<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=utf-8">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div style="" class="markdown-here-wrapper"
      data-md-url="Thunderbird">
      <p style="margin: 1.2em 0px ! important;">I’m still pretty new to
        docker (just to be clear) and have not tried this yet-</p>
      <p style="margin: 1.2em 0px ! important;">This is how I am
        planning to deploy IPS for my HTTP server(s)</p>
      <p style="margin: 1.2em 0px ! important;">HTTP server “exposes”
        its port to other containers only; (not bound to host port)</p>
      <p style="margin: 1.2em 0px ! important;">IPS container “exposes”
        port 80 and is bound to the host network. IPS container is
        started with “—link <server_container>:httpserv” to perform
          MITM of the servers traffic. </server_container></p>
      <p style="margin: 1.2em 0px ! important;">Dockerfile not included;
        the commands I expect to run would be:</p>
      <pre style="font-size: 0.85em; font-family: Consolas,Inconsolata,Courier,monospace;font-size: 1em; line-height: 1.2em;margin: 1.2em 0px;"><code style="font-size: 0.85em; font-family: Consolas,Inconsolata,Courier,monospace;margin: 0px 0.15em; padding: 0px 0.3em; white-space: pre-wrap; border: 1px solid rgb(234, 234, 234); background-color: rgb(248, 248, 248); border-radius: 3px; display: inline;white-space: pre; overflow: auto; border-radius: 3px; border: 1px solid rgb(204, 204, 204); padding: 0.5em 0.7em; display: block ! important;">$ docker run -p 127.0.0.1:12345 --name application <http_server_image>
$ docker run -p 80:80 --link application:httpserv --name ips <snort_or_suricata_image>
</code></pre>
      <p style="margin: 1.2em 0px ! important;">(YMMV, specifically I’m
        uncertain of the “—link” option)</p>
      <p style="margin: 1.2em 0px ! important;">From here, it becomes a
        question of how the IPS container firewall rules are setup
        (assuming NFQ+daq for my case).<br>
        In the example above, I would have to do some sort of NATing (<host-ip>:80
          -> 127.0.0.1:12345).</host-ip></p>
      <p style="margin: 1.2em 0px ! important;">This seems all good; but
        I still feel like I’m over doing it and that docker may provide
        a more reasonable<br>
        out-of-box magic to ease this further. </p>
      <hr>
      <p style="margin: 1.2em 0px ! important;">Otherwise, for passive
        setups, it should be super easy. Add flags to <code
          style="font-size: 0.85em; font-family:
          Consolas,Inconsolata,Courier,monospace;margin: 0px 0.15em;
          padding: 0px 0.3em; white-space: pre-wrap; border: 1px solid
          rgb(234, 234, 234); background-color: rgb(248, 248, 248);
