I may have mentioned this in part before, but Matthew Dillon has a brief script to reload pf when an interface IP changes. I’m linking it here in case it’s useful in the future.
A calmer week, probably because of the U.S. holiday.
- FreeBSD Mastery: ZFS is out (eBook format).
- DiscoverBSD for 2015/05/18.
- PC-BSD 10.1.2 is out. (Update: hotfix)
- freebsd-wifi-build (via)
- bhyve on Pluribus, a platform I’m unfamiliar with. (via)
- pkgSrcCon is happening July 4-5 in Berlin.
- I like cross-pollination.
- Diagnosing softraid failures on OpenBSD.
- OpenBSD now has ntpd on by default.
- OpenSMTPD vs. Logjam.
- spamd/pf rule changes.
- Various OpenBSD remote update methods.
- FreeNAS status report.
- iXSystems is gaining a dev blog.
I managed to miss this last week because of issues with my RSS feeds, but the 71st episode of BSDNow is/has been up. It’s “systemd isaster”, cause the interview is with Ian Sutton talking about BSD replacements for systemd dependencies. There’s a number of at-least-slightly DragonFly-related things in there, including OPNSense, pkgng, and Hammer mentions.
Remembered to do this all at the last minute, after I got the new server up.
- LibertyBSD, an OpenBSD fork with no non-free firmware.
- OPNSense, a FreeBSD-based firewall that is new to me.
- OpenBSD projects that aren’t OpenBSD.
- Broken build tracker for pkgsrc. (via)
- pkgsrc-2014Q4 is out.
- pkgviews is gone from pkgsrc.
- NetBSD can now record MIDI files from /dev/music.
- How to see hidden pf tables.
- The OpenBSD Foundation met their fundraising goal for 2014.
- Typing in Japanese in OpenBSD. (via)
- Tor relay issues on OpenBSD, in two slightly munged threads.
- OpenBSD and syslog, over TCP.
- FreeBSD has updated to Unbound 1.5.1 and clang/llvm/lldb to 3.5.0.
- bhyve on FreeBSD has an improved Real Time Clock.
- GNU texinfo is out of FreeBSD.
- FreeBSD’s asr(4) driver is gone too.
- pcc 1.1.0 was recently released. (via)
I’m going to dive right in with an anecdote: As is normal for anyone in systems administration, I’m busy at work. I’ve been short an employee for some time, and I brought in a managed service provider to do some work. This included a revamping of the network equipment and layout, as it has been growing organically rather than in a planned fashion.
I received the formal assessment from the provider a few weeks ago, and it mentioned that we were using a non ICSA-certified firewall: pf, in the form of pfSense. This was accompanied by some rather drastic warnings about how open source was targeted by hackers! and implied that ICSA certification was a mark of quality rather than a purchasable certification. All bogus, of course.
The reason I’m starting this review with this little story is to note that while open source has become well-accepted for system and application software, there’s still a lot of people that expect commercial hardware to be exclusively handling data once it leaves the server. That’s been valid for a long time, but software like pf represents a realistic option, or even an improvement, over many commercial and proprietary options. Since pf exists in one form or another on all the BSDs, it’s a tool you should be at least somewhat familiar with.
Peter N. M. Hansteen has written about pf first online, and then in printed form, for some time. The Book of PF is in its third edition, and that’s what I have to read. (Disclosure: No Starch Press gave me the book free, without requirements)
The book is excellent, and easier to read than I expected for a book about network processing. It can be read in linear form, as it takes the reader from simple to more complex network layouts. It works as a reference book, too, as it focuses on different tools around pf and what they are used for.
It covers the different pf version in OpenBSD, NetBSD, and FreeBSD, and DragonFly gets at least a partial mention in some portions of the book. For example, OpenBSD recently removed ALTQ, but the other BSDs still use it. With- and without-ALTQ scenarios are covered every place it applies. You’re going to get the most mileage out of an OpenBSD setup with it, though.
The parts where the book shines are the later chapters; the descriptions of greylisting and spamd, the traffic shaping notes, and the information on monitoring pf will be useful for most anyone. It’s quite readable; similar in tone to Peter’s blog. If you enjoy his in–depth online articles, the book will be a pleasant read.
BSDNow 063 has the normal news articles and links, and an interview of Kristaps Džonsons, one of the people working on mandoc. There’s also a tutorial on bandwidth throttling with pf.
Hardly any source commits to point at this week, but there’s still lots of stuff happening in BSD-land.
- MeetBSD is happening right now.
- OpenBSD 5.6 is being released right now too.
