imgur.com/a/skNCb8H uh what now (last image)

what IS an ifconfig "group"?

just an administrative convenience as far as I know

would the system slow down if i tried to set like 10,000 tap# interfaces in cloned_interfaces?

shrug

that seems rather a lot?

what do jails do?

os level virtualization

eh, not really virtualization

more like sandboxing? (i still don't fully understand what sandboxing does)

a jail provides restricted access to some part of the filesystem, and restricted access to other system facilities subject to various configuration options

so it's like how a flatpak is on linux?

they're a system for making apps only have certain permissions and access to some files

i think

jails aren't usually used for user applications, but are often used for running services, so that a service can't access stuff belonging to other services or the host

it's like chroot in linux?

but better

a jail can either have restricted access to some of the host's IP addresses, or it can have its own private networking stack so it looks like a separate host (vnet jail)

it's more restrictive than a chroot

yeah

someone in #archlinux-offtopic said that jails are like an evolution of chroots, would that be correct?

ya

check out the jails handbook page

Will do then, I've never used *BSD before except for a very frustrating half hour with OpenBSD.

FreeBSD is kind of more Linux user friendly, since it has stuff like wine and nvidia drivers.

I know package management is hell for someone used to pacman on NetBSD and OpenBSD, is this the same with FreeBSD's package manager?

pkg install whatever

pkg remove whatever

pretty easy

pkg update

pkg upgrade

a few other commands but that's the main ones

are you actually allowed to search package repos from the command line?

search for what?

pkg rquery is a thing

what's pcib0? i get AE_NOT_FOUND for it in /var/log/messages

pcib = PCI bus

like with pacman i can "pacman -Ss keyword" and it spits out a list of packages matching keyword, is that similar to how rquery does things?

well ya

zayd: not quite, but you can do equivalent things

polyex: what is your real question?

why does running su say "su: Sorry"?

that you are not in wheel group (probably, if you entered the password correctly)

yuripv: yeah that was it

why doesn't freebsd symlink /bin as /usr/bin and keep them separate?

sorry for all the questions, i have no idea what i'm doing with this

i put config.conf in /etc/rc.conf.d/ and it's not getting picked up. i thought that's how we're supposed to do it?

how did you check?

(note that you need to name the file exactly as the service is named, e.g. /etc/rc.conf.d/nfsd for /etc/rc.d/nfsd)

oh wow i had no idea that rc.conf.d files were that tightly coupled

that's kinda weird

what's a format string?

zayd: what's the context?

yuripv: trying to use pkg rquery

yuripv where does it say that rc.conf.d files have to be named after the service they're for? man rc.conf doesn't saythat

it's in there in pkg-rquery man page? :)

oh fish hadn't generated a completion for that, my bad

polyex: it does (in a way, could be documented better) "you can also place smaller configuration files for each rc(8) script in the /etc/rc.conf.d directory ... which will be included by the load_rc_config function", so you could *guess* it :D

yikes

oh. didn't realise pkg search was a thing, that makes things much easier

yuripv well how do i set defaultrouter? no rc.d file PROVIDEs it

ok got it

when i'm running bhyve for the first time to install the OS on a vm guest, the initial boot screen is there for 10 seconds. any way to disable it? AFTER the OS is installed it's not a prob because i set autoboot_delay="-1" in /boot/loader.conf. it's the first boot i can't figure out how to change

how do i disable moused from running?

sysrc disable moused

sysrc stop moused

apologies, i might have that confused. service moused disable, service moused stop

this doc goes over the services in general: docs.freebsd.org/en/books/handbook/config

Title: Chapter 14. Configuration, Services, Logging and Power Management | FreeBSD Documentation Portal

if i do a scripted bsdinstall, how do i make it install the services from the system configuration screen? like sshd, local unbound, etc

if i do a scripted bsdinstall, how do i make it install the services from the system configuration screen? like sshd, local unbound, etc

any benefit to using local_unbound vs unbound from pkgs?

there any way to firewall based on domain? basically i wanna be able to block every domain then just whitelist domains i want to function normally. resolve their dns, network traffic that gets through the firewall, etc

yes, you can block entire domains on firewall level

how?

angry_vincent ^

there are many many guides on the web

which tech does it? because i know pf doesn't

pf does it too

wait how? just give me 1 example rule that shows it pls

via tables

but you gotta put ips in the tables not domains no?

polyex: yeah. i think you can't block based on domains, since connections are not made by the hostname. also different domains can share the same ip

well i read and i think angry_vincent is right. but the danger is if the dns server doesn't start first, and pf can't resolve domains in its tables when it starts, it will fail to start

polyex: you might add ips dynamically based on successful dns lookups, sounds like a fun project to implement

i think RhodiumToad was saying ipfw can do it though

if that's true i'll just switch to it from pf

the networking layer never gets to see the hostname, so i don't know how it would work at all

and if you give hostnames to pf, i think it has to resolve them into ip(s) before putting them into the filter rules

ya it does

So if someone wanted to make a pi-hole thing work in FreeBSD, they just use pf?