          border-radius: 3px; display: inline;">docker run</code>
        command: “—net=host —privileged”<br>
        (refer to “<a
          href="https://registry.hub.docker.com/u/manell/wireshark/">https://registry.hub.docker.com/u/manell/wireshark/</a>“).</p>
      <p style="margin: 1.2em 0px ! important;">On 6/2/15 14:17, Claudio
        Kuenzler wrote:</p>
      <p style="margin: 1.2em 0px ! important;"></p>
      <div class="markdown-here-exclude">
        <p></p>
        <blockquote
cite="mid:CAF-yqgiLb+924hgUitCXui=vkBCS1LvagZ+1XsCyP2XxQswd+g@mail.gmail.com"
          type="cite"><font size="+1"><br>
            <br>
          </font>
          <meta http-equiv="Context-Type" content="text/html;
            charset=UTF-8">
          <p dir="ltr"><font size="+1">Install suricata in the container
              where you run the loadbalancer and you catch the traffic.</font></p>
          <font size="+1"><br>
          </font>
          <div class="gmail_quote"><font size="+1">On Jun 2, 2015 8:07
              PM, "Saxena, Samiksha" <<a moz-do-not-send="true"
                href="mailto:samiksha.saxena@verizon.com">samiksha.saxena@verizon.com</a>>
              wrote:<br type="attribution">
            </font>
            <blockquote class="gmail_quote">
              <div>
                <div><font size="+1">How can I do so? I want the traffic
                    to flow from internet to load balancer server
                    (running in a container) to Suricata (running in a
                    seperate container) to application server. </font></div>
                <div><font size="+1"><br>
                  </font></div>
                <font size="+1"><span>
                    <div><span>From: </span> Claudio Kuenzler <<a
                        moz-do-not-send="true"
                        href="mailto:ck@claudiokuenzler.com"
                        target="_blank">ck@claudiokuenzler.com</a>><br>
                      <span>Date: </span> Tuesday, June 2, 2015 at 2:05
                      PM<br>
                      <span>To: </span> "Saxena, Samiksha" <<a
                        moz-do-not-send="true"
                        href="mailto:samiksha.saxena@one.verizon.com"
                        target="_blank">samiksha.saxena@one.verizon.com</a>><br>
                      <span>Cc: </span> "<a moz-do-not-send="true"
                        href="mailto:oisf-users@lists.openinfosecfoundation.org"
                        target="_blank">oisf-users@lists.openinfosecfoundation.org</a>"
                      <<a moz-do-not-send="true"
                        href="mailto:oisf-users@lists.openinfosecfoundation.org"
                        target="_blank">oisf-users@lists.openinfosecfoundation.org</a>>,
                      Victor Julien <<a moz-do-not-send="true"
