« FreeBSD » : différence entre les versions

De PN Wiki
Aller à la navigation Aller à la recherche
← Modification précédenteModification suivante →
Ligne 57 : Ligne 57 :
14.3-RELEASE-p6_2025-12-19_121434 -      -          927M  2025-12-19 12:14
14.3-RELEASE-p6_2025-12-19_121434 -      -          927M  2025-12-19 12:14
default                          NR    /          814G  2023-12-01 23:34
default                          NR    /          814G  2023-12-01 23:34
<pre>
</pre>
Check that the active Boot Envionment is the default (NR set on default).
Check that the active Boot Envionment is the default (NR set on default).


Version du 24 décembre 2025 à 10:14

Named

Manually updating a Dynamic controlled zone

"If you have to edit the zone files of dynamic zones manually while the DNS server is running, you'll have to freeze the zones with # rndc freeze <myzone> before editing and unfreeze them with # rndc thaw <myzone> after editing. This is because named(8) has internal state information and external journal files attached to dynamic zones that have to be kept in sync with the zone files[1]".

Rsync

To delete files in the target if they disappeared from the source, then add the --delete option to your command. For example:

rsync -avh source/ dest/ --delete
NB: -avh is for --archive --verbose --human-readable[2].

Migration of folders to a new server

One shot

rsync -av /var/db/ports/ root@newice3:/var/db/ports/
rsync -av /etc/ root@newice3:/etc/oldice3/
rsync -av /usr/local/etc/ root@newice3:/usr/local/etc/oldice3/
rsync -av /etc/ssh/ssh_config /etc/ssh/sshd_config newice3:/etc/ssh/
rsync -av /etc/banner /etc/motd.template /etc/pki/ newice3:/etc/
rsync -av /etc/pki/ newice3:/etc/pki/
rsync -av /usr/local/lib/sasl2/smtpd.conf root@newice3:/usr/local/lib/sasl2/
rsync -av /var/ftp/ newice3:/var/ftp/

1 full + diff at the migration time

rsync -av --exclude={'rc.d','oldice3','newice3','namedb','openvpn','pkg.conf','portsnap.conf'} /usr/local/etc/ root@newice3:/usr/local/etc/ --delete --dry-run
rsync -av /etc/pf.blocked.ip.conf root@newice3:/etc/ --dry-run
rsync -av /etc/pf.blocked.webspam.conf root@newice3:/etc/ --dry-run
rsync -av /etc/pf.blocked.webspam_awstats.conf root@newice3:/etc/ --dry-run
rsync -av /root/ root@newice3:/root/ --delete --dry-run
rsync -av /home/ root@newice3:/home/ --delete --dry-run
rsync -av /var/www/ root@newice3:/var/www/ --delete --dry-run
rsync -av /usr/local/www/ root@newice3:/usr/local/www/ --delete --dry-run
rsync -av /var/log/ root@newice3:/var/log/oldice3/ --delete --dry-run
rsync -av /var/awstats/ root@newice3:/var/awstats/ --delete --dry-run
rsync -av /var/log/www/ root@newice3:/var/log/www/ --delete --dry-run
rsync -av /var/db/fail2ban/ root@newice3:/var/db/fail2ban/ --delete --dry-run
rsync -av /var/db/mysql/ root@newice3:/var/db/mysql/ --delete --dry-run (to do when mysql server is off)

Nginx

Maxmind

Country based filtering can be performed in nginx thanks to the free Maxmind databases.

A cron job shall be used to update these databases on a daily basis[3]

ZFS snapshots

FreeBSD creates a snapshot at each FreeBSD update (freebsd-update fetch && freebsd-update install). These snapshots are not needed anymore should your system restarts & runs correctly. Moreover they take loads of space on your hardrive.

Procedure to delete : 

root@icecube BSD:~ # bectl list
BE                                Active Mountpoint Space Created
14.3-RELEASE-p6_2025-12-19_121434 -      -          927M  2025-12-19 12:14
default                           NR     /          814G  2023-12-01 23:34

Check that the active Boot Envionment is the default (NR set on default). 

root@icecube BSD:~ # zfs list -t snapshot
NAME                                       USED  AVAIL  REFER  MOUNTPOINT
zroot/ROOT/default@2025-12-19-12:14:34-0   927M      -   812G  -

root@icecube BSD:~ # bectl destroy 14.3-RELEASE-p6_2025-12-19_121434

Results in: 

root@icecube BSD:~ # bectl list
BE      Active Mountpoint Space Created
default NR     /          813G  2023-12-01 23:34
root@icecube BSD:~ # zfs list -t snapshot
no datasets available

Reboot or no reboot after a minor system upgrade ?

After a system upgrade performed thanks to : 

root@icecube BSD:~ # freebsd-update fetch
root@icecube BSD:~ # freebsd-update install

If the output of these two commands differs, then reboot your system: 

root@icecube BSD:~ # freebsd-version -k
14.3-RELEASE-p7
root@icecube BSD:~ # uname -r
14.3-RELEASE-p7

PF

After a reboot of FreeBSD, PF may fail to start due to tables being too big (i.e. > 100k entries).
This is explained here with a quick & dirty non-permanent fix :
https://forums.freebsd.org/threads/table-loading-in-pf-issues.86101/#post-577832

  1. First load the PF Options only (specific to big tables handling): pfctl -Of /etc/pf.conf
  2. Then restart PF the usual way

References

  1. https://forums.freebsd.org/threads/dynamic-dns-with-bind-and-isc-dhcp-server.33849/
  2. https://askubuntu.com/a/665918
  3. https://herrbischoff.com/2021/05/nginx-how-to-restrict-access-by-geographical-location-on-freebsd/
Récupérée de "https://wiki.deprelledelanieppe.be/mediawiki/index.php?title=FreeBSD&oldid=940"