUDgw0R0KlFRgj5evZf6j2zy5cvEVBnO1gYOj2xrbl0IB4KBkpKYvFCivwK0lh4SLsy4e12b5bV/sETgI+S5QdlQFgINGAhbDQIGsCnja+VkssAfp06aWaSFhwLTCqC7HdkcpABxkjcg0jgJNKWCseu1FxGi324xoMHcVMgdRXkGlwRQADnJHItpHgVAF/jBNv21gbj502L2UBw4Gczk2N0oB4KCXiMY4x1Hg4+9NHwEH2RQADqK8gkqDKQAcjGM5bGkXCjybpos/mr7OZo1diJB1kMDBYC7H5kYpABxkDUM0jgKhCrzzo+mjH5S+o3DoILsuDxxEeQWVBlMAOOg6zDH4gynw+WvT66QNMmdNgIPBXI7NjVIAODiYu7A5/SrwzTS98QPSBtmzJsBBlFdQaTAFgIN+vYSRH0yBD384vf49VhsAB4OZEJvbpgLAwcEMhs3pVIGnN7cLYLVBgd1H5qBNM2JUbSkAHBQIRnSBAmcVuPwxaYPsOQPdC8BBWybEaNpUADg4G7UpgAK5Ffjke6QNCpEBcNCmEzGq5hQADnLHfdpHgW0F5JYGb/zw9OTeBmW+KmQOmvMhBtSgAsBBmXhELyiwpsC7P56u/ierDcgcNOgPDGlgBYADTAsFKirwxTS984vp7p+RNgAOBvYhNr1BBYCDisZA14MrID+wdPdH068ekDYoRwasOWjQhhhSiwoAB4P7E5tfUQG5cPHjX5M2KEoGwEGLPsSYGlQAOKjoDXQ9sgJPp+nyZ9Mn/0TaADho0BkY0vAKAAcj+xPbXlGBty6m62vSBqXJgMzB8KaHAH4KAAcV7YGuh1XgN69NH/4taYMKZAAc+DkDpYZXADgY1p/Y8FoKyP0M3vzp9PXXpA2Ag+EdCAGaVQA4qOUQ9DusAu/96fT5/yNtUIcMyBw0a0YMrC0FgINhLYoNr6LAb+XGBm/dpA1+NMmljFXGMHin3CGxLRNiNG0qABwMHijZ/JIKCA28eTE9ezZ99A+T/J5Cya7pyygAHLRpRoyqLQWAA4ImChRT4FdyY4OHpA0qUxFw0JYJMZo2FQAOihkDHQ2uwNNpeuve9Ic/kDYADtp0A0aFApYCwMHgjsXmhyrw+WuTJABCa0l5ubHB735H2iBGugi1N6qQOcADUeC8AsBB2rhDa8dWQH8NIeJ3kj57bXr//vTiBWkD4OB8WKYECtRXADg4tpmxdWkVkFWEp7WEgfc8lhsbXL5xyhlwkULa3RHXGpmD+sbDCNpXADiIiy/UGlABTRtEePz7P54++xfSBvVzBvqlBQ7aNyZGWF8B4GBAk2OT4xTQtIFMDQTNDlxP09XlqQppgzjZk9cCDuobDyNoXwHgIHnoocFDKmDSBgoHcq+Cu3fOnwpLrcs/m37/+zCeOKSA7WwUcNC+MTHC+goAB+3ELEbSsgJ22kD54N2/nL44d4vDh3emh78kbXCeokrueuCgvvEwgvYVAA5KRiX66lQBJ22gcPD06XT54y3b+72kDf7idGODoGmITiXqaNjAQfvGxAjrKwAcdBTUGGotBeZpA+WDy59NT9eTB1cX0/U1aYO20gYsSKzvOoygCwWAg1p+Q7+9KLCYNlA4+OKL6d2V5IHcK+m9vw5evdiLJl2Pk8xBF97EICsrABx0HeYYfAEF1tIGygd3fzI9myUPvpEfWPrz0+UJXKRQYAeFdgEcVHYduu9CAeAgNLJQfigFNtIGCgeLN0T68IfTb/4PaYPmJhT0qwscdOFNDLKyAsDBUFbHxoYqsJ02EDiQ9YbO3ZR/Jz+j8OYtGXBvg1DBC5QHDiq7Dt13oQBwUCAY0UWnCpxNG8xviCRV3vrz04UMofdK6lSiHocNHHThTQyysgLAQY/RjTGXUeBs2kAJwE4PfPz69Kv/Tdqg0QkFphUq+w3dd6QAcFDGZuilOwU80wbKB+//zfTZdFqZ+OYbtzc24N4Gze5xMgcdORRDraYAcNBsCGNgdRVw0gYf/3r65pvblIACgf3UGyK9czH99rekDZpOG7AgsZrZ0HFfCgAHdR2I3ttUwEkbiOVfWL+6NIcDeeedX3x3YwPSBm3uVqYV+rInRltTAeCg5SjG2GopYKcN5HoEmSyQaxDkqgS9F/LiU1YemE+5SKHWjvPpl2mFmpZD370oABz4RBPKDKWAkzaQBYayzFAU+OgHp7sarMGB/b78srPgxVCidbSxwEEv9sQ4ayoAHHQU1BhqGQXstIEsJpBLEwUXpGtZbyj3QzwLB6QNyuym6F6Ag5qWQ9+9KAAcRIcYKh5Sga/lioOffrf2UG5nJBMKZkvllxTk9xS2+eD9+9Nnr5E2aFcB4KAXe2KcNRUADg7pcGxUtAL23IHcAlluhGw39VR+hflnW3Bw9necowdGxVQKAAc1LYe+e1EAOEgVcWjnAApI2sCsOpTZAfnxpG9mP6oklyyaGyDOUwjv/uX0xfqPOB9AogNsAnDQiz0xzpoKAAcHCHZsQioF7LTB2uyAeL8QwOLMAmmDVDsiazvAQU3Loe9eFAAOsoYhGu9IATttcH09XV2szprfvTM9e7bAB6QNutjdwEEv9sQ4ayoAHHQRzhhkAQVM2kBuV3D5F9Pv12cHFn9zgbRBgX2UpAvgoKbl0HcvCgAHScINjfSugJ02ePjL6eGdrcX2iz+7QNqgl+8AcNCLPTHOmgoAB71ENMaZVQGTNvj976dLuRPiuUWFzg2RSBtk3TtpGwcOaloOffeiAHCQNu7QWo8K2GmDq8vp+hwZyDbaVWRxImmDjvY7cNCLPTHOmgoABx0FNYaaSQGTBvjsX6b3f+x7957370yffXZalkjaINN+ydQscFDTcui7FwWAg0wBiGZ7UcDkAOTGBpdvnFICniN/+vKGSKQNPBVrpBhw0Is9Mc6aCgAHjQQshlFLAZM2iLjtsdxN+eHDSW6LVGvw9BuhAHBQ03LouxcFgIOI4EKVwyhg0gbbNzZY294vTj7DLRE7YyPgoBd7Ypw1FQAODuNzbEiEApo2OHtjg42WP/OehogYHlVyKAAc1LQc+u5FAeAgR/ShzS4UMGmDszc26GJzGKSnAsBBL/bEOGsqABx4BhSKHU8BTRt43tjgeJs/7BYBBzUth757UQA4GDZEDr7hJm3geWODweU60uYDB73YE+OsqQBwcKSox7b4K6Bpg6AbG/g3TsmWFQAOaloOffeiAHDQchRjbJkU0LSB3NjgzZ8G3Ngg02BotrACwEEv9sQ4ayoAHBQOTHTXggKaNvjwb6ffvNbZZXgtqNf7GICDmpZD370oABz0HukYf6gCmjaQGxu8dQEZjKgAcNCLPTHOmgoAB6HWQvneFZDbGn7++fTWvekptygYUgHgoKbl0HcvCgAHvVsd4w9SQIDg8mfTxw+nX/1gxJPmIK2OWhg46MWeGGdNBYCDo0ZAtmtRAUkbfPLJ9ObF9IchT5r5VogCwEFNy6HvXhQADgiX4yigaYN33pp+CxkMrABw0Is9Mc6aCgAH41gjWyppg/f+1/TenzKhMLQCwEFNy6HvXhQADrDMQRSQtMHd/8aNDYbGAv2qAwe92BPjrKkAcDCINbKZkjZ446fc2AA4AA5qOg59d6MAcIBrjqCApA3kwY0NRtjXZ7eRzEE3/sRAKyoAHJwNJRQ4gAKSNnj9NW5sQNqAaYWKbkPXXSkAHLTgfN9M3OE/o29p2oAbG7TwVW9hDGQOuvIoBltJAeCgSrQSGriepofTJGe0d++cgtX7f5LRHatsYzudnkT+ITc24At2qwBwUMlt6LYrBYCDMh7m0MDFn0xXl9PDh9MXX0zPnp0uvpez2zIjGa0XTRtwY4PR9vvG9gIHXXkUg62kAHCQKWhu08CLF5N5ys8Dyo8EZhoGzUraQJ7ogAJGAeCgktvQbVcKAAepgqY/Ddhk8Ic/nH4hUH4nMNUwaMdWQNIGr/9X5OXb9YoCwEFXHsVgKykAHES7aRwN2GQgr0kbROvvU/Hd16dPvoc1osAMDj788O+uri55okBhBd555xdff/11JbsP6xY48PEYLZOEBmw4+Prr6fINzmtzWdczubEBKRkUmClwyhzcvfsT+d3u62ueKFBUgcvLO2K6YS5dqXRhONBbl+Z7+Du9T8nkNOCkDT76h8rntfl2xMFa9vm2UKYXBW7hQFYCOwck/6JAbgWuri6Ag3mkKGMYeyJUBA1IhJHTj9/+9nTpgTzf/cvTZQh3f3La1vfe3Qo+kja4+6PK19fJIP+Dh4cCItSe7xV1m1IAOICKqikAHKyRQe78iPKHfyTypIGnT08E8NlnJ/v/1YOT/ctTLkc8pSfvTFcX0zsXp5sWyPOLmxsYnBLaF9Pvfrf1DayeNhCVgAMPMDgVCfpS+X/9KFlFAeCgmjXmPi9vv33goFk4WKMBmX8U7xcC+OSTEwG8/zcn+3/rzdtkx+WPTwTw/p2T/X98Y//ylKbWQpsggqQQNr6oQhvSZpXIaHcKHAAH1b+E5QcAHAAH1RQADtqBA4cGzNTG5eV0+T++mwJ4/Xsn+5fnR398IoDPbuz/dyFJCHuTxfjF/jfgQNBBAKJ8WHR6BA6Ag+pfwvIDAA6qWWP7Z/a5Rwgc+MPB7USA7BKdEbh5ET37oI08NXcm/oGBga0pgLTh6fPXpvf+ut20gRCPua0CcAAcpP3yd9EacAAcVFMAOPCHA4cDDCLY7xtosF/YJOEQxrvyUwXeUwBpw9kfZBXCjyZZbLgBoO+8lfduvposkafMgEgWRKSQjIgkM/Txxh9Nv3mZtAAOgIO03/8uWgMOqllj7vPy9tsHDoLgwE4VLKYNHCZwsECTDa8ARL2MvdxyR1YabnxF5ccUktzN99mN/cvchNi/PGVFpBCA/oaT83jj+7frJeX3BZxbMQIHwEEXdp52kMABcFBNAeDAHw6MkxmPd/hgwe5W3vqOEirBgU/aIOg3lmQKQAhATvTF/mUxhK6KkOUR8pCrJWXJpKxdkOWTH344ffTRdHU1vfnfpzd+NG3QAGsOPGnAKXb6TvI8igLAQTVrbP/MPvcIgQN/ONi5yGB5VqJSFHsocxm/DEsbOFMA7/3olSkAuVxCCODDvzsRgFxGofdzk59jkGkLvbOCzFAE0cAcDvzZa/CSwMFhFAAOgINqCgAHQXAQvfxwXvF2fqEGHEjGXn5CSZx7DT1Pv7H059P7L6cA5PxeHvrbzfKU2yeI2esdXedXOqSiATIHZA4O4/HRGwIcVLPG3Ofl7bcPHCwet2VOPaNDxs6K8rPL8itKG19OgYOPPz4RgJz0CwFsL1rMRANkDqK/hDu/HlRvRwHgADiopgBwsBYIokOzZ8VaAehs2uAs0ZahAeDA84s0L1brq0W/yRUADqpZ49k4ePgCwEGS41nW4l3VmCCIGLxcgCCXIQR9savQAHAAHER8vQ9WBTgIC1VBcY3C2woAB0miSS9w8HSa5BqEswdFCzQQtOZAYujDl4/BL3rkaoUkR3QjjQAH56PV2XBGgTgFgIMkUaAXOFhLGzRIAz6Zg19LIR4zBZJ8pWmkBQWAA+CgmgLAQZIQ0AUcnAZ5eftNa58GgINo7EnylaaRFhQADqpZY9zZ9pFqAQdJQkAXcCC3JX7vvb33G0giV0Qjg08W+F/WyLRCxLer2SrAAXBQTQHgIElcaB8OvpGfZv7+6faF8zsTJ1EgdyPRp9EDVsy9L2i/mALAQTVrPFIOIG5bgIMkx3n7cJBkM+s2MqDNR2xy3X1E72kVAA6Ag2oKAAdJDmbgIImMNIICKGArABxUs8a4s+0j1QIOkgQj4CCJjDSCAigAHAAETSgAHCQJRsBBEhlpBAVQADhowhqPlAOI2xbgIEkwAg6SyEgjKIACwAFw0IQCwEGSYAQcJJGRRlAABYCDJqwx7mz7SLWAgyTBCDhIIiONoAAKAAfAQRMKAAdJghFwkERGGkEBFAAOmrDGI+UA4rYFOEgSjICDJDLSCAqgAHAAHDShAHCQJBgBB0lkpBEUQAHgoAlrjDvbPlIt4CBJMAIOkshIIyiAAsABcNCEAsBBkmAEHCSRkUZQAAWAgyas8Ug5gLhtAQ6SBCPgIImMNIICKAAcAAdNKAAcJAlGwEESGWkEBVAAOGjCGuPOto9UCzhIEoyAgyQyRjRyf5o+nSZTUXbEB9N07+b59qsfSRkpLG+ap1NXKsrTfwzSr92avn40Tc9DGlnr7qsUjfhvCyXbVIAfXgIUqikAHCQJCsBBEhkjGhEIED/WirIX5CGWL+/IUylB/jXNGmgwpq7vqJ1LeXnffwzShfZunoZLdvKBQob/SCh5VAWAg2rWeKQcQNy2AAdJwgpwkETGiEZsONDEgN3I4xtckL2jb9qF9Z0vb958cPNaHD0oc6Bw4IzZbjBic9bGGd0UFbtWADgADqopABwkiR3AQRIZIxqx/V7zAU4jYuEbcCCFTS1BBJPMlxeaSBDgEMJYHNgiHCiC2MOQ6kot0v63L5uSF1Ld/Cu1zDi1Wc1/aL8yfh2M/LWnG6SAjlMKm22M0JAqzSoAHFSzxriz7SPVAg6SxAXgIImMEY3YcCBmKQ8xSzl9X2xqnjkQe5Y3nYSBOK6+KQ2Ko8tjMcm/CAfyTZCHWQYhtq2ZCSks7m6mMGSE8rDHacbmwIEmP3QwOm1hs462KX+Bg4gvT/tVgAPgoJoCwEGSAAEcJJExohHH78WG5R15qGXaaxX1nF4KiCXrU3xXytjzDjoANXIzGKmi8w7znITUddYk2mkDZ1JDsxS6BmIDDnScBkecDbQXRjgpigj1qNK4AsBBNWs8Ug4gbluAgyTRAThIImNEI/NkgDQiu8NQgvixWR4ohZ2nfPpk5vrmZH1tQsEwhA0HatV2a/MVjibZ4AkHWkyGYQONvKOTC4vbHqEhVZpVYAg4+PTT6dGj757y71dfvcIE3357++nc5K6vTx9JFfnIFLNb09fzivMy+o40Ygo/f35q+f7901NeyL92O9r1Ysvykb7v00uccxeoBRwkiQvAQRIZIxrZNkjZL1LAXLDg76aScjAYIZa/OE/hTCvoUkT74oj5GohQOJDymgVxnjoe/82JEJYqLSgwBBy8fZO/u3fvu6f8K35s/O9LhWSh/pemaz6SYidCf/tUWIrZjehrbXlupYslpbA0ooUfP75tTRqXp5aXN01TYvzy+OADt3EpZqBh3ou+Y3op4PHRXQAHSUIAcJBExohGjEGqN8uOcBqxHTrUTSXloFMPUnE+NgcOpIAghTzMjMD86olQOFC4WbswMnRzIuSlSl0FRoEDdXfzVGM2fKBwIO84Tiyn8uq1TnXTjpzuy0PzCttPBQvTvgxgbvzyqTwMHygcyOPJk1cad+BgMbtwdjwtFAAOkhz8wEESGSMasQ3SOXHX1iIyBzIlYScAZKZg0aHncCDd6QpETftr+sG2doMLeipkUEbKOBuihKHv2ysn5H2BFb3MATiI+ML0VWVQOBBrVF/XVIHCgXizkwOQMnpavwgHUnfxzH7uuzKV4BDGHES0lvCKGYO4vhKM/LUnI4CDF8Uf19fXVxcXbR7bwEGt/WIbpK4VkHf06gD1UWPV/m4qNKAJAIlJsmfnswO6sYtwoHZu1jNqXWlEmro573CvNZCPTHLCpBy0Bf3XXC4hLShtmNWRwEGtb12xfseFA3Fi47IKB2L28o49syBMYPjAsXxNKqxlFJzCOmtgFjqY7uYYocChkwIKB1LLIQngoDgbvAAOioWkjjqa3z5Zz931KX7snLg71y+sbanwgYKFNrJYTJqyEwymjEKJyQro9YeawDBvSmHJLuhQdRmjFDNjU1wwjRvKMcSgfTnb3tFeY6ieCowOB2YxgVqynKabzL/av/xdzByo39sn9GuJep0ssJlD5wucRZFaXTvVmQKFA5PkMJMLDhzImH0WSLYwj+CMgWkFz6N0uxiZgyQy0ggKoICtwNBwYFxfT+Xlr65FUA/T6wjkxRwOdALCZ9Gfri1wFiUY11807DkcmOkGZZH5gkQz96Ev7LWWDTKBGRJwkCQYAQdJZKQRFEAB4ODW/k263sCBWq+e5YvL6tpABw50sYJ9WcGaATuLEE0xJYZFtpB0gmncZgjNKGhWg2kFphXsYxg4IKajAAokV2DczIFtwzYc6MyCmrHauQ0HexYhGjjQxhevcZA3dS7DnlYwmQzlBuAAOAAOkodCGkQBFCBzcLJe+9oEGw6M+5rkvIGDiEWIzn2NDB/oNQjOp9q+6Xc++6C1TouZX94cyQaFlmcQFsfGtEKSYETmIImMNIICKDAoHAgByFNvO6i3NjJTAzYcaN5enuZTAwe6CFFa0Kbsp2N+Dx7c5gbmJc0aRm1NehEmkKe5J5IhhjkcKD04cCB9bfTSMjEAB0mCEXCQREYaQQEUGA4O9ITbfso79uUDujjALAKwbzagiwH1bN5pxP7XWUAw79EUtu9ZpNkL85R/7csfFtct6rzD2TskdnFnJOAgSTACDpLISCMogALDwUHLZ88yNj3vb3yQOYYHHCQJRsBBEhlpBAVQADgY0YlzuPvONoGDJMEIOEgiI42gAAoAB8BBEwoAB0mCEXCQREYaQQEUAA6asMadp90HqA4cJAlGwEESGWkEBVAAOAAOmlAAOEgSjICDJDLSCAqgAHDQhDUe4NR/5yYAB0mCEXCQREYaQQEUAA6AgyYUAA6SBCPgIImMNIICKAAcNGGNO0+7D1AdOEgSjICDJDLSCAqgAHAAHDShAHCQJBgBB0lkpBEUQAHgoAlrPMCp/85NAA6SBCPgIImMNIICKAAcAAdNKAAcJAlGwEESGWkEBVAAOGjCGneedh+gOnCQJBgBB0lkpBEUQAHgADhoQgHgIEkwAg6SyEgjKIACwEET1niAU/+dmwAcJAlGwEESGWkEBVAAOAAOmlCgLzi4+OM/vrq