                        href="mailto:lists@inliniac.net" target="_blank">lists@inliniac.net</a>><br>
                      <span>Subject: </span> Re: [Oisf-users] Suricata
                      in container<br>
                    </div>
                    <div><br>
                    </div>
                    <p dir="ltr">If you use that particular container as
                      reverse proxy for example. </p>
                    <div class="gmail_quote">On Jun 2, 2015 4:01 PM,
                      "Saxena, Samiksha" <<a moz-do-not-send="true"
                        href="mailto:samiksha.saxena@verizon.com"
                        target="_blank">samiksha.saxena@verizon.com</a>>
                      wrote:<br type="attribution">
                      <blockquote class="gmail_quote">How to make a
                        container a hop in the traffic?<br>
                        <br>
                        <br>
                        On 6/2/15, 5:46 AM, "Victor Julien" <<a
                          moz-do-not-send="true"
                          href="mailto:lists@inliniac.net"
                          target="_blank">lists@inliniac.net</a>>
                        wrote:<br>
                        <br>
                        <br>
                        >On 05/26/2015 11:31 PM, Saxena, Samiksha
                        wrote:<br>
                        <br>
                        >> Is there a way to configure suricata in
                        container for IPS? I want to<br>
                        <br>
                        >> forward all the traffic coming from
                        internet to a Load balancer<br>
                        <br>
                        >> container forwarded to Suricata
                        container for IPS. Is this possible and<br>
                        <br>
                        >>how?<br>
                        <br>
                        ><br>
                        <br>
                        >I think it's possible, if you can make the
                        container a hop in the<br>
                        <br>
                        >traffic path.<br>
                        <br>
                        ><br>
                        <br>
                        >--<br>
                        <br>
>---------------------------------------------<br>
                        <br>
                        >Victor Julien<br>
                        <br>
                        ><a moz-do-not-send="true"
                          href="http://www.inliniac.net/"
                          target="_blank">http://www.inliniac.net/</a><br>
                        <br>
                        >PGP: <a moz-do-not-send="true"
