Would someone mind taking a few seconds and telling me if this pf.conf is a reasonable starting point for a phyiscal machine directly connected to the internet as well as internal networks? bsd.to/PytG (reasonable: only ssh in on internal interface from trusted networks, dont allow outbound traffic to lan)

Title: dpaste/PytG (Plain Text)

justinw, the one thing that I see is I think you have the ssh line reversed: the way I understand it, it says "machines on an internal network may ssh out to mgmt_ip".

Thanks for taking the time to look. I'll read up on Pf a bit more. It does currently allow me to ssh in... but with firewall rules I'm always worried I'm allowing more than the minimum I need.

The eventual goal will be NAT port forwarding to jails, but for now I just want a reasonable secure baseline config.

*reasonably

hey, quick question. if i have a single drive pool. and i use zpool-attach, adding another drive to it, then it becomes a mirror automatically right? now i have 2 drives, same 2tb (different vendor though). but cannot move my files to a 3rd one... so, question is, whether there could be any hiccup during this? like for example if one drive is slightly smaller|bigger than the other?

randombit, zfs uses partitioning to give itself some slack with regards to exact drive size so it should be fine

if the new drive is significantly bigger, it is also fine, although you will only get usable space equal to the old drive (I have done this on my zroot)

it is recommended to use partitions so that you know the sizes and have no problem if the second drive slightly smaller (as long as it isn't smaller than the partition on the first drive, just make a matching partition on the second drive

partitions are also required for booting

well im gonna use partition anyways. i was aware that if the second drive|partition is bigger, than its no problem, as will only use same sized part of it. i was rather concerned if its smaller.

btw i copied some files to an NTFS partition. then accesed it from Win. yet, some folders were "not accessible" win saying, they are on another machine? or something? then tried to access folder again, then it disappeared xD. any idea? now those files are gone...

never seen this before. just curious.

other files, folders are fine. happened to only a few. so im guessing there was some problem during copying them. or idk.

unfortunately didnt make a screenshot.

so i cannot recall the exact message. but was about the folders not there, and being "elsewhere". or something. which is nonsense.

randombit: you'll also want to ensure you're attaching it as a mirror device, otherwise you'll end up attaching it as a stripe.

Seriously, debdrup ?

Dehumanization?

Hello! I continue to learn the FreeBSD operating system from the HandBook. Please tell me, is it possible to install and run graphical applications inside the jail?

we have a wiki page on that

meena: This page? wiki.freebsd.org/Jails

Title: Jails - FreeBSD Wiki

Title: JailingGUIApplications - FreeBSD Wiki

Please excuse the silly questions, I will search more information on the Internet.

Kit_Leopold: it's okay to ask questions

it can direct research

sometimes stumbling around in the dark and falling on your face can be a learning experience, but the field of rakes that us old folks had to stumble thru was way way smaller

the Internet is so much bigger these days, and it's really hard to filter, it's your don't already have fairly solid experience

like, the other day, somebody here was debugging an application that was really slow on FreeBSD but okay on Linux. and as soon as i heard that, I knew what it could be. but I had to get them to run dtruss against the software to confirm that, or failing that, show other directions for other ideas

Those are good words, thank you. I'll try not to ask stupid questions.

meena: Sorry, I didn't understand your last message.

what I'm getting at is: there's always a vast space for what can be wrong with a piece of, and experience can lead you into good directions for debugging, but you can't jump the gun. you have to confirm your hypothesis

but, while you're still learning your capacity to even make meaningful hypothesises is severely limited by your knowledge and the models you've built in your head from that knowledge, so asking questions can help expand that knowledge or those models in the right directions

excellently put

and even people with loads of experience come here to ask for help and directions. I do on a weekly basis, and i have 22 years of Unix experience

Now I understand you, you formulated and wrote your message very well.

I think winter is finally over and my brain is starting to work again

meena, for my part I think it will take another month

And I occasionally need people to point out to me that even if 22 comes after 13, June 22 is before July 13.

meena: what was the thing that was slow on FBSD but ok on linux? and was it an fdescfs thing?

dch: gitea, doing about 40000 get_clocktimes / nanosleeps, instead of using $poll

meena: aah good to know

I hope they submitted a bug

debdrup, but the man page says for zpool-attach, that it automatically sets it to mirror. or am i missing something?

randombit: right, I was misremembering zpool-add(8) as zpool-attach(8)

debdrup, okey np, then hopefully it will be fine. thanks for reply.