4aPB5eefOxfe+1+DAGBIKoEC/CkzyuHv3J8+eNeEWO89Eqd6XAh3BwYsXL65bfXzyySeXl5etjo5xoQAKdKnA06dPgQPAqI4CfcGB8EGbDwk8V1dXbY6NUaEACvSrAHBQxxr7OsvPMVrgIEnUAA6SyEgjKIACjgLAAXBQRwHgIEkwAg6SyEgjKIACwEEdL8xx8t11m8BBkmAEHCSRkUZQAAWAA+CgCQWAgyTBCDhIIiONoAAKAAdNWGPXJ/1JBg8cJAlGwEESGWkEBVAAOAAOmlAAOEgSjICDJDLSCAqgAHDQhDUmOfnuuhHgIEkwAg6SyEgjKIACwAFw0IQCwEGSYAQcJJGRRlAABYCDJqyx65P+JIMHDpIEI+AgiYw0ggIoABwAB00oABwkCUahcHC6ZfokXwAeKIACKLClADdBasIpk5yL99UIcOAfmTbsPAIO5HsCH/iLT0kUGFMB4AA4qKMAcBAUcdbO+EPhQDq9IQP4IEh+CqPAcAoAB3Wssa+z/ByjBQ6Cgs2aoztw4DNroE3BB0H6UxgFRlMAOAAO6igAHITGmkU+mMOBj+vDB6HiUx4FRlMAOKhjjTnOxftqEzgIjTWLji5w4CwgWEse2MWAg1DxKY8CoykAHAAHdRQADkJjjXF0OzewCAeLyQMbGhabCh0P5VEABQ6sAHBQxxr7OsvPMVrgIDSsrMHB1dWVZ1bAs1jowCiPAihwPAWAA+CgjgLAwUY0WbvUcM4HuubAmUpYW70IHBwvgrNFKJBJAeCgjjXmOBfvq03gYO2Q3rjiwIYDnTvYgIP55AIzC5nCKM2iwPEUAA6AgzoKAAf+cGBMfQMObBRYW28IHBwvgrNFKJBJAeCgjjX2dZafY7TAweIhPZ8RsN9ZgwNpysf415pam8XIFHRoFgVQoH0FgAPgoI4CI8PB2YkD49ZODsCBA0UCWXOgcGCSB4tLF50y5l+f+yK0H8gYIQqgQFoFgIM61pjjXLyvNgeHgzVLXlxauOj65i6HNhy8zCC88q12UGONPNJGFlpDARToWgHgADioowBwcPZuBM7J/TxtMM8cLAKi0sA8nbC2NKHriMbgUQAFkigAHNSxxr7O8nOMFjgIgoOXhd2vqzOt4A8Ha1MPScIKjaAACvSuAHAAHNRRYGQ4WJvvX1uNuAFncXDgNMiCxN7jOONHgeQKAAd1rDHHuXhfbQIHZtGAOarnef7FqQR7R0uBd955x5k1mH8TXi5lWP62AwfJAysNokDvCgAHwEEdBYCDVHDw9ddf54CDjUsqeo96jB8FUOCsAsBBHWvs6yw/x2iBA6Pq/PIBeznCdvJgvthwbdnBRjuLmYP5HMfZaEIBFECBwygAHAAHdRQ4Khx4nnAvrgd0/FubSgUH2wsXFiMafHCYQM+GoECoAsBBHWvMcS7eV5sHhgOf2wr5wIHPDvXPHPjAgZNCAA5C4ynlUeAwCgAHwEEdBY4NB2f5oDAcbHOGIYxFODi7LYeJhmwICqDAd+uj7979ybNndezB58SIMkdV4KhwYK8N3LgKYD6DcHZRoec9DCK+MPaiB3vMZpBczoBnoMBoCpA5AIzqKDACHOg598ZyP2dN4vbygoiVhp6gcBYOSB6MZgxsLwoAB3Ws0TNqH7jYgeFgngOY80HCzEEEUizeCMEM22aF+SUVBE0UQIERFAAOgIM6CgwFB/Mz77mjn70wISsp2gsbgYMRQj/biALbCgAHdawxa6DvovFjw8HiAoLF6Xz71DxJDiBu7ztXPcwvgmDZAV6CAkMpABwAB3UUOAAc3C4o8FtVoJ49N91G4MBaHnE7zsWJj6GCIxuLAiMrABzUsca407sj1ToGHDjWbuPC2jRB6Pu1droPHMy3d20B5shBlm1HgR4VAA6AgzoKHAAOdO5gY63A2jRB6Pu1+MDu15kT2V4hsZ1T6TFQMmYUGE0B4KCONbYQ7uuO4RhwYOJF3eWEBXalmRDxWRjhZBRGi6psLwocQAHgADioo8DB4EBjwYERwXPTmFY4gCuwCShwimbcIbHAWRddzBU4JBwYRBhwj4MFOAoKHEkB4KDOefOA5uFsMnBwpO8AFzoeyRXYFhQgcwAZVFPgwHCg8wtH8v7tbYEM8BIUOJ4CZA4GCuJN2RVw0NTuiB4MZHA8V2CLUIDMAWRQTQHgINqP26kIGeAiKHBUBcgcVHPHdkJ8lZGMAwdrdwrq7n3newIZHNUV2C4UIHMAGVRT4NhwYC5rFAe97vmhBCNb4KyigAzwDxQ4tgJkDqq5Y5Xz9XY6PTYcGE/tFwycTQAOju0EbB0KOAoAB8BBHQUOCQdmpqBfJtAkwTzhYcMBaQOMBAUOrwBwUMca2zmDrzWSg8HBAVIFa1igoGPgADI4vCuwgSjAmgPIoJoCh4GDw2OBDQeQAbaBAoMoQOagmjvWOmVvpN8DwMEgWGDgADIYxBXYTBQgcwAZVFOgazjo7irEjQF7Lo+ADDAMFBhKATIH1dyxkTP4WsPoHQ48PdUUy3pNY0TjoVWAg6GMgY1FAeAgBg6ePp0ePuS5S4G7d1//+7//+4d9PkKdVRf0hfKEf/mIxkOrSPk+99WhRv3NN99gWihQRgHgIAYOrq6m99/fZY2wRe9wEDSzUAYO/IcUMR7goDplXF1dyRjKGAO9oABwEAkHcipYKyF/jH4HnFbwN++Ikv5pBrPAMKgK0wrV3ULppPowGMAgCgAHMR4vmQPgYCej9A4HQf5tbiGQI6wEjcRcYRExrZBj8LTprwBw4K8VJfcrABwABzEK7CQDqd47HASddheAg4jxBFUhc7A/2u5sATjYKSDVgxQADmKskcwBcGD83ufEvQwc+IyEzEFQfGyqMHDQ1O44/GCAA+AgRgHgIOi0uwwcBA2JaYXugjtw0N0u63rAwEGMNZI5AA6CnBg46DpKNjJ44KCRHTHIMIAD4CBGAeCg62mFiBs/s+aguiUAB9V3wVADAA5irJHMAXAQlznwXxYQWjJiPEFVgIPqxgAcVN8FQw0AOAAOYhQADoLM277pkJnst0/fk7zpP6SgmyBps0OFxTY3Fjhoc78cdVTAQYw1kjkADoJOu40Z39js6Y+Zlbh9sePNIKcP+q0HsKCpuA8cNLU7Dj8Y4AA4iFEAOPA/TTcosHFrwsVrB4LejB7PIuWABQ2GfuCgwZ1y4CEBBzHWSOYAOIjLHITW8iwfel3iRrIBLGg23AMHze6aQw4MOAAOYhQADiKuVvB0+ohi9jyFTwphEQ7AgsZDPHDQ+A462PCAgxhrJHMAHIRaeMTJvX8XEY3bVcCCLsI6cNDFbjrMIIED4CBGAeDA37k3lhqENrJWPhoOwIKOQjlw0NHOOsBQgYMYayRzABz4ZO/bL3OAEDbOJgAH4+zrFrYUOAAOYhQYHA5aOHQZw2gKAAej7fG62wscxFgjmQPgoO5xS+8DKgAcDLjTK24ycAAcxCgAHFQ8aOl6TAWAgzH3e62tBg5irJHMAXBQ64il32EVAA6G3fVVNhw4AA5iFAAOqhyudDqyAsDByHu//LYDBzHWSOYAOCh/rNLj4AoAB4N/AQpvPnAAHMQoABwUPlDpDgWAA74DJRUADmKskcwBcFDyKKUvFBAFgAO+BiUVAA6AgxgFgIOSRyl9oQBwwHegsALAQYw1kjkADgofqHSHAmQO+A6UVAA4AA5iFAAOSh6l9IUCZA74DhRWADiIsUYyB8BB4QOV7lCAzAHfgZIKAAfAQYwCwEHJo5S+UIDMAd+BwgoABzHWSOYAOCh8oNIdCpA54DtQUgHgADiIUQA4KHmU0hcKkDngO1BYAeAgxhrJHAAHhQ9UukMBMgd8B0oqABwABzEKAAclj1L6QgEyB3wHCisAHMRYI5kD4KDwgUp3KEDmgO9ASQWAA+AgRgHgoORRSl8oQOaA70BhBYCDGGskcwAcFD5Q6Q4FyBzwHSipAHAAHMQoAByUPErpCwXIHPAdKKwAcBBjjWQOgIPCByrdoQCZA74DJRUADoCDGAVGg4P79++/PXt88MEHcqx++umn8mnJg/arr76Sschf6VTGoMMwj3v37umo5gN+9OjR8+fPdw7125vHzkaoHqEAcBAhGlWiFQAOYqyRzMFocCCOKw/HbtWVxXHVj4s9vvzyy2ma5K/0qEMyXV9fX+u/Oir5ax4yWt2KPXwgRCItaNc8CisAHBQWfPDugAPgIEaBAeFAXLaRYLEBB0IADx48WEMWqSjWrgXiHnbXcS1QK1oB4CBaOipGKAAcxFgjmQPgwD5ZN9wgL+TcWhxaJhrkJF7KyGm6mLGczcs7T5480VryQtL+pgV57fxrSprZAWlTG5THBhyY0/q1fIbmP0zXjx8/1hkTGaSZLJAXUt2eO5B/pXd5R4pJ0kL+mgHL+zI2aUH+6kyHPuZSRIQnqtgKAAd8H0oqABwABzEKAAe2C5ppBbVe/SuuqUl4cV