                          href="http://www.inliniac.net/victorjulien.asc"
                          target="_blank">http://www.inliniac.net/victorjulien.asc</a><br>
                        <br>
>---------------------------------------------<br>
                        <br>
                        ><br>
                        <br>
>_______________________________________________<br>
                        <br>
                        >Suricata IDS Users mailing list: <a
                          moz-do-not-send="true"
                          href="mailto:oisf-users@openinfosecfoundation.org"
                          target="_blank">oisf-users@openinfosecfoundation.org</a><br>
                        <br>
                        >Site: <a moz-do-not-send="true"
                          href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a>
                        | Support: <a moz-do-not-send="true"
                          href="http://suricata-ids.org/support/"
                          target="_blank">http://suricata-ids.org/support/</a><br>
                        <br>
                        >List: <a moz-do-not-send="true"
href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users"
                          target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
                        <br>
                        >Suricata User Conference November 4 & 5
                        in Barcelona:<br>
                        <br>
                        ><a moz-do-not-send="true"
                          href="http://oisfevents.net" target="_blank">http://oisfevents.net</a><br>
                        <br>
                        <br>
                        _______________________________________________<br>
                        <br>
                        Suricata IDS Users mailing list: <a
                          moz-do-not-send="true"
                          href="mailto:oisf-users@openinfosecfoundation.org"
                          target="_blank">oisf-users@openinfosecfoundation.org</a><br>
                        <br>
                        Site: <a moz-do-not-send="true"
                          href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a>
                        | Support: <a moz-do-not-send="true"
                          href="http://suricata-ids.org/support/"
                          target="_blank">http://suricata-ids.org/support/</a><br>
                        <br>
                        List: <a moz-do-not-send="true"
href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users"
                          target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
                        <br>
                        Suricata User Conference November 4 & 5 in
