FreeBSD: Setup SoftEther and configure Offshore 100% Logless VPN server (Windows 10 as clients)

:(){ :|:& };:

The command shown in the heading is known as a Bash “Fork Bomb.”

A fork bomb is a denial-of-service attack where a process continuously creates child processes at an exponential rate, consuming system resources like CPU, memory, and process slots, ultimately causing the system to crash. //

To set limits for the current bash session:

Run ulimit -u to check the maximum number of processes you can have (e.g., 30593).
Run ulimit -u NUM, where NUM is significantly lower than your maximum (e.g., 1024).

Setting persistent user limits
The above method works unless the user reopens their terminal and runs the fork bomb again.

To set persistent user limits, add the same ulimit command to your ~/.bashrc or ~/.bash_profile file.

ulimit -u 1024 # Example for my system 

Setting persistent user limits
Configuring system-wide limits is similar to setting user limits, but involves editing a different file that manages system-wide process rules.

Typically, you would run sudo nano /etc/security/limits.conf and add the following user limits:
username hard nproc 1024
Remember to replace “username” with the user you wish to limit.

# pkg remove name
# pkg clean 
# pkg autoremove

FreeBSD is a well-known server platform and a free and open-source Unix-like operating system derived from the Berkeley Software Distribution (BSD). FreeBSD is an OS designed to power contemporary servers, PCs, and embedded systems.

BSD is an abbreviation for "Berkeley Software Distribution". It is the moniker given to source code releases from the University of California, Berkeley that were initially enhancements to AT&T's Research UNIX® operating system. Multiple open-source operating system projects are based on the 4.4BSD-Lite edition of this source code. In addition, they include a variety of packages from other Open Source projects, the GNU project in particular.

Practical rc scripting very short tutorial

The init system of FreeBSD is quite different to the Linux. There is no concept of symbolic link of the init script to each run level and no run level. All you have is one big long list of init scripts and very simple way to administer these scripts. If you want some further readings, check out the original paper on rc.d system.

Here is a short tutorial, hopefully someone will find it useful. If you need to know more in depth, check out the FreeBSD document.

Beginners may find it difficult to relate the facts from the formal documentation on the BSD rc.d framework with the practical tasks of rc.d scripting. In this article, we consider a few typical cases of increasing complexity, show rc.d features suited for each case, and discuss how they work. Such an examination should provide reference points for further study of the design and efficient application of rc.d.

Figuring out how to configure FreeBSD services. We’ll break down the configuration for a simple service, linking you to all the relevant docs along the way.

The service we’re setting up is syncthing, which I use to synchronise files across my devices via my home server. It works very well and I wholeheartedly recommend it.

This next example permits the user with the UID of 1001 to bind to TCP ports 110 (POP3) and 995 (POP3s):

# sysctl security.mac.portacl.rules=uid:1001:tcp:110,uid:1001:tcp:995

equivalent of setcap in Linux

setcap 'cap_net_bind_service=+ep' for FreeBSD

setcap.sh

# ref.
# https://www.freebsd.org/cgi/man.cgi?query=mac_portacl&sektion=4
# https://www.freebsd.org/doc/handbook/mac-policies.html

# load the kernel module
kldload mac_portacl

# set the new security rules
sysctl security.mac.portacl.rules=uid:80:tcp:80,uid:80:tcp:443

# disable default port protection
sysctl net.inet.ip.portrange.reservedhigh=0

# ->
# /boot/loader.conf
# /etc/sysctl.conf

IPFW is included in the basic FreeBSD install as a separate run time loadable module. The system will dynamically load the kernel module when the rc.conf statement firewall_enable=”YES” is used.

The world of Linux is a vast one. Everyone in the tech world has at least come in contact with Linux, but not always FreeBSD. Join us on a journey of discovery from Linux to FreeBSD

When it comes to choosing a firewall technology for your operating system, the options can be overwhelming. This is particularly true for Linux and FreeBSD, which offer multiple choices. In this article, we’ll take a closer look at four of the most popular firewall options for both systems: iptables, nftables, ipfw, and pf, to help you make an informed decision.

So here’s our contribution to the effort, this article is essentially your four-way comparison of iptables, nftables, IPFW and PF 

 # pfctl -f /etc/pf.conf && sleep 60 && pfctl -d

Loads the ruleset, sleeps for 60 seconds then disables the firewall. Should be enough time to test. If you happen to lock yourself out wait 60 seconds and the firewall will be disabled allowing you access again.

FreeBSD 10 now has unbound for DNS lookups, which is a lot better than bind (the zone server, nsd, is not in FreeBSD base), but I was confused when my favourite DNS tools dig(1) was MIA.

So, what can we use now?

Mar 23, 2018
#1
For building a program I need pkg-configure, but this port is deleted:

https://www.freshports.org/devel/pkg-config

Isn't there any alternative?

I do not understand, why people make it so difficult with their programs: Editing a Makefile should be enough!

tobik@
Developer
Mar 23, 2018
#2

It was replaced by devel/pkgconf.

FreeBSD is bundled with a rich collection of system tools as part of the base system. In addition, FreeBSD provides two complementary technologies for installing third-party software: the FreeBSD Ports Collection, for installing from source, and packages, for installing from pre-built binaries. Either method may be used to install software from local media or from the network.

The ls(1) command is pretty good at showing you the attributes of a single file (at least in some cases), but when you ask it for a list of files, there's a huge problem: Unix allows almost any character in a filename, including whitespace, newlines, commas, pipe symbols, and pretty much anything else you'd ever try to use as a delimiter except NUL. There are proposals to try and "fix" this within POSIX, but they won't help in dealing with the current situation (see also how to deal with filenames correctly). In its default mode, if standard output isn't a terminal, ls separates filenames with newlines. This is fine until you have a file with a newline in its name. Since very few implementations of ls allow you to terminate filenames with NUL characters instead of newlines, this leaves us unable to get a list of filenames safely with ls -- at least, not portably.

I’m evaluating if FreeBSD can take the place of Debian on my production servers. Over the past month I’ve read several books, scoured forums and the FreeBSD handbook, and taken ample notes along the way. //

• The FreeBSD handbook provides great advice to use ssmtp for routing simple outgoing console/cron emails to yourself instead of setting up big, bulky, cranky postfix.

• Bash script opening shebangs need to be changed to #!/usr/bin/env bash to make them platform agnostic (they won’t run on FreeBSD if they are #!/bin/bash).

FAMP stack? That’s FreeBSD + Apache + MariaDB + PHP.

Here’s the steps necessary to build an Apache web server with MariaDB on FreeBSD.