9xSrVVxQixZHsmQrP9pkF5LQXkX50y0HkBaUSqKx+swYGAiGlnEQ6kujRifF3a1ESCFNZh64zDPD2gMxRzOJBxSoOCBfKpTlsYgnGkKBnUjtoXcHDUPdvmdgEHMdZI5mBAOHDWHJhFiLYNO+flUsZeqyiubAzY+Kim+o3xi7mqwesLe32AOvQGHNhLI6WktOkskrCHp75uvFxZREe7Bgfzj8yQNLppCkFfO1K0Gf76GhVw0Nf+6n20wAFwEKPAgHCgCQD7oQe/Awf20gQ9LxevNQ95R0/cNQ+v1U1iX/11fu2DZCBkouEsHEhFkxVw4ECt2sxWOEbubIgnHGgxgQyzdQocOrngcEPvgbKF8QMHLeyFccYAHMRYI5mDAeFgbUHiGhyod+qUgf3QdjSLoJQgrzWxr55qG7ypKJ+aWYm1aQU70+BMK2h+wsYO5zIHm3I84UD5Y76Bei0DcJDcRYCD5JLS4IYCwAFwEKMAcGAOqu3Mga4emD90fYAuSpC/at76V6cS9CxcQMGs8tvOHJj5iHk+Q9+RpgxeyL+arrAHZjbEEw7mEx92a8BBcuMBDpJLSoPAQWL/I3MAHPjAgZk70MLqpvaSPV0SqJ/qmb0xbMe8FSY21hzI/IV9jeLigkTtTmnDXgChAzA9KhyYca51re/b11lo/kMvcwAOkhsPcJBcUhoEDoCDxAoABz5wIHP8uphf7FYXDdgn63r9grm/oV6PYLxWT/Tlr9bVqwnU/henFWzskDKLcKB2bsagMwsCAdKgDMMGAi0mH0kCQ7tWLtEWpLCO01yCIS0obRhAAQ6SGw9wkFxSGgQOElsjmYPR4MBe6+ccTvY1AvNixtfVU+26ehdk55YG9q0CxGh1Rl/vmiD/6qKB+e2T7YsYtYu1mzrryb3JCpjbJpobM2h16ULTDDpCQwMKBHZGxFwGqVddmg3cUIyIHKcAcBCnG7XiFGDNQQw3AAejwUHc0UUtFEioAHCQUEyaOqsAcAAcxCgAHJw9tCiAAmkVAA7S6klr2woABzHWSOYAOCCyoEBhBYCDwoIP3h1wABzEKAAcDB442PzyCgAH5TUfuUfgIMYayRwAByNHDba9igLAQRXZh+0UOAAOYhQADoYNGWx4LQWAg1rKj9kvcBBjjWQOgIMx4wVbXVEB4KCi+AN2DRwABzEKAAcDBgs2ua4CwEFd/UfrHTiIsUYyB8DBaJGC7a2uAHBQfRcMNQDgADiIUQA4GCpMsLEtKAActLAXxhkDcBBjjWQOgINxYgRb2ogCwEEjO2KQYQAHwEGMAsDBIAGCzWxHAeCgnX0xwkiAgxhrJHMAHIwQHdjGphQADpraHYcfDHAAHMQoABwcPjSwga0pABy0tkeOPR7gIMYayRwMBQfPnj37/sX3Jx4ogAIoMIYCP7/8OXAAHMQoMBQcXF9fX1xdTC8mnihQU4GH0yRPvocoUEABYaC7d3/y7Fkde9hvMLVaIHOwX/mrqwsx3S7ycsABhtSEAsBBAVOkC1UAOIgzOeAgTje7FnDQhN8QCjtSADjoaGf1PlTgIM7kgIM43YADgAAF4hUADnp33I7GDxzEmRxwEKcbcBBvDB2FFYaaSQHgIJOwNDtXADiIMzngIE434AA4QIF4BYADXLyYAsBBnMkBB3G6AQfxxlAsKNBRswqUhIOvpkmeZ6X40qPM2Ub2F5BhPG9jJPu3pZEWgIM4kwMO4nQDDs5H20ZCA8NoUIEkcHB/muS5sXUfTNO9l9fyywv5d174yTS9/bKYlJEGF0lCPpKnU12MXN48SxVabPFpGpROpWsdrZZ89Gp3+qnDDfYAfHpp8JtQYEjAQZzJAQdxugEHwAEKxCuQBA7E1OW55i5q+Z/emLc85YX865R/cGPGAg1a5volKDh8oHXl+fjV7qSKPM7Cwbc3Tm8/pV97MOrrMjZpX0diBma2Tj6VhwND9gD0tVR0+nIgo4AZt9YFcBBncsBBnG7AQbwxtBY7GE95BXLDgZ5nO7atHmz8VVBAHo53ipHbZVQZMWYBiHmiwhMO5vIquJg0wJxapIqAgj08k94QUjENzuHgLKmU39fVewQO4kwOOIjTDTgADlAgXoGscCCmqzmDuS0JChhX1kmHxYkG4QY74S/uIu8oTNhJhTg4kH61Qe1CIWBxLkMRxwCKMopNFcCBD3kAB3EmBxzE6QYcxBuDz/FMmWMrkBUO1G4Xz6HVTXV2YPF8fS67zRBSxV64EAEHgixmANrXGqPIRzbK6ByKk9gADnwOE+AgzuSAgzjdgAPgAAXiFcgKB+qpa7Zh1vrJC5mhP+sudjFdK7CY1T/bjhTQ3IOzLlJdf7G67f2mmKyglIfmReZwoGsj7Of2mk2fYfdeBjiIMzngIE434OB8VO09pjD+fAoUgIO1CwJtODhrnJJjkPLix7pOUHMSZlliUOZAJzvmHKCLCRalVpjQFIjNEGZyYQ4HZkmjDliePpdx5tvRLbQMHMSZHHAQpxtwABygQLwCWeFALVOcde5Ma3Zrl5Qypq7O+jtPY/BBcKAQIPMCzqg28hx2osKGAzO5wLSCD3wAB3EmBxzE6QYcxBuDz/FMmWMrkBUORDpncYAR057g1wsU5wkGU2ZxYaMuGlB68IcDbXNxGYSc2ZtpAmen29dNOLMPOrmgaxu1Wf/BHPurNd864CDO5ICDON2AA+AABeIVyA0Hmv93lhTozQPsqxg0z2/zgX0B4do5vSEPTz+eL0J0DEzRQfzevC+5AU1amEmB+dIEJQPg4CzrAAdxJgccxOkGHMQbw9mDmQKHVyAVHKi720/jprpcQI1c3desNjDyirvr+9KCoIP81dNxLWCfuNt7xKQWFA6cATjrDbWd+Ti1lhmtOr0Ow8xl2LgwhwOdXHDgwBmM08vhv1eLGwgcxJkccBCnG3AAHKBAvAJJ4EDOyOXk3nnak/qSEpBP1SDlxdoSRWlH/FjKiEOb1QbSjlQx/9quI44uH8lfLeM85/dXmJcx79ijlb4UUGQw80bknfmbUkWa0kYWB6MdzRc6DEUJwEGcyQEHcboBB/HGMFRgYmMXFUgCB2iLAj4KAAdxJgccxOkGHAAHKBCvAHDg42qUSaIAcBBncsBBnG7AQbwxJDngaaRrBYCDrndfX4MHDuJMDjiI0w04AA5QIF4B4KAvf+16tMBBnMmFwsFXX03ynPf15ZcLbzrF1uqaYtfX05Mn37Uj5T/9dHr8eLnH7e2V8Xz77fkhmUZCywMH8cbQdaBh8EkUAA6SyEgjPgoAB2Xg4O23J3k6fYmzni6oOccHi3Xtpu7fP9GAvCNYIIXv3bt9nq7xeTsMEaTuo0e345QXZ8dmlw9V8urq4vr6+kUPDxnnxdUFvo4ClRUADnxcjTJJFAAOQi1Ny4dmDrLCgTi0piWEEqSj589v3V0yCvLRHEo2NlmAQGpJAU9wAQ4qu0WSKEAjvSgAHPSypw4wTuCgIzhYnF8QFxeH1q2YW7VMLhh0CNrSRTgQ7JD3DXzYPcr7Z9MMzgDIHAAWKBCmAHBwANPtZROAgyDLNIWTZw7klN14vJ64y79qt5p1MPMF8sK2Yan4wQffwYF57WzXgwevpBCcTIb8KwWM2Wvv8pC/ko3QpuSFmbDQwlpeerTHtri0YlFk4CDMGHqJKYwznwLAQT5tadlRADgoBgd6Wm8/xWLNmoM5HJiPxHrloasKZLXg3Nd1IkCekicwji7lbZ+W1/LQd+TUX73f/ldfm9yDkzmwJyx0tkLHo7hgZiKUFTwlBQ6Ag1cU0HvVzW9Lt3iTu3koX7sxnylp38jv+uVt9c7WmnckdaWWv5eElt9oGTjwl52SOxUADjydbJYSv3VEz+p6bm1yAOaFJxzY6wbU2g0Q2PkGGYy8L/asnq0LEu2S6ujCEDoe/Vf+zicmbDhQsDDtaBVpxGQOjAiaRfDUBDgIMJidx3kX1dd+j2d+e/zFzZn/BIBTTAronYD1V4DN7fTlyy133vWXSMhAqmt5MX5pZ7uuXd6/l8WSwMFOAanurwBw4Olk++Fg+2qF7cyBczpuzu/V5hc3QRhCLFwhQLMCxrnlhSQt5K9OGZg5hbXMgb2swenLWeUgWwEcBNiM/4E6QsmscCAuro6uPyxk/wqw/ozv/A78a5pLbsNU9zF+nzKe+xc48BSKYvsVAA66gAMzx29m+vWCQzF4c+WhnNmb12ajZBrC+LdOBygByGtdq6gF7OyCNmJnDkzFuVbAASiQTAEfOJAklvlFPgl/tk9r5kB/3UcIwAmOMoWnv0S8aNX6C4TyqYzBntdY/Nd0Ki+kTUUNU0sHIE/ze0WmRxnV4tj84zhw4K8VJXcqABx0AQdr0wr2lQi64MBO/jskoVhgJhF0esKeU9jIHJjpD23TrIIEDpJZ484j+QDVfeDAmWKwnV5nCsxfeWFjhHwkyQPNHMhjbdGAzC+YKQZxd2nE/HszuXYLH5qEkGTDzeTdqV9NPOivEusg5YUyig7SnsU4OxOxtjeBgwN8z3vZBOCgEThwrF1SAsaPdWrAXKGgSwpk2DJZ4Cw40KUG9t0StR1DDHrFgUENbdmes3AWJJqmpKQpZmcjgAPgIJkCCgfGRM0LdVYNqdtwICXNGbz+hq/WUps3QfnmoLg1bDn1V2jQp0466Gv1fudfJ/dg04kzYWE+khf2tIU0q5ARYRLAQYRoVIlTADhoBA507l+dWw3bAIEas/nIvG9fxKhbIQChlzYoJehTVw7qUxHEzD7o5RJ2ssE2e62u6xJ02YEZg7m+ETiICfFxx+rhaykcyHdS0/Lm6Q8Hdj5ALF8qam5fvvbOybom//X8XolE3VoxQnFB2MLMGiiXzCcmbDiYL5zUpQl2Gd2J0oW96MF/zwIH/lpRcqcCwEEZOPD8bQVdN6DrB02qQP6Vk3VdYOg4/XwSQStKSXOvQ2cD7XskSLPOnYvs30rQWx7Z10Pq8OxOnd9WkAa5zwG4EKnA/mkFOwdgtyY2v7HeUM/47eSEQoBauLyvzGEc3TZ7Bw5sOjGhGTjY6VJUr6IAcFAGDuJ6OXYtLmWMNNEqkaJAp/vhwF6HaLcmvm7S+IugYPu3YIQAgVTXCQUBBfnXnm7YgAOlCucJHBT48tBFcgWAgzgDDr1DYlwvx64FHAAHrygQAQea9je5etubdcWAfGRsXovNk/9KAKYdwQh5LesSdMmCZCP0X72cwZkmsI1fytuTFzpDIb0DB8l9iwYLKAAcxBkwcBCnm10LOAAOguFAXVynD+T+BPLahgPzkTq6soL8Nb6utXSRgSQDxLnVvHWtgwm42qyZiZDXp7U5S3CgCCJtykJIKWAvPJROlRWAgwJORhfJFQAO4kwOOIjTDTgACFYV0FP8+Uo9+/JCiYDyr5q3WK9JD8j7auf6kSEDTRUYX9cAKl5uliKelu/OrmxUBLFnIgyCOGav6QHTgs4+mOFpC8BBct+iwQIKAAdxJgccxOkGHAAHCRQQS964FNDBi43rAuSjuEsKt0Ozc6emhHH84TTJM2GDNIUCawoAB3EmBxzE6QYcENlRIF4B4AAvL6YAcBBncsBBnG7AQbwxFAsKdNSsAsBBs7vmeAMDDuJMDjiI0w04AA5QIF4B4OB4HtzsFgEHcSYHHMTpBhzEG0OzQYSBFVMAOCgmNR0BB3EmBxzE6QYcAAcoEK8AcIBnF1MAOIgzOeAgTjfgIN4YigUFOmpWAeCg2V1zvIG1Dwc3Nxbh4avAfs8u1gI3QQIUWlTA91Cj3JICx/PIYbeoCzi43vd4uO8hne9rQGhffqwo48O0Ly+KWfv+joCDFq1x2FBoNjzF0bozYqSqru6dMfTIj7BZXZxe8v05jAIjwMEL8bGXD/N6/uLGWW9LOlXiammfpm6mQ9Q5OPd7drEWgAMiaYsKpHDT7Zhjh4WgsONZsUzk0YAGHLT4HU4CKF3DgfL1WdPdmf6zj/Pops4Ock8BMgeyj7I+ZO9cXF0cNgokCSWHaWQTDnwCjrHM6HCRsOKewOJZ144/HCPHUaBrONBD6NcvbvNm+h2102jmnT0HG3CQKZdA5uA4ceQwZHCTOtwwRYk2zrnyYszZHzT2t2CP09Pm44oBB8c8kMvAwdOnkyzvj3vKCP/1X//VpLDmX99Xvpo3B4RTZudhtrN6gUPUVsBf5M8+q7xAATg4ZkwxoPDFzQ8B9PX8+JUAMg8mi+/Mj/H9QWOthdCW4/w+qNYrEbiv3Z1ptJ8dYu1FGTh4+HB6/33x7JinfvN0BmER6p2swCI9jJM58BT5k09OrJYpJeDZLHBwcDiQoy5T8M3a7Muzi8UZBCcZ6Uy6m+CzJ+CkrRtk83GFgQP3e34xTc/654NicCDO7ukZTjEHDmxEcI4iyfiZpJ/5SL7ui6ztD+CLa4tCD+C4o86zln1weoosDAEc+C9TYM1BDMfI97LH6QYLDk54c3NOYg6xeYSRj5w312KOHTTOxp9eMwc97vHkY74LHLzw9Xs5vnbCgadNLhaTw1uPNDUDPUTtF9ufOoVN9cVaG03t2YSNunbkuhmq1xM48CcDKQkcxNh853Cw54BdizkbQWMeZ0y8mr84G83s1vZsyNm6TvyJ+Z4k9+bqDQIHnj4kxerCwfZZvlnNEJoMsI8Kk12Ma2R/LbMVnjsFOAAOssfxgeHAJ+bsDBo7A9f+mGO38N1gqhtzCwMADjx9aCccWDcpSPt9PmBr/nsEOAAOgINVBQ4YG4psUgvG3MIYgAN/K9qTOfDvhZL+CgAHwAFwkF2BAkYlC99kUUSBjujCXwHgwN+KgAN/rcqUBA6Ag+yO0um0gr8HtFDyepqugIPGFAAO/G0MOPDXqkxJ4AA4AA6yK1CAHoCDAiKHdgEc+NsYcOCvVZmSwAFwkN0ayRyEmkpEeeAgQrTcVYADfxsDDvy1KlMSOAAOgIPsCuQ2IWkfOCggcmgXwIG/jQEH/lqVKQkcAAfZrZHMQaipRJQHDiJEy10FOPC3MeDAX6syJYED4AA4yK5AbhMic1BA4YgugAN/GwMO/LUqUxI4AA6yWyOZgwhfCa1C5iBUsQLlgQN/GwMO/LUqUxI4AA6Ag+wKFPAh4KCAyKFdAAf+NgYc+GtVpiRwABxkt0YyB6GmElEeOIgQLXcV4MDfxoADf63KlAQOgAPgILsCuU2INQcFFI7oAjjwtzHgwF+rMiWBA+AguzWSOYjwldAqZA5CFStQHjjwtzHgwF+rMiWBA+AAOMiuQAEfAg4KiBzaBXDgb2PAgb9WZUoCB8BBdmskcxBqKhHlgYMI0XJXAQ78bQw48NeqTEngADgADrIrkNuEWHNQQOGILoADfxsDDvy1KlMSOAAOslsjmYMIXwmtQuYgVLEC5YEDfxsDDvy1KlMSOAAOgIPsChTwIeCggMihXQAH/jYGHPhrVaYkcAAcZLdGMgehphJRHjiIEC13FeDA38aAA3+typQEDoAD4CC7ArlNiDUHBRSO6AI48Lcx4MBfqzIlgQPgILs1kjmI8JXQKmQOQhUrUB448Lcx4MBfqzIlgQPgADjIrkABHwIOCogc2gVw4G9jwIG/VmVKAgfAQXZrJHMQaioR5YGDCNFyVwEO/G0MOPDXqkxJ4AA4AA6yK5DbhFhzUEDhiC6AA38bAw78tSpTEjgADrJbI5mDCF8JrULmIFSxAuWBA38bAw78tSpTEjgADoCD7AoU8CHgoIDIoV0AB/42Bhz4a1WmJHAAHGS3RjIHoaYSUR44iBAtdxXgwN/GgAN/rcqUBA6AA+AguwK5TYg1BwUUjugCOPC3MeDAX6syJYED4CC7NZI5iPCV0CpkDkIVK1AeOPC3MeDAX6syJYED4AA4yK5AAR8CDgqIHNoFcOBvY8CBv1ZlSgIHwEF2ayRzEGoqEeWBgwjRclcBDvxtDDjw16pMSeAAOAAOsiuQ24RYc1BA4YgugAN/GwMO/LUqUxI4AA6yWyOZgwhfCa1C5iBUsQLlgQN/GwMO/LUqUxI4AA6Ag+wKFPAh4KCAyKFdAAf+NgYc+GtVpiRwABxkt0YyB6GmElEeOIgQLXcV4MDfxoADf63KlAQOgAPgILsCuU2INQcFFI7oAjjwtzHgwF+rMiWBA+AguzWSOYjwldAqZA5CFStQHjjwtzHgwF+rMiWBA+AAOMiuQAEfAg4KiBzaBXDgb2PAgb9WZUoCB8BBdmskcxBqKhHlgYMI0XJXAQ78bQw48NeqTEngADgADrIrkNuEWHNQQOGILoADfxsDDvy1KlMSOAAOslsjmYMIXwmtQuYgVLEC5YEDfxsDDvy1KlMSOAAOgIPsChTwIeCggMihXQAH/jYGHPhrVaYkcAAcZLdGMgehphJRHjiIEC13FeDA38aAA3+typQEDoAD4CC7ArlNiDUHBRSO6AI48Lcx4MBfqzIlgQPgILs1kjmI8JXQKmQOQhUrUB448Lcx4MBfqzIlgQPgADjIrkABHwIOCogc2gVw4G9jwIG/VmVKAgfAQXZrJHMQaioR5YGDCNFyVwEO/G0MOPDXqkxJ4AA4AA6yK5DbhFhzUEDhiC6AA38bAw78tSpTEjgADrJbI5mDCF8JrULmIFSxAuWBA38bAw78tSpTEjgADoCD7AoU8CHgoIDIoV0AB/42Bhz4a1WmJHAAHGS3RjIHoaYSUR44iBAtdxXgwN/GgAN/rcqUBA6AA+AguwK5TYg1BwUUjugCOPC3MeDAX6syJYED4CC7NZI5iPCV0CpkDkIVK1AeOPC3MeDAX6syJYED4AA4yK5AAR8CDgqIHNoFcOBvY8CBv1ZlSgIHwEF2ayRzEGoqEeWBgwjRclcBDvxtDDjw16pMSeAAOAAOsiuQ24RYc1BA4YgugAN/GwMO/LUqUxI4AA6yWyOZgwhfCa1C5iBUsQLlgQN/GwMO/LUqUxI4AA6Ag+wKFPAh4KCAyKFdAAf+NgYc+GtVpiRwABxkt0YyB6GmElEeOIgQLXcV4MDfxoADf63KlAQOgAPgILsCuU2INQcFFI7oAjjwtzHgwF+rMiWBA+AguzWSOYjwldAqZA5CFStQHjjwtzHgwF+rMiWBA+AAOMiuQAEfAg4KiBzaBXDgb2PAgb9WZUoCB8BBdmskcxBqKhHlgYMI0XJXAQ78bQw48NeqTEngADgADrIrkNuEWHNQQOGILoADfxsDDvy1KlMSOAAOslsjmYMIXwmtQuYgVLEC5YEDfxsDDvy1KlMSOAAOgIPsChTwIeCggMihXQAH/jYGHPhrVaYkcAAcZLdGMgehphJRHjiIEC13FeDA38aAA3+typQEDoAD4CC7ArlNiDUHBRSO6AI48Lcx4MBfqzIlgQPgILs1kjmI8JXQKmQOQhUrUB448Lcx4MBfqzIlgQPgADjIrkABHwIOCogc2gVw4G9jwIG/VmVKAgfAQXZrJHMQaioR5YGDCNFyVwEO/G0MOPDXqkxJ4AA4AA6yK5DbhFhzUEDhiC6AA38bAw78tSpTEjgADrJbI5mDCF8JrULmIFSxAuXHhAM53ks+yjhl772U3COngP8izfPq6uL6+jrIpGsVlnFeXF1kd9MCYatkF8BBAbWBgwIih3YxLBz8R6lHQh9K5WdttiNCldon/5FwpwAHB6cN4CDUVCLKAwcRouWuAhzkNqSEPtSmqacaFXCQO6NA5iCGY4CD3CbEmoMCCkd0MTIc+OexBSD8C9sltWIq+zx2OwoH/joHFc63U8gcxDhuRKiqVQU4KKA8mYMCIod2MTgc+KQN/E3r3/7t36Sw/NWHqXhsU0+1dUauvnYKcAAcHFyBUFOJKA8cRIiWuwpwYFvR/LRVT0+DTlKBgzhcWIODxncKcHBwayRzkNuEmFYooHBEF4PDgWM8i+esxrQ0GaC5gcXsN5mDOCzQWmsQ1vhOAQ6Ag4MrEOEroVXIHIQqVqA8cODMRs+tKDRzkG96e4/1tl83Dg781yiYkmkXggAHB7dGMgcFfAg4KCByaBeDw0HQ9PZawmDDn9L6UPsGv2eEcWsOqu8U4AA4OLgCoaYSUR44iBAtd5XB4cDzvNOsOTDrCc6+0JaBA39cCM3QNLJTgIODWyOZg9wmxJqDAgpHdDE4HARlDnS1gecDOPDHAmfNQV87BTgADg6uQISvhFYhcxCqWIHywMFZKwo9o2XNQSgW7IQDz/QPaw64CVKMi5M5KOBDwEEBkUO7AA784cAzZ8CljCXhoPpOIXMQ47ihcapieeCggPjAQQGRQ7sADvzhIPQMlTUHQZQQtyCx+k4BDoCDgysQaioR5YGDCNFyVxkcDjytRde+mfsebtcicxDEBKZw6PRNIzsFODi4NZI5yG1CLEgsoHBEF2PCwdlsweLdDoCDONf3rNXpTgEOgIODKxDhK6FVyByEKlagPHDg6UlkDjw9PrqY545wbnddndiAg4NbI5mDAj4EHBQQObQL4MDTkxbhYHs1HGsOgkDBc0echYPCOwU4AA4OrkCoqUSUBw4iRMtdZUw4UNsOegTd5IBfZQzCAvtSxu52CnBwcGskc5DbhFhzUEDhiC6GhQPPpYhaLOhXGe2WuUOiPyUE7ZF2dgpwABwcXIEIXwmtQuYgVLEC5YEDH08CDvw9Prqkz46Yg1doreRzPcDBwa2RzEEBHwIOCogc2sWwcBCUvnbgYL4Izvn5H6YVIhAhbq7HwEGtnQIcAAcHVyDUVCLKAwcRouWuMiwcBJ1xAgcRZh9aJWiPzKcVgIMX5x7cPjnGxckc5DYh1hwUUDiii2HhgMxBqHnnLk/m4Jy57/0cOAAOYhSI8JXQKmQOQhUrUH5YOAg6T7V/HdhctuC8WHyfBYn+SBG0R+zMgc7pmMyB/aLATmFaoVG/SRU9yRykUnKjHeCggMihXQAHPp7EtIK/x0eX9NkRGwsSmVY4m1ggcxDDMcBBqKlElAcOIkTLXWVYOGBaIdrFM1VkWuGsu+8sABwABzEK5DYh1hwUUDiii2HhIOg8lWmFTEBgNxu0R5hWiAAF4CDGGskcRPhKaBUyB6GKFSg/LBzsyRw8vHkYM9N/5+8YAyvgrAfoYmfmoNZOYc1BjOMWCG2pugAOUinJmoMCSibsYlg4CDpPtX8d2P5FZvs2/mbtGz/ZHEcqQXvEgJfzSwrOXiiwU4AD4ODgCiT0m7WmyBwUEDm0C+DAx5OAgzi/D6rlsyPmCxKBA//5BaYVYlyczEGoqUSUBw4iRMtdZVg4iJhWqO5DQV7bXeG4aYXqO4XMQYzj5o5rCdsHDhKKSeaggJipuhgWDoLOU8kcFECNoD3CtIJ/wsCUJHMQwzHAQSqzYc1BASUTdjEsHJA5KOD3QV2QOYjw+6AqwAFwEKNAQr8hc1BAzFRdDAsHQeep/CpjkM3HFQ7aI/aljHEV4wY5r8W0QqN+kypEkjlIpSSZgwJKJuxiWDiIyByEmpAxsFQ+dOx24jIH1XcKcAAcHFyBhH5D5qCAmKm6GBYOgkzFWXNg6jq37LUvYtQy/LaCP9AE7ZH5moNaOwU4OLg1kjlIZTZkDgoombAL4MDHk1iQ6O/x0SV9doRdppGdAhwABwdXIKHfkDkoIGaqLoaFg4hphepXzUX7bhcV46YVqu8U4ODg1kjmIJXZkDkooGTCLoaFg6Dz1EZOUrvw+OhBBu2R+bSC85PNi//qjzunnesBDoCDgyuQ0G/IHBQQM1UXwIGPJwEH0ZbvX9FnRzCtEHTtolOYSxljXJzMQSqzIXNQQMmEXQwLB0wr+Nt2mZJMK+wxfp+6Q8DBOmPaP43mSaJS5c6dO4u/qebZwnKxhBG8VlNJdf7Hf/zHn//85+gcA6/mC5B0j8i+eOONN375y1+aVp1ftov8/pf/uspA7979ybNnk6eNhW4Y9znwFHZPsU53CtMKuyJa8mBxM220+JDoFnRKoOX//d//Xf6auhoi9Z3Qh/Z++p4n3+ryDaJzec23e2SPLOoTAQdBYcLAwf99+VAnM//KC+cd/Tft9PYe622/blzmwN4LVXYKcNCW1aUOkRooFuFAMjHy8IFaKWZaAA6c2GtDGzrHH01881PBgc8hbcqQOSjAFkF7xIBXaK3kxAYcxIezHOdeqUPkYnpAccEhAycrbn8zgYONk7GNTAw6BxxcfPMrwkH1q+YKOHTFLkJtvpFVosBBQPzKQQNOmxlCpDk3MKCgpuV8YzfgQEqSOdie7lF9VFJ0jjmm+OangoOIaQXgICs6xE0rVN8pwEFMIMtHCXlCpJlcsNccBOEscOADB+gcfzTxzU8FB0EHdiMnqVm9uXrjQXvEzA4ABz7XKWiZQa5W2DYh/7MCk+42VZwzWl1zYD+cqQT7I+AgGg6G1tkfowvCQU97RI7J0KsV/GOEWWNc3Yeq+3fWAZA58Lf5uJLAQdBR78DBPN3N1QqLetoLDH0ER+f4bIGNDtngoO9vfgQcBJ2nkjnIigXaeOijkZ3CtEKa0OZ/huRxQdfctu0rDnwcy5R31tLb0wrz86eNdw6ZOUDnhr78N3DAHnH3SBk4CHWv5AvjCzh0xS5C5W3kEhLgoKH4eIOYhMgSewSdU+FsqnbYI6nWHHiePewvJtGqouN21HXEtEL03km4U4CDElbkH0AJkf5a7SmJznvUy1GXPZIKDoLOU6NNSM9uO3LoikMN2iM7SSLhTgEOgAOf+QWmFRIuSBxo+sYfI4CDVHCwx++D6ib0oYrOXaDrnX5fa6cAB8PCAQsSy8xwD61zk3DQ0x7JveYg9KTWKV/AWQ/QxU6RQ6unUgw4ODwcmK/W2UsZBzqjzXCeis67DiX2CJmDVK7WWjtkDuIuUPSvNc6ljKnOaLUdmzu5WuHWwJJaETrvwgI1RfZIKjgIPdHcU741G25zPHsUjqibSgQyBwnimn/u9GzJpCFSL3zgjHZhF6Pz2a9i4QLsEeAglau11k6Ewe+pkmrzgYPDw8FaHsJnHaIpw4LEswsS0XnXoZQBDo6wR1hzkMrqKrazx+kj6qbaUuBgV0RLfnaV+j5x5m7/9m3/NaMAHCS8QyI67z2O+ObvzxyUnNs2t15OZUVHbaffnQIc7A1qafmgYIjsac12WpFfznCXgYOhdfbfcXzz98NBxJ16I05M7SpHdfS027VT5NDqqQYPHLQGB2vfBGdpoc8XxtiSs+zAp+5WGf+I32zJ9c1D5zpHBHskCRykMgbaQQHgoE4obNY1GRgKoEA7CoSuOcDSUCCVAsABcIACKIACjSoAHKSyOtoJVQA4aDQotHPuwkhQAAVqKQAchFoa5VMpABwAByiAAijQqALAQSqro51QBYCDRoNCrTMV+kUBFGhHAeAg1NIon0oB4AA4QAEUQIFGFQAOUlkd7YQqABw0GhTaOXdhJCiAArUUiICDL7+c7OfcEr766lTg22+n+UdaUd/XYvPnYkXT1PPnyy2HOlPX5R3p5N9tqe1PRV7R3FRZ3AVmH63tXNkL+wUEDoADFEABFGhUgVA4ENtwHvfuTffvf2c24hlvv30qIm86/iGOIoXlod6jxeaPR4+2jEdqbRfYb1rttzCXToS1ZTG7ac4NH3xwklxakM2c703dHdLaIhZILflIn/P9G6obcNBWUPhWjsybH6nL/fTp5av8w8i9mRvt+yiwf3ii4YaMz29297F1jtOw5IEgfa0NUnZNme/J2gDi4ODx4+/O+OW1eoY5m1TrmhvMgwevwME8c6DtLJ4Hi/FI+9oycCA6yNM+6VfLF4XVoY3rm3eMc6u1KxxoSfv56aenT6W1udNrp5rX0X2xkw+Ag+w2HBQcH8lBm9+S9exiO+rJl1mO9KDBd1TYR4EkmyMarskoCsu+1qeUqWtCSTY2YSNlDgQZsIgvfS2OXHaK2UEPKh0LcXDgpJ01JWAcRV1E3hFusD1G3hGvMpkDx370I6eKKSNAoGerzily6NnqMcqrwnMBDaIpHKhcdjGRV8lgXl0t3+YGu6IQm3x0ff1da7pH9ugJHLTlf2Vi4llrvMFc4CDBd2MNDiTSivEYIFBQSGiuvTdV5kDYgIP7N99/TSo8vjkcntTYQUngQBxCyMBYhXqPvGOfWRp3WYQDMS37xHduOdKacgNwoDMyc3dXa9e0isLBkyduJkb2iEDYGhw4GaD5rJD9juaBgIPjRNWzMVET0fJ3Hv3XPtLUqJ273oCD65uYqOdMg2cORKW1s/m1j+bvr8GByGufjJ7Ftd7NPnT8ZQ6ENTgQJpAdJ8eCGbb8u5ZgCN20oPKp4EDS0fLQGQH1HjnLtM1DvEScSU3LSTzIv2up7Ln3AAdrcKDkpEBmdJYdYc8s6KzNIhwo3m0sRbT3hUwu+O+yNYAgc9AWWGzERPF+OZsxeU4517SjjP2RcR050u3UqLxWRNiwIhmABsGNfHhQdGuz8LYZSyA1OssL+5RRzqAW5wI0EzDPQm/IaE91iw+dnehpU8lMoypzIGxPK5hNkz0le1a+FZk2dqPZVHBgu77xHntmQZPSi3CwdiK7aCrAwQYcGCWNzrqGQJXU1SGL1ZXt1uZ01tYf7EkbSF3goMIBvxELNmKi2ozmDMTbJFoZPtAUqH4kNmMCmbxpysin8r6U3IYD+1RpzMyBoIA8jBNowl+hSi3c+UjTzlLGnGjeHMi3VTwZS/dgee9ptscyB8JZOJB9KiORXaMHTvlnKjiQbLaTOdC5Bj2R1TkF+4zW+IrOi68tQiRzsGjAazg1zxzoXIPKK1ILBMzhQKBNHouLEOe961JEefrvMjIHFQ7siFCyFhP1TNfYjzEksXzxLecjMSexKykjL+wJCGNUPklsT1eL2MYWqmwoMHcCw2GOhYu2sr90Xb19Wmk37iOj8ofUakGZRsZQ5kA4CweyWzX3Jn+r7KBUcDBfcyCWYGYWJLOt3uNkDnQRokyN+5+DkjlYyxwoB6j9O4kcnVkwyxVttthYhDjfKToBtLiY0X8PmpJkDtqKyGsxcf6+cSDNIqzFdD310UsP5KGnp8DBhgIipjO7bAxeXqytWhdQECPRs0xpwcwRnIUDJYMqi90a4YDFYZQ5EM7CgRlbrdROEjhwZqBt79GZBbPQ3TYtXYQYel0icLAGB3r5gF5QauusMwtmTsGprosQt288pXYetDTEhxWAg+7hQOcRFiOsOemRUCvFyBwYlaLhwOEGbVCsXU8uxek1beMJB7qDqpyStkwGMrYIOIg4EPzh4CazW+GOFDvhQHLLkh5wVrnbcKAZBTPtbUxLJxo8U9m20wAHczgQVXVax7nPga4u1NyASSrY1YMWIZo5Cx/j9ykDHPQBB/PYZN6Z+5ymCtSi7JkI4MAHDubTCuadeRpATihlWsep4jmtoK0tXnjSuHMXGN4aHKQ9ENbgQPapWWiiG6vLSsrvrDg4ULORpzzUM+wZaBsOnPlsAwdqZqYd+8X2rXWAA3V3Wz19Pb9Dorn0YI3ezB6c7wjnsgVdsTgv5gMBrDloCwLWwuvGOiwz8y119VIrnSOQp56z6mtdWS3tOHCg51VMK6hKG5kD3QXmbN6+xl0dwnxkdpa8aS9Y07tEaLG1aQW9usS+YKGA43bURZkDYSNzMD/cqqxJDIUDTS/bz/lt9gUUbFaYX7gojegd/hef2yvdpIpPDnyPabVfd35zycX1AeZN2Ue2qmYHre2C+QWNa/trj1ZkDtqChhtef+WiOHV69TN5rQavf82tC5yPTBQzJdWizJ12NqzR+Meaq3VkMBtDVQVUT/M0uqlQqoC8sNcZOB/pwk8FCC1vdNYliosy6hrS+QAMdhxD5D1bUeZA2ICD+eG2Z3Oi60bAwR4/oC4KsCCxLSYwsUOXvjtP54J4iZuSBpiHG3lz/pHzprGfsz60/aMA0cGunYpzne37RMlrcXfncg8d/OJHzptGvTUZ572f3SPtSFdgJCUPhI38jWDf2uFWQATpAjjArWspQOagUUooE3roBQVQoGUFgINa1ki/wAFwgAIogAKNKgAcYNK1FAAOGg0KLZ/NMDYUQIEyCgAHtayRfoED4AAFUAAFGlUAOMCkaykAHDQaFMqcl9ALCqBAywoAB7WskX6BA+AABVAABRpVADjApGspABw0GhRaPpthbCiAAmUUAA5qWSP9AgfAAQqgAAo0qgBwgEnXUgA4aDQolDkvoRcUQIGWFQAOalkj/QIHwAEKoAAKNKoAcIBJ11IAOGg0KLR8NsPYUAAFyigAHNSyRvoFDoADFEABFGhUAeAAk66lAHDQaFAoc15CLyiAAi0rABzUskb6BQ6AAxRAARRoVAHgAJOupQBw0GhQaPlshrGhAAqUUQA4qGWN9AscAAcogAIo0KgCwAEmXUsB4KDRoFDmvIReUAAFWlYAOKhljfQLHAAHKIACKNCoAsABJl1LAeCg0aDQ8tkMY0MBFCijAHBQyxrpFzgADlAABVCgUQWAA0y6lgLAQaNBocx5Cb2gAAq0rABwUMsa6Rc4AA5QAAVQoFEFgANMupYCwEGjQaHlsxnGhgIoUEYB4KCWNdIvcAAcoAAKoECjCgAHmHQtBYCDRoNCmfMSekEBFGhZAeCgljXSL3AAHKAACqBAowoAB5h0LQWAg0aDQstnM4wNBVCgjALAQS1rpF/gADhAARRAgUYVAA4w6VoKAAeNBoUy5yX0ggIo0LICwEEta6Rf4AA4QAEUQIFGFQAOMOlaCgAHjQaFls9mGBsKoEAZBYCDWtZIv8ABcIACKIACjSoAHGDStRQADhoNCmXOS+gFBVCgZQWAg1rWSL/AAXCAAiiAAo0qABxg0rUUAA4aDQotn80wNhRAgTIKAAe1rJF+gQPgAAVQAAUaVQA4wKRrKQAcNBoUypyX0AsKoEDLCgAHtayRfoED4AAFUAAFGlUAOMCkaykAHDQaFFo+m2FsKIACZRQADmpZI/0CB8ABCqAACjSqAHCASddSADhoNCiUOS+hFxRAgZYVAA5qWSP9AgfAAQqgAAo0qgBwgEnXUgA4aDQotHw2w9hQAAXKKAAc1LJG+gUOgAMUQAEUaFQB4ACTrqUAcNBoUChzXkIvKIACLSsAHNSyRvoFDoADFEABFGhUAeAAk66lAHDQaFBo+WyGsaEACpRRADioZY30CxwAByiAAijQqALAASZdSwHgoNGgUOa8hF5QAAVaVgA4qGWN9AscAAcogAIo0KgCwAEmXUsB4KDRoNDy2QxjQwEUKKMAcFDLGukXOAAOUAAFUKBRBYADTLqWAsBBo0GhzHkJvaAACrSsAHBQyxrpFzgADlAABVCgUQWAA0y6lgLAQaNBoeWzGcaGAihQRgGFg88/n66veaJAUQUuL+9cX1+/6OEh47xzeWe6nniiAAqgwBAKCBx8+OHfXV1d8kSBwgq8884vvv766x7Y4IWM8xfv/OLy6pInCqAACoygwF+9+1f/H14LIxqNYLtEAAAAAElFTkSuQmCC" alt="Three-Interface Firewall">
|
|
</div>
|
|
</div>
|
|
<div class="sect2">
|
|
<h3 id="_zones">5.1. zones</h3>
|
|
<div class="listingblock">
|
|
<div class="title">/etc/shorewall/zones</div>
|
|
<div class="content">
|
|
<pre class="highlight"><code class="language-bash" data-lang="bash">#ZONE TYPE OPTIONS IN_OPTIONS OUT_OPTIONS
|
|
fw firewall
|
|
net ipv4
|
|
loc ipv4
|
|
dmz ipv4 #new line</code></pre>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="sect2">