                        Barcelona: <a moz-do-not-send="true"
                          href="http://oisfevents.net" target="_blank">http://oisfevents.net</a><br>
                      </blockquote>
                    </div>
                  </span></font></div>
              <font size="+1"><br>
              </font></blockquote>
          </div>
          <font size="+1"><br>
            <br>
            <br>
          </font>
          <fieldset class="mimeAttachmentHeader"></fieldset>
          <font size="+1"><br>
          </font>
          <pre wrap=""><font size="+1">_______________________________________________
Suricata IDS Users mailing list: <a class="moz-txt-link-abbreviated" href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a>
Site: <a class="moz-txt-link-freetext" href="http://suricata-ids.org">http://suricata-ids.org</a> | Support: <a class="moz-txt-link-freetext" href="http://suricata-ids.org/support/">http://suricata-ids.org/support/</a>
List: <a class="moz-txt-link-freetext" href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a>
Suricata User Conference November 4 & 5 in Barcelona: <a class="moz-txt-link-freetext" href="http://oisfevents.net">http://oisfevents.net</a></font></pre>
          <font size="+1"><br>
            <br>
          </font></blockquote>
        <p></p>
      </div>
      <p style="margin: 1.2em 0px ! important;"></p>
      <div
title="MDH:PGZvbnQgc2l6ZT0iKzEiPkknbSBzdGlsbCBwcmV0dHkgbmV3IHRvIGRvY2tlciAoanVzdCB0byBiZSBjbGVhcikgYW5kIGhhdmUgbm90IHRyaWVkIHRoaXMgeWV0LTxicj48YnI+VGhpcyBpcyBob3cg
SSBhbSBwbGFubmluZyB0byBkZXBsb3kgSVBTIGZvciBteSBIVFRQIHNlcnZlcihzKTxicj48YnI+
SFRUUCBzZXJ2ZXIgImV4cG9zZXMiIGl0cyBwb3J0IHRvIG90aGVyIGNvbnRhaW5lcnMgb25seTsg
KG5vdCBib3VuZCB0byBob3N0IHBvcnQpPGJyPjxicj5JUFMgY29udGFpbmVyICJleHBvc2VzIiBw
b3J0IDgwIGFuZCBpcyBib3VuZCB0byB0aGUgaG9zdCBuZXR3b3JrLiBJUFMgY29udGFpbmVyIGlz
IHN0YXJ0ZWQgd2l0aCAiLS1saW5rICZsdDtzZXJ2ZXJfY29udGFpbmVyJmd0OzpodHRwc2VydiIg
dG8gcGVyZm9ybSBNSVRNIG9mIHRoZSBzZXJ2ZXJzIHRyYWZmaWMuIDxicj48YnI+PGJyPkRvY2tl
cmZpbGUgbm90IGluY2x1ZGVkOyB0aGUgY29tbWFuZHMgSSBleHBlY3QgdG8gcnVuIHdvdWxkIGJl
Ojxicj48YnI+YGBgPGJyPiQgZG9ja2VyIHJ1biAtcCAxMjcuMC4wLjE6MTIzNDUgLS1uYW1lIGFw
cGxpY2F0aW9uICZsdDtodHRwX3NlcnZlcl9pbWFnZSZndDs8YnI+JCBkb2NrZXIgcnVuIC1wIDgw
OjgwIC0tbGluayBhcHBsaWNhdGlvbjpodHRwc2VydiAtLW5hbWUgaXBzICZsdDtzbm9ydF9vcl9z
dXJpY2F0YV9pbWFnZSZndDs8YnI+YGBgPGJyPjxicj4oWU1NViwgc3BlY2lmaWNhbGx5IEknbSB1
bmNlcnRhaW4gb2YgdGhlICItLWxpbmsiIG9wdGlvbik8YnI+PGJyPjxicj5Gcm9tIGhlcmUsIGl0
IGJlY29tZXMgYSBxdWVzdGlvbiBvZiBob3cgdGhlIElQUyBjb250YWluZXIgZmlyZXdhbGwgcnVs
ZXMgYXJlIHNldHVwIChhc3N1bWluZyBORlErZGFxIGZvciBteSBjYXNlKS48YnI+SW4gdGhlIGV4
YW1wbGUgYWJvdmUsIEkgd291bGQgaGF2ZSB0byBkbyBzb21lIHNvcnQgb2YgTkFUaW5nICgmbHQ7
aG9zdC1pcCZndDs6ODAgLSZndDsgMTI3LjAuMC4xOjEyMzQ1KS48YnI+PGJyPjxicj5UaGlzIHNl
