Search results

No worries. Yes used script from the beginning.

What you mean by outset?

I have fixed my script, now all is working fine, basically what I did was: zpool create -o altroot=/mnt -O atime=off -m none -f zroot <device> zfs create -o mountpoint=none zroot/ROOT zfs create -o mountpoint=/ zroot/ROOT/default zfs create -o mountpoint=/zroot zroot/ROOT zfs create -o...

I cross checked with my other systems, and you're correct. I didn't said it's a problem, but I had impression that it shouldn't be like that. Anyways, it does work, but for now I need to go through my script for installation automation on remote machines. I'm thinking of sharing it in separate...

I fixed that eventually, but I'm not entirely happy with it. What solved that was actually setting mountpoint to /usr for zroot/usr zfs set mountpoint=/usr zroot/usr From now on file systems created by zfs create tank/file/system are created correctly and there are no overmounts. Previously...

Well, changing canmount=noauto did not do the trick, still that's what mount returns: [root@system /usr]# mount zroot on / (zfs, local, nfsv4acls) devfs on /dev (devfs) zroot/usr/jails on /usr/jails (zfs, local, noatime, nfsv4acls) zroot/usr/jails/basejail on /usr/jails/basejail (zfs, local...

There's no data there, just empty fs. zfs mount -a is executed during boot process. It has nothing to do with sysctl security.jail.mount_allowed. Overmount happens when your already mounted file system - in this example /usr/jails is mounted before the /usr which effectively "covers" your...

I was looking into that already and looks ok: [root@system ~]# grep zfs /etc/fstab [root@system ~]# ls -l /etc/fstab -rw-r--r-- 1 root wheel 0 Jun 24 15:47 /etc/fstab [root@system ~]# [root@system ~]# mount|grep zfs zroot on / (zfs, local, nfsv4acls) zroot/tmp on /tmp (zfs, local, nosuid...

For some reason zfs is mounting file systems in wrong order. When I create new zfs filesystem it is mounted correctly: [root@system ~]# zfs create zroot/usr/jails [root@system ~]# zfs set mountpoint=/usr/jails zroot/usr/jails [root@system ~]# mount zroot on / (zfs, local, nfsv4acls) devfs on...

logs

I definitely don't want that. :) Instead of doing anything with php I’d rather use some static content behind password auth. Looking further ;)

I'd like to add another layer of security to my PF config and I'm looking for a way to add an IP address to a table via web. General idea behind that is that sometimes I need to connect to my server from random location and I'd like to be able to add IP of that location to my <ssh> table. I've...

Any idea where I can find version overview and differences listed for OpenBSD and FreeBSD?

loopback interfaces have nothing to do with it. Anyways, regarding block quick from <blacklist> to any adding interface to it ($ext_if) does exactly the same thing. Sure, it's being taken care of on dns level. Yes, this config is kinda work in progress. I do believe connections are being...

Several ways: pfctl -tblacklist -Tadd <ip_address> or I'll get ip addresses by script, add it to /etc/pf/blacklist and run: pfctl -tblacklist -Treplace -f /etc/pf/blacklist or just simply restarting pf.

What you mean by 'review'? I do have several jails there and aliases. Anyways - skip on lo interfaces should not affect filtering.

I have remote FreeBSD server with name server inside jail. My rules are: ext_if="em0" ext_ip="X.X.X.X" jail_net="10.0.0.0/24" ns_ip="10.0.0.1" icmp_types = "echoreq" table <blacklist> persist file "/etc/pf/blacklist" table <trusted> persist file "/etc/pf/trusted" set block-policy drop set...

Issue is solved... I've downloaded ports yet again and that solved the issue. Thread can be closed, sorry.

I have an issue with dovecot2 installation from mail/dovecot in jail. It does install fine outside of the jail though. Ports tree is up to date. Error I'm receiving: pkg-static: Unable to access file...

Hi guys, At work I have blocked outgoing ssh connections, I've been told that I can use IPsec to connect to (and I do have client installed on my laptop), but I do not know where to start. I did read VPN over IPsec, but that seems to be a bit different scenario. What I need is just to use...