Search results

  1. O

    FreeBSD High Performance Firewall

    In general (this is from my experience with pf, I cannot speak for ipfw): Be as simple as possible, while being only as specific as you need to be. State table lookups are cheap. Ruleset evaluations are not. Use a "first match" (i.e. all "quick") ruleset when possible. Keep the rules that...
  2. O

    ALTQ on traffic originating from the firewall

    In general for this sort of thing I prefer the application itself to impose an accept rate rather than do the shaping in the firewall. That said, it's not always supported. I think you can also do some hackery with netgraph, if you understand it :e.
  3. O

    Blocking the jails when PF is on

    Using all quick rules (i.e. "first match") is also better for performance.
  4. O

    Does PF have stateful checking?

    Also it's worth noting that keep state is the most basic of states. Although it's the only one that works on "stateless" protocols (e.g. UDP) via timers, TCP can utilize modulate state and synproxy state which are very useful in some situations.
  5. O

    Internal and External Traffic separated in two different network cards

    So, you want to route between interfaces, correct? Then, why do you have gateway_enable="NO" in rc.conf? Edit: Actually re-reading your post only makes me more puzzled. Are you just trying to have a multihomed server?
  6. O

    Appending '&' to execute in the background?

    Ah, thanks! That's just what I was looking for. :)
  7. O

    Appending '&' to execute in the background?

    Okay, figured out a solution. I store the entire command line in a variable, and then I execute in an if, one with a trailing ampersand and one without. Like so: cmdline=foo $bar $args if [ $bg -ne 0 ]; then $cmdline & else $cmdline fi This way if I need to update the command...
  8. O

    Custom rc startup script, how?

    Practical rc.d scripting in BSD Also just look at any of the actual scripts as examples, in /etc/rc.d/. You should put your own custom scripts in /usr/local/etc/rc.d/.
  9. O

    Appending '&' to execute in the background?

    I have a set of scripts that define variables and then use another script to actually execute commands, not unlike the rc.d system. The problem I've come across is a certain program, that typically runs as a daemon, not actually support daemonizing via any command line arguments or...
  10. O

    Network question.

    Something like net-mgmt/iftop might be what you're looking for.
  11. O

    Postgresql won't start

    One additional thing you will need to do when starting the jail is explicitly allow SYSV IPC in that jail. I believe the FreeBSD jail scripts have the option to do this (I use my own scripts written and updated since before those existed). Search for allow.sysvipc in jail for more info.
  12. O

    Configuring DNS?

    You said "dmin doesn't really exist", and yet you are using it in your NS record? Edit: Based on your first post, jaber.example.ir should be what want there instead.
  13. O

    Tripp-Lite: keep or return?

    nut takes a bit to get going, as it requires three daemons just to have a single machine shut down (only one per additional machine though), but once you get it set up it's wonderful. I have 3 separate systems connected to a single UPS and they all shut down well with nut.
  14. O

    Using GPT labels and ZFS root?

    I've got a system using ZFS for its root filesystem, but unfortunately it's not using the GPT labels when accessing the block devices in the vdev. At first I didn't mind, but as I add disks to the system, things start to get really ugly, and now I have a mix of device node names (e.g. ada0p2)...
  15. O

    If you could change one thing in FreeBSD...

    Oh, good one. Me too. Though, to be fair, it's not that difficult to do manually. Can't you do this with sysinstall? At least, in 8.x, not sure if it's still there and working in 9. Edit: Ah, wait, that might only be for wired interfaces.
  16. O

    Crash issue with 9.1-RC2

    When I see weird things like this, I tend to think there are RAM related issues. For example, on my router I also used to be running SU+J, and would get random segfaults while building the world. Thinking this was SU+J related, I removed it, only to find I still had segfaults at random points...
  17. O

    If you could change one thing in FreeBSD...

    Let's admit it. Despite our love for FreeBSD, there's always some new feature we want, some bug fixed, or some annoyance removed. So I'm curious, what would be #1 on your list of changes you'd like to see--and I mean only your top choice. It can be anything as grand as "ARM as 'Tier 1'...
  18. O

    Hardware failure or bug in ehci?

    I recently plugged in a new KVM (Monoprice KCF-181S) to my FreeBSD machines (the machine in question a Jetway NF9A-Q67), and found a high interrupt rate when using top. The usb and KVM appear like so in dmesg: ehci0: <EHCI (generic) USB 2.0 controller> mem 0xfe523000-0xfe5233ff irq 16 at device...
  19. O

    Stuck configuring pf

    Just a note... Just so you know, you don't need rules for DHCP (unless you are running a relay) in pf. This is because dhcpd listens on the raw (unfiltered) bpf device, and does not receive packets in the normal socket manner.
  20. O

    NUT port configuration "No such file"?

    Okay, solved the issue. Apparently, usbhid-ups drops privs before trying to open the device, even if you execute it as root and set "RUN_AS_USER root" in upsmon.conf. No idea what user it switches to, and it doesn't tell you this in the debug output regardless of how many '-D's you put when...
Back
Top