ZW1zIGFsbCBnb29kOyBidXQgSSBzdGlsbCBmZWVsIGxpa2UgSSdtIG92ZXIgZG9pbmcgaXQgYW5k
IHRoYXQgZG9ja2VyIG1heSBwcm92aWRlIGEgbW9yZSByZWFzb25hYmxlPGJyPm91dC1vZi1ib3gg
bWFnaWMgdG8gZWFzZSB0aGlzIGZ1cnRoZXIuIDxicj48YnI+LS0tPGJyPjxicj5PdGhlcndpc2Us
IGZvciBwYXNzaXZlIHNldHVwcywgaXQgc2hvdWxkIGJlIHN1cGVyIGVhc3kuIEFkZCBmbGFncyB0
byBgZG9ja2VyIHJ1bmAgY29tbWFuZDogIi0tbmV0PWhvc3QgLS1wcml2aWxlZ2VkIiA8YnI+KHJl
ZmVyIHRvICJodHRwczovL3JlZ2lzdHJ5Lmh1Yi5kb2NrZXIuY29tL3UvbWFuZWxsL3dpcmVzaGFy
ay8iKS48YnI+PGJyPjxicj48YnI+PGJyPjxicj48L2ZvbnQ+PGRpdiBjbGFzcz0ibW96LWNpdGUt
cHJlZml4Ij48Zm9udCBzaXplPSIrMSI+T24gNi8yLzE1IDE0OjE3LCBDbGF1ZGlvIEt1ZW56bGVy
IHdyb3RlOjxicj48L2ZvbnQ+PC9kaXY+PGJsb2NrcXVvdGUgY2l0ZT0ibWlkOkNBRi15cWdpTGIr
OTI0aGdVaXRDWHVpPXZrQkNTMUx2YWdaKzFYc0N5UDJYeFFzd2QrZ0BtYWlsLmdtYWlsLmNvbSIg
dHlwZT0iY2l0ZSI+PGZvbnQgc2l6ZT0iKzEiPjxicj48YnI+PC9mb250PjxtZXRhIGh0dHAtZXF1
aXY9IkNvbnRleHQtVHlwZSIgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PVVURi04Ij48cCBk
aXI9Imx0ciI+PGZvbnQgc2l6ZT0iKzEiPkluc3RhbGwgc3VyaWNhdGEgaW4gdGhlIGNvbnRhaW5l
ciB3aGVyZSB5b3UgcnVuIHRoZSBsb2FkYmFsYW5jZXIgYW5kIHlvdSBjYXRjaCB0aGUgdHJhZmZp
Yy48L2ZvbnQ+PC9wPjxmb250IHNpemU9IisxIj48YnI+PC9mb250PjxkaXYgY2xhc3M9ImdtYWls
X3F1b3RlIj48Zm9udCBzaXplPSIrMSI+T24gSnVuIDIsIDIwMTUgODowNyBQTSwgIlNheGVuYSwg
U2FtaWtzaGEiICZsdDs8YSBtb3otZG8tbm90LXNlbmQ9InRydWUiIGhyZWY9Im1haWx0bzpzYW1p
a3NoYS5zYXhlbmFAdmVyaXpvbi5jb20iPnNhbWlrc2hhLnNheGVuYUB2ZXJpem9uLmNvbTwvYT4m
Z3Q7IHdyb3RlOjxiciB0eXBlPSJhdHRyaWJ1dGlvbiI+PC9mb250PjxibG9ja3F1b3RlIGNsYXNz
PSJnbWFpbF9xdW90ZSI+PGRpdj48ZGl2Pjxmb250IHNpemU9IisxIj5Ib3cgY2FuIEkgZG8gc28/
IEkgd2FudCB0aGUgdHJhZmZpYyB0byBmbG93IGZyb20gaW50ZXJuZXQgdG8gbG9hZCBiYWxhbmNl
ciBzZXJ2ZXIgKHJ1bm5pbmcgaW4gYSBjb250YWluZXIpIHRvIFN1cmljYXRhIChydW5uaW5nIGlu
IGEgc2VwZXJhdGUgY29udGFpbmVyKSB0byBhcHBsaWNhdGlvbiBzZXJ2ZXIuJm5ic3A7PC9mb250
PjwvZGl2PjxkaXY+PGZvbnQgc2l6ZT0iKzEiPjxicj48L2ZvbnQ+PC9kaXY+PGZvbnQgc2l6ZT0i
KzEiPjxzcGFuPjxkaXY+PHNwYW4+RnJvbTogPC9zcGFuPiBDbGF1ZGlvIEt1ZW56bGVyICZsdDs8
YSBtb3otZG8tbm90LXNlbmQ9InRydWUiIGhyZWY9Im1haWx0bzpja0BjbGF1ZGlva3VlbnpsZXIu
Y29tIiB0YXJnZXQ9Il9ibGFuayI+Y2tAY2xhdWRpb2t1ZW56bGVyLmNvbTwvYT4mZ3Q7PGJyPjxz
cGFuPkRhdGU6IDwvc3Bhbj4gVHVlc2RheSwgSnVuZSAyLCAyMDE1IGF0IDI6MDUgUE08YnI+PHNw
YW4+VG86IDwvc3Bhbj4gIlNheGVuYSwgU2FtaWtzaGEiICZsdDs8YSBtb3otZG8tbm90LXNlbmQ9
InRydWUiIGhyZWY9Im1haWx0bzpzYW1pa3NoYS5zYXhlbmFAb25lLnZlcml6b24uY29tIiB0YXJn
ZXQ9Il9ibGFuayI+c2FtaWtzaGEuc2F4ZW5hQG9uZS52ZXJpem9uLmNvbTwvYT4mZ3Q7PGJyPjxz
cGFuPkNjOiA8L3NwYW4+ICI8YSBtb3otZG8tbm90LXNlbmQ9InRydWUiIGhyZWY9Im1haWx0bzpv
aXNmLXVzZXJzQGxpc3RzLm9wZW5pbmZvc2VjZm91bmRhdGlvbi5vcmciIHRhcmdldD0iX2JsYW5r
Ij5vaXNmLXVzZXJzQGxpc3RzLm9wZW5pbmZvc2VjZm91bmRhdGlvbi5vcmc8L2E+IiAmbHQ7PGEg
bW96LWRvLW5vdC1zZW5kPSJ0cnVlIiBocmVmPSJtYWlsdG86b2lzZi11c2Vyc0BsaXN0cy5vcGVu
aW5mb3NlY2ZvdW5kYXRpb24ub3JnIiB0YXJnZXQ9Il9ibGFuayI+b2lzZi11c2Vyc0BsaXN0cy5v
