ceri: specify an interface and it'll add an alias automatically. jail(8) explains it.

Hi all, if your coming to freebsd as a new user and choosing a firewall, why would you NOT choose PF and instead choose ipfw?

P-NuT: main reason: your number one goto person for FreeBSD questions uses ipfw. other reason: you want JITed BPF

For the ignorant new user, which firewall would you say most freebsd users use? PF?

I use pf, because that's what I started with. other people use ipfw because that's what they started with

+1 for pf

P-NuT: you can just look at both things, and see which syntax you're more comfortable with 🤷🏻‍♀️

I use ipfw because, at a glance, the syntax looked more fitting for my thought process

At home I have ipfw; at work have pf which I had set up after said ipfw, for ipfw shows horrible date-time format

Ha! Joke is on me as "pfctl" shows the same format💩

So a toss-up

( also shows I had not used any pfctl option|command that would list the time until now (in manual page))

It was all lies! I got the impression (from "zfsprops" manual page on 13.1 & klarasystems.com/articles/nfs-shares-with-zfs) that "sharenfs" ZFS dataset property does not require "mountd" interaction (have some datasets in /etc/exports). But on the server I get the message that access to the client was denied.

Title: NFS Shares with ZFS | Klara Inc

... wanting to avoid "reload" "mountd" as that would invalidate current NFS mounts; have to wait for longer to go back to /etc/exports *phhbbbtt*

don't use sharenfs property, use /etc/exports

sharenfs is very limited, you can't for example share a dataset rw to 1.2.3.4 and ro to 2.3.4.5

mage, Yeah, lesson learned. No quick-way for me

ravella: it sounds like a really rare race condition with the rc.d scripts for routing and netif - could you file a report for it on bugs.freebsd.org ?

Title: FreeBSD Bugzilla Main Page

ceri: youtube.com/watch?v=S3u8OtjfGFE has what I consider the best way of handling jails (I'd love it if the methods described in this talk were in the handbook, but I haven't found the energy for it)

Title: 20 Years of FreeBSD Jails (2019) - YouTube

meena: no used server parts market available to you online or offline?

debdrup: not enough funds

meena: aaah, yeah I know that struggle

parv: what's wrong with the date-time format? There's both -t and -T for ctime converted listings as well as epoch based.

At least for ipfw, I can't speak for pf.

I spoke about ipfw vs pf syntax yesterday and about how I think people prefer whichever one they used first; I forgot to mention that a necessary correlary of that is that it's also the one they've used most.

I started with ipfw because pf didn't exist yet. When I returned to FreeBSD, I used pf because it felt better supported and documented than ipfw.

debdrup, does that video have a usable transcript or an associated blog post?

(the jails one)

V_PauAmma_V: sorry, I don't know.

I'm sure you can find the slides.

V_PauAmma_V: it has a book

(I'm uncomfortable with borrowing from that book to add to the handbook. That feels like poor form.)

V_PauAmma_V: you can always ask Michael if he'd mind you using the parts of the presentation

CTRL+ALT+Fn does nothing in Xorg. In CLI, only F4 and F7 respond, making it impossible to return to v0. Any clue?

kodcode: that doesn't make sense, but try pressing print screen as that cycles the TTYs.

Also, make sure you haven't scroll locked the TTYs.

*sigh* ok, so i'm trying to validate the release checksum file with pgp, and the keys are nowhere. i even found a bug report saying this is hard to find

Demosthenex: I'm not sure I understand what you mean; they're on docs.freebsd.org/en/articles/pgpkeys or docs.freebsd.org/pgpkeys/pgpkeys.txt for the complete keyring

Title: OpenPGP Keys | FreeBSD Documentation Portal

debdrup: PrtScr got my to v7, stuck there (I am not in xorg now).

kodcode: again, are you sure you aren't scroll locked?

debdrup: what do you mean with scroll locked?

kodcode: pressing the scroll lock key makes it possible to scroll up and down a text console like sc(4) and vt(4)

The behaviour predates the original PC/AT spec by some considerable amount, but I'm not exactly sure where it was introduced.

debdrup: on my laptop keyboard, there isn't a scroll lock key

Welp, then I'm not sure what it could be.

debdrup: maybe I can paste here /etc/tty ?

kodcode: don't paste into the chat, use a pastebin.

That looks right to me.

debdrup: OK. So I just plugged in a USB keyboard and everything works fine with that. So it must have to do something with my laptop's keyboard.

The keys work, maybe not mapped right?

OK. Solved. Thanks..

Every reboot the F keys work as multi media keys again, had to disable this in BIOS

hello there. I had to change a dead cpu on freshly installed freebsd 14. The system boot as expected but when I try to fetch a random page on internet with firefox. This one hangs forever and I don't get the content. I have tried with curl it works, try to upgrade ca_root_nss without success too. Any idea ?

Should I try to reinstall FF ?

weird... everything work as expected . excepted firefox

Midjak: yeah, strange. what if you try to load a local URL? say "file://"

I am trying

well it works now... in the meantime the page is displayed

and I can fetch another page

I had an issue with the system time at the first time. Maybe is related ?

oh well

heh who knows

may be due to the fact that I ran a portmaster -a in parallel

thanks anyway

Demosthenex: your mention of PGP, in part, helped remind me that I needed to extend mine.

wow, ports management have never been so good.

(has*)

Midjak: clearly you've never tried poudriere. :P

no but I think I will build all my freebsd package from this one. So I think I am going to give a look to poudriere.

debdrup: i'm going a gpgv -v CHECKSUM... and fails, even though i imported the keyring

wild

one day, i am going to learn what's wrong with pkg install

i pulled the whole pgpkeys.txt and did a gpg --import pgpkeys.txt, and it imported 512 keys

ok, nvm. using gpg directly instead of gpgv it passed.

