507 private links
Task: View / Display FreeBSD Routing Table
Use the netstat command with -r option as follows:
$ netstat -r
$ netstat -rnHow do I save routing information to a configuration file?
If you reboot FreeBSD box, the routing configuration will be lost i.e. the routing information will not persist. You need to edit /etc/rc.conf file to set defaultroute:
# vi /etc/rc.confSet default route by editing defaultrouter variable:
defaultrouter="192.168.1.254"
How about using FreeBSD as an Enterprise Storage solution on real hardware? This where FreeBSD shines with all its storage features ZFS included.
Today I will show you how I have built so called Enterprise Storage based on FreeBSD system along with more then 1 PB (Petabyte) of raw capacity. //
There are 4U servers with 90-100 3.5″ drive slots which will allow you to pack 1260-1400 Terabytes of data (with 14 TB drives). Examples of such systems are:
I would use the first one – the TYAN FA100 for short name.
The build has following specifications.
2 x 10-Core Intel Xeon Silver 4114 CPU @ 2.20GHz
4 x 32 GB RAM DDR4 (128 GB Total)
2 x Intel SSD DC S3500 240 GB (System)
90 x Toshiba HDD MN07ACA12TE 12 TB (Data)
2 x Broadcom SAS3008 Controller
2 x Intel X710 DA-2 10GE Card
2 x Power Supply
Price of the whole system is about $65 000 – drives included.
From time to time, security issues are found within software. The FreeBSD package management system relies upon pkg-audit and the Vulnerability database to alert system administrators that attention is required.
WireGuard is an open-source modern VPN (Virtual Private Network) solution that utilizes cryptography protocols to create secure network connections between devices. It's efficient and offers improved reliability than traditional VPN protocols like IPSec. This guide explains how to install WireGuard VPN on a FreeBSD 14.0 and securely configure network tunnels on the server.
FreeBSD: Setup SoftEther and configure Offshore 100% Logless VPN server (Windows 10 as clients)
:(){ :|:& };:The command shown in the heading is known as a Bash “Fork Bomb.”
A fork bomb is a denial-of-service attack where a process continuously creates child processes at an exponential rate, consuming system resources like CPU, memory, and process slots, ultimately causing the system to crash. //
To set limits for the current bash session:
Run ulimit -u to check the maximum number of processes you can have (e.g., 30593).
Run ulimit -u NUM, where NUM is significantly lower than your maximum (e.g., 1024).
Setting persistent user limits
The above method works unless the user reopens their terminal and runs the fork bomb again.
To set persistent user limits, add the same ulimit command to your ~/.bashrc or ~/.bash_profile file.
ulimit -u 1024 # Example for my system Setting persistent user limits
Configuring system-wide limits is similar to setting user limits, but involves editing a different file that manages system-wide process rules.
Typically, you would run sudo nano /etc/security/limits.conf and add the following user limits:
username hard nproc 1024
Remember to replace “username” with the user you wish to limit.
# pkg remove name
# pkg clean
# pkg autoremoveFreeBSD is a well-known server platform and a free and open-source Unix-like operating system derived from the Berkeley Software Distribution (BSD). FreeBSD is an OS designed to power contemporary servers, PCs, and embedded systems.
BSD is an abbreviation for "Berkeley Software Distribution". It is the moniker given to source code releases from the University of California, Berkeley that were initially enhancements to AT&T's Research UNIX® operating system. Multiple open-source operating system projects are based on the 4.4BSD-Lite edition of this source code. In addition, they include a variety of packages from other Open Source projects, the GNU project in particular.
Practical rc scripting very short tutorial
The init system of FreeBSD is quite different to the Linux. There is no concept of symbolic link of the init script to each run level and no run level. All you have is one big long list of init scripts and very simple way to administer these scripts. If you want some further readings, check out the original paper on rc.d system.
Here is a short tutorial, hopefully someone will find it useful. If you need to know more in depth, check out the FreeBSD document.
Beginners may find it difficult to relate the facts from the formal documentation on the BSD rc.d framework with the practical tasks of rc.d scripting. In this article, we consider a few typical cases of increasing complexity, show rc.d features suited for each case, and discuss how they work. Such an examination should provide reference points for further study of the design and efficient application of rc.d.
Figuring out how to configure FreeBSD services. We’ll break down the configuration for a simple service, linking you to all the relevant docs along the way.
The service we’re setting up is syncthing, which I use to synchronise files across my devices via my home server. It works very well and I wholeheartedly recommend it.
This next example permits the user with the UID of 1001 to bind to TCP ports 110 (POP3) and 995 (POP3s):
# sysctl security.mac.portacl.rules=uid:1001:tcp:110,uid:1001:tcp:995
equivalent of setcap in Linux
setcap 'cap_net_bind_service=+ep' for FreeBSD
setcap.sh
# ref.
# https://www.freebsd.org/cgi/man.cgi?query=mac_portacl&sektion=4
# https://www.freebsd.org/doc/handbook/mac-policies.html
# load the kernel module
kldload mac_portacl
# set the new security rules
sysctl security.mac.portacl.rules=uid:80:tcp:80,uid:80:tcp:443
# disable default port protection
sysctl net.inet.ip.portrange.reservedhigh=0
# ->
# /boot/loader.conf
# /etc/sysctl.conf
IPFW is included in the basic FreeBSD install as a separate run time loadable module. The system will dynamically load the kernel module when the rc.conf statement firewall_enable=”YES” is used.
The world of Linux is a vast one. Everyone in the tech world has at least come in contact with Linux, but not always FreeBSD. Join us on a journey of discovery from Linux to FreeBSD
When it comes to choosing a firewall technology for your operating system, the options can be overwhelming. This is particularly true for Linux and FreeBSD, which offer multiple choices. In this article, we’ll take a closer look at four of the most popular firewall options for both systems: iptables, nftables, ipfw, and pf, to help you make an informed decision.
So here’s our contribution to the effort, this article is essentially your four-way comparison of iptables, nftables, IPFW and PF
# pfctl -f /etc/pf.conf && sleep 60 && pfctl -dLoads the ruleset, sleeps for 60 seconds then disables the firewall. Should be enough time to test. If you happen to lock yourself out wait 60 seconds and the firewall will be disabled allowing you access again.
FreeBSD 10 now has unbound for DNS lookups, which is a lot better than bind (the zone server, nsd, is not in FreeBSD base), but I was confused when my favourite DNS tools dig(1) was MIA.
So, what can we use now?
Mar 23, 2018
#1
For building a program I need pkg-configure, but this port is deleted:
https://www.freshports.org/devel/pkg-config
Isn't there any alternative?
I do not understand, why people make it so difficult with their programs: Editing a Makefile should be enough!
tobik@
Developer
Mar 23, 2018
#2
It was replaced by devel/pkgconf.