cGVuaW5mb3NlY2ZvdW5kYXRpb24ub3JnPC9hPiZndDssIFZpY3RvciBKdWxpZW4gJmx0OzxhIG1v
ei1kby1ub3Qtc2VuZD0idHJ1ZSIgaHJlZj0ibWFpbHRvOmxpc3RzQGlubGluaWFjLm5ldCIgdGFy
Z2V0PSJfYmxhbmsiPmxpc3RzQGlubGluaWFjLm5ldDwvYT4mZ3Q7PGJyPjxzcGFuPlN1YmplY3Q6
IDwvc3Bhbj4gUmU6IFtPaXNmLXVzZXJzXSBTdXJpY2F0YSBpbiBjb250YWluZXI8YnI+PC9kaXY+
PGRpdj48YnI+PC9kaXY+PHAgZGlyPSJsdHIiPklmIHlvdSB1c2UgdGhhdCBwYXJ0aWN1bGFyIGNv
bnRhaW5lciBhcyByZXZlcnNlIHByb3h5IGZvciBleGFtcGxlLiA8L3A+PGRpdiBjbGFzcz0iZ21h
aWxfcXVvdGUiPk9uIEp1biAyLCAyMDE1IDQ6MDEgUE0sICJTYXhlbmEsIFNhbWlrc2hhIiAmbHQ7
PGEgbW96LWRvLW5vdC1zZW5kPSJ0cnVlIiBocmVmPSJtYWlsdG86c2FtaWtzaGEuc2F4ZW5hQHZl
cml6b24uY29tIiB0YXJnZXQ9Il9ibGFuayI+c2FtaWtzaGEuc2F4ZW5hQHZlcml6b24uY29tPC9h
PiZndDsgd3JvdGU6PGJyIHR5cGU9ImF0dHJpYnV0aW9uIj48YmxvY2txdW90ZSBjbGFzcz0iZ21h
aWxfcXVvdGUiPkhvdyB0byBtYWtlIGEgY29udGFpbmVyIGEgaG9wIGluIHRoZSB0cmFmZmljPzxi
cj48YnI+PGJyPk9uIDYvMi8xNSwgNTo0NiBBTSwgIlZpY3RvciBKdWxpZW4iICZsdDs8YSBtb3ot
ZG8tbm90LXNlbmQ9InRydWUiIGhyZWY9Im1haWx0bzpsaXN0c0BpbmxpbmlhYy5uZXQiIHRhcmdl
dD0iX2JsYW5rIj5saXN0c0BpbmxpbmlhYy5uZXQ8L2E+Jmd0OyB3cm90ZTo8YnI+PGJyPjxicj4m
Z3Q7T24gMDUvMjYvMjAxNSAxMTozMSBQTSwgU2F4ZW5hLCBTYW1pa3NoYSB3cm90ZTo8YnI+PGJy
PiZndDsmZ3Q7IElzIHRoZXJlIGEgd2F5IHRvIGNvbmZpZ3VyZSBzdXJpY2F0YSBpbiBjb250YWlu
ZXIgZm9yIElQUz8gSSB3YW50IHRvPGJyPjxicj4mZ3Q7Jmd0OyBmb3J3YXJkIGFsbCB0aGUgdHJh
ZmZpYyBjb21pbmcgZnJvbSBpbnRlcm5ldCB0byBhIExvYWQgYmFsYW5jZXI8YnI+PGJyPiZndDsm
Z3Q7IGNvbnRhaW5lciBmb3J3YXJkZWQgdG8gU3VyaWNhdGEgY29udGFpbmVyIGZvciBJUFMuIElz
IHRoaXMgcG9zc2libGUgYW5kPGJyPjxicj4mZ3Q7Jmd0O2hvdz88YnI+PGJyPiZndDs8YnI+PGJy
PiZndDtJIHRoaW5rIGl0J3MgcG9zc2libGUsIGlmIHlvdSBjYW4gbWFrZSB0aGUgY29udGFpbmVy
IGEgaG9wIGluIHRoZTxicj48YnI+Jmd0O3RyYWZmaWMgcGF0aC48YnI+PGJyPiZndDs8YnI+PGJy
PiZndDstLTxicj48YnI+Jmd0Oy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLTxicj48YnI+Jmd0O1ZpY3RvciBKdWxpZW48YnI+PGJyPiZndDs8YSBtb3otZG8tbm90
LXNlbmQ9InRydWUiIGhyZWY9Imh0dHA6Ly93d3cuaW5saW5pYWMubmV0LyIgdGFyZ2V0PSJfYmxh
bmsiPmh0dHA6Ly93d3cuaW5saW5pYWMubmV0LzwvYT48YnI+PGJyPiZndDtQR1A6IDxhIG1vei1k
by1ub3Qtc2VuZD0idHJ1ZSIgaHJlZj0iaHR0cDovL3d3dy5pbmxpbmlhYy5uZXQvdmljdG9yanVs
aWVuLmFzYyIgdGFyZ2V0PSJfYmxhbmsiPmh0dHA6Ly93d3cuaW5saW5pYWMubmV0L3ZpY3Rvcmp1
bGllbi5hc2M8L2E+PGJyPjxicj4mZ3Q7LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tPGJyPjxicj4mZ3Q7PGJyPjxicj4mZ3Q7X19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX188YnI+PGJyPiZndDtTdXJpY2F0YSBJRFMgVXNlcnMg
bWFpbGluZyBsaXN0OiA8YSBtb3otZG8tbm90LXNlbmQ9InRydWUiIGhyZWY9Im1haWx0bzpvaXNm
LXVzZXJzQG9wZW5pbmZvc2VjZm91bmRhdGlvbi5vcmciIHRhcmdldD0iX2JsYW5rIj5vaXNmLXVz
ZXJzQG9wZW5pbmZvc2VjZm91bmRhdGlvbi5vcmc8L2E+PGJyPjxicj4mZ3Q7U2l0ZTogPGEgbW96
LWRvLW5vdC1zZW5kPSJ0cnVlIiBocmVmPSJodHRwOi8vc3VyaWNhdGEtaWRzLm9yZyIgdGFyZ2V0
PSJfYmxhbmsiPmh0dHA6Ly9zdXJpY2F0YS1pZHMub3JnPC9hPiB8IFN1cHBvcnQ6IDxhIG1vei1k