Oh, I thought you were using gpg2 --verify.

gpgv2, in part, gives me this: keyblock resource '/home/debdrup/.gnupg/trustedkeys.kbx': General error - which I'm not sure how to parse, because GPGs documentation isn't... great.

yeah, i was just used to gpgv. my bad

I'm trying to add encrypted device (actually geli encrypted gpt partition on a device) back to zpool as spare, but when zpool detects the spare it triest to rebuild mirror from it, but it immidiately detaches the geli device

And then the rebuild fails ofcourse and spare vdev is gone too

Hello! Please tell me what size swap partition I will need to create if my computer has 16 gigabytes of RAM and I am going to put my system into sleep mode? Do I need to make the swap partition equal to 32 gigabytes?

Kit_Leopold: You'll be fine with the default of 2GB for swap space.

If you want to make it larger, you can. However, I highly doubt it would be needed.

ek: I have a home computer. I'm going to install the KDE Plsma 5 graphical environment and sometimes leave the computer on for a long time, then it will go to sleep on its own. Will a small swap partition prevent the operating system from going to sleep?

Kit_Leopold: I have a laptop using root on ZFS with 12GB RAM and the default 2GB swap partition. I'm able to put it to sleep and wake it up without any issues.

could a bigger nvme (not mounted) cause freebsd zfs slower to shutdown ?

ek: Thank you for your reply.

hernan: If it's unmounted, I don't see how it possibly could.

Kit_Leopold: Note that sleep and hibernate are two distinct things. To support hibernation you need swap at least as large as your RAM.

mason: Hello! Yes, I made a mistake confusing sleep and hibernation.

meena: nothing is wrong with pkg install (in fact in the recommended setup of building your own pkg repo with poudriere to use ports you need pkg install), but sometimes you want to have packages with other options than the default ones (that's why options exist) so you have to build them yourself instead of using the official pkg repos

nimaje: i always just badger porters to make *my* options the default.

I'm still thinking about installing the FreeBSD operating system. I currently have Gentoo Linux operating system installed. FreeBSD attracted me because there are ready-made packages and at the same time there is a collection of ports that you can configure yourself before installation. I have already seen the disadvantages of the FreeBSD system for myself - these are problems with the Steam game client and less hardware support. Please

tell me, what other disadvantages of the FreeBSD operating system can I encounter when moving from one operating system to another?

Kit_Leopold: it really depends on what you use your computer for…

i don't use my computers for gaming for example, and I gave up on Steam when their client was super buggy on Unix…

I use computers mostly for … programming. Which is very meta, i guess.

my options are not always reasonable default options, like not wanting any mdns support or wanting rssguard without webengine

meena: Home computer. I visit pages on the Internet (using the FireFox browser), listen to music, watch movies, display an image from a computer on a large TV screen, study the Emacs text editor to keep my notes.

Kit_Leopold, I think you will be fine with most of your needs. However remember that, if you ever need something that works on Linux or Windows, but does not work on FreeBSD through linuxulator or wine, you can always install a virtual machine

All the programs that I use, I have already found in the packages of the FreeBSD operating system.

for example I often play hacking challenges that require to run compiled linux software or software that has not been ported on FreeBSD yet: I use virtual box in those cases

sphex, debdrup: thanks. the interface spec worked, just isn't mentioned in any documentation other than jail(8) as far as I can see. all good now, ta

meena, salvadore: Thank you for your answers, they give me confidence!

you're welcome Kit_Leopold, and remember, if you ever find something on FreeBSD that does not work, we accept bug reports and patches :)

salvadore: What virtual machine are you using?

I have run Kali Linux, OpenSuse, Windows (I think 11) and also other versions of FreeBSD. All of them on Virtual Box.

salvadore: I'm not going to install the FreeBSD operating system right now, I want to finish reading the FreeBSD HandBook in its entirety and write out the important points in this book for me.

and a few virtual machines from vulnhub

Kit_Leopold, I guess you can also install Virtual Box on Gentoo Linux and play with FreeBSD on it, if you want

it would allow you to practice with it while you read the handbook

salvadore: It's a good idea. Thank you for your help and replies.

Does any of you use acme.sh to get ssl certificates?

i use acme.sh

souji: ^^^

thorongil: do you generate your certificates using the root user or the acme user?

I am not sure whats the best way.

i have a dedicated user. i require as little as possible to run as root.

I used in the past for stuff like that the root user, but now I saw the acme user is created when I install acme.sh

the only thing i do as root is poke the deamons to pick up the new certs

The acme user would be only for this purpose, then. Thx^^

yep

I use certbot, which in turn uses py-acme.

i like the simplicity of a pure sh implementation, but i am kind of a luddite

mariuss: I used certbot that in the past, but did not want to use it on that machine because of the python dependencies.

+ I wanted to try something new

souji: understood. However, I've got both apache24 and nginx servers. It takes care of both.

i'm looking to write a simple user-space networking stack for funsies. it seems like vde2 would satisfy my needs but i'm wondering if there is a superior alternative on freebsd. any ideas? is this something that would be appropriate to ask on the -net mailing list?

arg, looks like this is an issue: bugs.freebsd.org/bugzilla/show_bug.cgi?id=258987

Title: 258987 – 13.0-RELEASE installer broken redundancy with UEFI and ZFS

i just confirmed my second disk efi partition is not formatted