|
|
<h3 id="_interfaces">5.2. interfaces</h3>
|
|
<div class="listingblock">
|
|
<div class="title">/etc/shorewall/interfaces</div>
|
|
<div class="content">
|
|
<pre class="highlight"><code class="language-bash" data-lang="bash">#ZONE INTERFACE BROADCAST OPTIONS
|
|
net eth0 dhcp,routefilter
|
|
loc eth1 detect
|
|
dmz eth2 detect #new line</code></pre>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="sect2">
|
|
<h3 id="_policy">5.3. policy</h3>
|
|
<div class="listingblock">
|
|
<div class="title">/etc/shorewall/policy</div>
|
|
<div class="content">
|
|
<pre class="highlight"><code class="language-bash" data-lang="bash">#SOURCE DEST POLICY LOGLEVEL LIMIT
|
|
loc net ACCEPT
|
|
dmz net DROP #new line
|
|
net all DROP info
|
|
all all REJECT info</code></pre>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="sect2">
|
|
<h3 id="_rules">5.4. rules</h3>
|
|
<div class="listingblock">
|
|
<div class="title">/etc/shorewall/rules</div>
|
|
<div class="content">
|
|
<pre class="highlight"><code class="language-bash" data-lang="bash">#ACTION SOURCE DEST PROTO DPORT
|
|
ACCEPT $FW net udp 53
|
|
ACCEPT net $FW udp 53
|
|
ACCEPT $FW net tcp 80
|
|
ACCEPT net $FW tcp 80
|
|
#New lines
|
|
ACCEPT $FW dmz udp 53
|
|
ACCEPT dmz $FW udp 53
|
|
ACCEPT $FW dmz tcp 80
|
|
ACCEPT dmz $FW tcp 80
|
|
|
|
ACCEPT loc dmz tcp 80 # Add your rules for the zones you have defined.
|
|
ACCEPT dmz loc tcp 80 #
|
|
ACCEPT loc net tcp 80 # This here is an example
|
|
ACCEPT net loc tcp 80 # for communication
|
|
ACCEPT dmz net tcp 80 # over port 80
|
|
ACCEPT net dmz tcp 80 # aka the web</code></pre>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="sect2">
|
|
<h3 id="_masq_shorewall_masqueradesnat_definition_file">5.5. masq - Shorewall Masquerade/SNAT definition file</h3>
|
|
<div class="paragraph">
|
|
<p>/etc/shorewall/masq - directs the firewall where to use many-to-one (dynamic) Network Address Translation (a.k.a. Masquerading) and Source Network Address Translation (SNAT).</p>
|
|
</div>
|
|
<div class="listingblock">
|
|
<div class="title">/etc/shorewall/masq</div>
|
|
<div class="content">
|
|
<pre class="highlight"><code class="language-bash" data-lang="bash">#INTERFACE SOURCE ADDRESS PROTO DPORT
|
|
eth0 eth1
|
|
eth0 eth2</code></pre>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="sect2">
|
|
<h3 id="_snat_shorewall_snatmasquerade_definition_file">5.6. snat — Shorewall SNAT/Masquerade definition file</h3>
|
|
<div class="paragraph">
|
|
<p>This file is used to define dynamic NAT (Masquerading) and to define Source NAT (SNAT). It superseded shorewall-masq(5) in Shorewall 5.0.14.</p>
|
|
</div>
|
|
<div class="listingblock">
|
|
<div class="title">/etc/shorewall/masq</div>
|
|
<div class="content">
|
|
<pre class="highlight"><code class="language-bash" data-lang="bash">#ACTION SOURCE DEST
|
|
MASQUERADE 192.168.0.0/24 eth0
|
|
MASQUERADE 192.168.1.0/24 eth0</code></pre>
|
|
</div>
|
|
</div>
|
|
<div class="ulist">
|
|
<ul>
|
|
<li>
|
|
<p>You have a simple masquerading setup where eth0 connects to internet and eth1 connects to your local network with subnet 192.168.0.0/24.</p>
|
|
</li>
|
|
<li>
|
|
<p>You add a router to your local network to connect subnet 192.168.1.0/24 which you also want to masquerade. You then add a second entry for eth0 to this file</p>
|
|
</li>
|
|
</ul>
|
|
</div>
|
|
<div class="admonitionblock note">
|
|
<table>
|
|
<tr>
|
|
<td class="icon">
|
|
<i class="fa icon-note" title="Note"></i>
|
|
</td>
|
|
<td class="content">
|
|
<div class="paragraph">
|
|
<p>Beginning with that release, the Shorewall compiler will automatically convert existing masq files to the equivalent snat file, and rename the masq file to masq.bak.</p>
|
|
</div>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
<div class="sect2">
|
|
<h3 id="_compile_and_execute">5.7. Compile and Execute</h3>
|
|
<div class="listingblock">
|
|
<div class="title">/sbin/shorewall</div>
|
|
<div class="content">
|
|
<pre class="highlight"><code class="language-bash" data-lang="bash">/sbin/shorewall start
|
|
/sbin/shorewall stop
|
|
/sbin/shorewall clear</code></pre>
|
|
</div>
|
|
</div>
|
|
<div class="paragraph">
|
|
<p><br>
|
|
<br>
|
|
</p>
|
|
</div>
|
|
<hr>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div id="footer">
|
|
<div id="footer-text">
|
|
Last updated 2020-07-09 15:06:14 UTC
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html>
|