by1ub3Qtc2VuZD0idHJ1ZSIgaHJlZj0iaHR0cDovL3N1cmljYXRhLWlkcy5vcmcvc3VwcG9ydC8i
IHRhcmdldD0iX2JsYW5rIj5odHRwOi8vc3VyaWNhdGEtaWRzLm9yZy9zdXBwb3J0LzwvYT48YnI+
PGJyPiZndDtMaXN0OiA8YSBtb3otZG8tbm90LXNlbmQ9InRydWUiIGhyZWY9Imh0dHBzOi8vbGlz
dHMub3BlbmluZm9zZWNmb3VuZGF0aW9uLm9yZy9tYWlsbWFuL2xpc3RpbmZvL29pc2YtdXNlcnMi
IHRhcmdldD0iX2JsYW5rIj5odHRwczovL2xpc3RzLm9wZW5pbmZvc2VjZm91bmRhdGlvbi5vcmcv
bWFpbG1hbi9saXN0aW5mby9vaXNmLXVzZXJzPC9hPjxicj48YnI+Jmd0O1N1cmljYXRhIFVzZXIg
Q29uZmVyZW5jZSBOb3ZlbWJlciA0ICZhbXA7IDUgaW4gQmFyY2Vsb25hOjxicj48YnI+Jmd0Ozxh
IG1vei1kby1ub3Qtc2VuZD0idHJ1ZSIgaHJlZj0iaHR0cDovL29pc2ZldmVudHMubmV0IiB0YXJn
ZXQ9Il9ibGFuayI+aHR0cDovL29pc2ZldmVudHMubmV0PC9hPjxicj48YnI+PGJyPl9fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fPGJyPjxicj5TdXJpY2F0YSBJ
RFMgVXNlcnMgbWFpbGluZyBsaXN0OiA8YSBtb3otZG8tbm90LXNlbmQ9InRydWUiIGhyZWY9Im1h
aWx0bzpvaXNmLXVzZXJzQG9wZW5pbmZvc2VjZm91bmRhdGlvbi5vcmciIHRhcmdldD0iX2JsYW5r
Ij5vaXNmLXVzZXJzQG9wZW5pbmZvc2VjZm91bmRhdGlvbi5vcmc8L2E+PGJyPjxicj5TaXRlOiA8
YSBtb3otZG8tbm90LXNlbmQ9InRydWUiIGhyZWY9Imh0dHA6Ly9zdXJpY2F0YS1pZHMub3JnIiB0
YXJnZXQ9Il9ibGFuayI+aHR0cDovL3N1cmljYXRhLWlkcy5vcmc8L2E+IHwgU3VwcG9ydDogPGEg
bW96LWRvLW5vdC1zZW5kPSJ0cnVlIiBocmVmPSJodHRwOi8vc3VyaWNhdGEtaWRzLm9yZy9zdXBw
b3J0LyIgdGFyZ2V0PSJfYmxhbmsiPmh0dHA6Ly9zdXJpY2F0YS1pZHMub3JnL3N1cHBvcnQvPC9h
Pjxicj48YnI+TGlzdDogPGEgbW96LWRvLW5vdC1zZW5kPSJ0cnVlIiBocmVmPSJodHRwczovL2xp
c3RzLm9wZW5pbmZvc2VjZm91bmRhdGlvbi5vcmcvbWFpbG1hbi9saXN0aW5mby9vaXNmLXVzZXJz
IiB0YXJnZXQ9Il9ibGFuayI+aHR0cHM6Ly9saXN0cy5vcGVuaW5mb3NlY2ZvdW5kYXRpb24ub3Jn
L21haWxtYW4vbGlzdGluZm8vb2lzZi11c2VyczwvYT48YnI+PGJyPlN1cmljYXRhIFVzZXIgQ29u
ZmVyZW5jZSBOb3ZlbWJlciA0ICZhbXA7IDUgaW4gQmFyY2Vsb25hOiA8YSBtb3otZG8tbm90LXNl
bmQ9InRydWUiIGhyZWY9Imh0dHA6Ly9vaXNmZXZlbnRzLm5ldCIgdGFyZ2V0PSJfYmxhbmsiPmh0
dHA6Ly9vaXNmZXZlbnRzLm5ldDwvYT48YnI+PC9ibG9ja3F1b3RlPjwvZGl2Pjwvc3Bhbj48L2Zv
bnQ+PC9kaXY+PGZvbnQgc2l6ZT0iKzEiPjxicj48L2ZvbnQ+PC9ibG9ja3F1b3RlPjwvZGl2Pjxm
b250IHNpemU9IisxIj48YnI+PGJyPjxicj48L2ZvbnQ+PGZpZWxkc2V0IGNsYXNzPSJtaW1lQXR0
YWNobWVudEhlYWRlciI+PC9maWVsZHNldD48Zm9udCBzaXplPSIrMSI+PGJyPjwvZm9udD48cHJl
IHdyYXA9IiI+PGZvbnQgc2l6ZT0iKzEiPl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fPGJyPlN1cmljYXRhIElEUyBVc2VycyBtYWlsaW5nIGxpc3Q6IG9pc2Yt
dXNlcnNAb3BlbmluZm9zZWNmb3VuZGF0aW9uLm9yZzxicj5TaXRlOiBodHRwOi8vc3VyaWNhdGEt
aWRzLm9yZyB8IFN1cHBvcnQ6IGh0dHA6Ly9zdXJpY2F0YS1pZHMub3JnL3N1cHBvcnQvPGJyPkxp
c3Q6IGh0dHBzOi8vbGlzdHMub3BlbmluZm9zZWNmb3VuZGF0aW9uLm9yZy9tYWlsbWFuL2xpc3Rp
bmZvL29pc2YtdXNlcnM8YnI+U3VyaWNhdGEgVXNlciBDb25mZXJlbmNlIE5vdmVtYmVyIDQgJmFt
cDsgNSBpbiBCYXJjZWxvbmE6IGh0dHA6Ly9vaXNmZXZlbnRzLm5ldDwvZm9udD48L3ByZT48Zm9u
        dCBzaXplPSIrMSI+PGJyPjxicj48L2ZvbnQ+PC9ibG9ja3F1b3RlPg=="
style="height:0;width:0;max-height:0;max-width:0;overflow:hidden;font-size:0em;padding:0;margin:0;">​</div>
    </div>
  </body>
</html>