- Michael W. Lucas has released the cover to his upcoming FreeBSD Mastery: Storage Essentials book.
- Peter N. M. Hansteen’s 3rd edition of the Book of PF is out, and he’s running an auction for the first author-signed copy – with profits to OpenBSD. This is a good strategy. I have a copy of the book and will write a review here as soon as I can finish it – only up to chapter 3 right now. The presentation that spawned the book is updated and available.
- FreeBSD 10.0 got an extension.
- Don’t run wsmoused and X at the same time in OpenBSD.
- NetBSD now has openresolv 3.6.1. It’s a resolv.conf management program I had not yet heard of.
- FreeBSD has significant changes to /dev/random,
- FreeBSD has gained TTM support in its AGP driver, and radeonkms in FreeBSD now supports AGP.
- NYCBUG, upcoming.
- DiscoverBSD for 2014/10/27.
- The Apple Mac Takes Its Place In The Post-PC World. Unix-based computers are the best game in town, it appears. (via)
- Lumina Desktop Build in FreeBSD / TrueOS. (video)
Another active week.
- RetroBSD recently moved to Git and GitHub, and is now buildable on Mac OS X.
- ALTQ is gone, at least for the OpenBSD version of pf.
- So I’ll bring up this point again: pf is fragmenting, and we should do something about it.
- The EdgeBSD presentation from FOSDEM 2014. (via)
- OpenBSD could use some VLAN testing.
- FreeBSDNews is running an swag contest.
- netbsd.fi replaces onetbsd.org.
- Here’s a GSoC project that could help everyone. (thanks, Tomáš Bodžár)
- I’ve linked to some parts of this work, but Undeadly has a summary of the man page search improvements in OpenBSD.
- DiscoverBSD’s 2014/04/14 summary.
- LibreSSL started because of a leaky water heater.
- I always like threads about small hardware.
- FreeNAS hardware unboxing.
- Man, everybody likes pfSense.
- Lua in pkgsrc is getting versioned.
- Why would you do this?
Back to relatively normal volume, this week.
- FreeBSD 10 is out.
- OpenBSD got electrical funding, and is now holding a funding drive.
- new openssh key format and bcrypt pbkdf. A new key format for OpenSSH, and how to switch to it – only available in OpenBSD as of this writing.
- I did not know this: There’s a pfSense store, with shirts, preloaded USB sticks, and various appliances – I have one of the Netgate FW-7541 models, notable in that I’ve never had to do anything with it after initial setup; it just runs and runs. There’s a pfSense hangout/webcast for paid support customers this Friday the 24th, too.
- Open Source FreeBSD 10 Takes on Virtualization. From a saved Google search.
- Undeadly has an explanation of the new signed packages setup for OpenBSD.
- DiscoverBSD’s 2014/01/14 roundup.
- FreeBSD now has OpenSSL 1.0.1f.
- NetBSD now has a wscons/Intel GMA driver.
- PC-BSD 10 is almost out, and here’s their weekly digest talking about it. Also, apparently PC-BSd and GhostBSD share some installer code? I’m not clear on this.
- CBSD – FreeBSD jail management. (via)
- Slides and audio from Brian Callahan’s recent OpenBSD presentation at NYCBUG are up.
- OpenBSD has a qla(4) driver, for Qlogic fiber channel HBAs, and ubcmtp(4), a Macbook touchpad driver.
Finally, a quieter week.
- pfSense (which I use at work; performs great) has updated to 2.1, and now offers a ‘Gold‘ subscription program.
- FreeBSD has a new iSCSI target and initiator. (World rebuild needed and again)
- FreeBSD’s bxe(4) now supports the BCM57712 and BCM578XX.
- FreeBSD now can build LLDB, though you have to do it on purpose.
- FreeBSD’s arcmsr(4) driver for Areca hardware has been updated. (Areca supports BSD; buy them)
- NetBSD has Renesas and ASIX AX88179 USB support.
- NetBSD has a preliminary NVIDIA Geforce driver.
- NetBSD has updated to dhcpcd-6.1.0.
- NetBSD has updated to tzcode 2013e.
- QNAP V200 boards all have the same MAC? Weird.
- OpenBSD updated a large number of xenocara windowing parts.
- The pkgsrc-2013Q3 freeze is on from now to the 29th.
It’s possible your Internet service provider uses a non-routeable IP range (like 10.*) and occasionally your border device picks that up via DHCP by accident instead of an Internet address. If that happens to you, and you’re using DragonFly as your border gateway, it’s possible to prevent it with
The May issue of BSD Magazine is out with a number of pf articles, plus others.