how would it work? never used a pi hole

pi-hole is a DNS adblocker which uses a custom fork for dnsmasq

Title: Pi-hole – Network-wide Ad Blocking

I'm looking into doing this using unbound from ports

i wonder why it used dnsmasq and not unbound?

ya i wanna do it too

Beats me

I read unbound is much better and more secure

maybe it's just the authors preference

and good enough for small home networks

but yeah, seems pi-hole is dns only, so browsers (etc) could ignore it by using dns over http

I'm interested in taking advantage of this blocklist (which consists of many blocklists) to feed into an unbound config, but it sounds like I'm better of using pf instead: oisd.nl

Title: oisd | domain blocklist

what does the "| cat" part do in `env ASSUME_ALWAYS_YES=YES pkg bootstrap -f | cat`?

at least sometimes | cat is used to remove the effect of other commands like 'less' which may be hidden somewhere in previous ones

hmm, what's that mean?

I suppose that means since less functions as a curses TUI and piping to cat helps get all the paging content to stdout?

so like a way to collect interactive output into a single output?

That's what I'm inferring atm

nice ty

...well, it would be better for la_mettrie to verify that.

i verify

ty

phew

:)

git grep <blah blah> | cat ...is classic

is </dev/null the same as < /dev/null or is space significant?

CueXXIII: btw, I wanted to say thanks sharing about the pf solution. It really made a lot more sense, kind of a "oh, no duh" thing. A simpler and more powerful approach.

kenrap what was the pf solution?

doing the ad blocking at the firewall-level

but how does that actually work?

of course, it would have to be done with a blocklist of IP addresses instead because DNS is for resolving domains to IPs

you would have find existing trusted blocklists of known bad ips.

kenrap: you'd have to get toe ip addresses first. and they may belong to different subnets for one domain; actually you never know until you look them up

I see...

I'm still new to learning this stuff

me too

Been trying to drill this knowledge into my head for the past couple of days. It's been a lot of head-to-desk banging since thing.

*since then

ya srsly

kenrap: assume you want to whitelist freebsd.org; www.freebsd.org, man.freebsd.org and mx1.freebsd eg. are 3 different hosts

+.org

hmm, a whitelisting approach?

or block for that example

and i guess there are a lot more hosts reachable under the freebsd.org dns domain

Ah

interesting

same gose for other big websites

Ah, that makes sense now and connects more dots since freebsd.org would use a "recursive" DNS configuration.

Much like any other big site, like you said.

You just opened up more synapses in my brain :)

I need to pick your brain more often.

time for me to take some excederin :D

hmm scripted bsdinstall fails when i put pkg bootstrap -f | cat in the post-install section

doesn't resolve the host

how does it fail? what is `pkg bootstrap -f | cat` supposed to achieve? questions, questions…

07:37 <polyex> i wonder why it used dnsmasq and not unbound? ⬅️ because it's called *pi* hole, implying it's a DNS sinkhole made to be run on tiny devices, like Raspberry PIs, before they became power hungry copaganda devices

i don't like the fact that i'm starting to enjoy using freebsd a bit

how do i use xrandr to set my resolution to 1920x1080? the highest available in mate's display settings is 1280x720 but i know my host's screen size is 1920x1080

kevans: hi! may i ask in pm?

xrandr -q to see the list of displays and their resolutions, then something like xrandr --output the_output_from_-q 1920x1080

err xrandr --output the_output --mode 1920x1080

rsjw: i got this, the one on the bottom is from the command you sent bsd.to/vsie

Title: dpaste/vsie (Plain Text)

the output should be something like DP1 or eDP-1

DP stands for display port, the hardware connection that the video chipset knows about

if you had a VGA monitor, it might by called VGA or some variation thereof

i'm not seeing anything matching DP1, eDP-1, or HDMI-A-1 on here. i'm running this in a virtual machine by the way, it's not an actual monitor

can you paste the output of xrandr -q?

rsjw: bsd.to/aBuN

Title: dpaste/aBuN (Plain Text)

it looks like your output is named "default"

I'm a little confused by the line that describes the 1920x1080 mode. try one of these (in this order) to see if it works:

xrandr --output default --mode 1920x1080

xrandr --output default --mode 1920x1080_60

xrandr --output default --mode 1920x1080_60.00

none of those worked, all said "xrandr: cannot find mode (mode)"

am i just being really stupid or something

no, you're not. I've done it before and it was just as I said, although that one line is a little different than mine, so that might mean you have to do something a little different, I'm not sure

of course, I wasn't trying to do it under a VM

try xrandr --output default --mode 0x566

I'd look at your VM settings to see if it can present a larger screen to FreeBSD. it says "default connected primary 1280x720+0+0" but one of the modes says 1920x1080 which is bigger

so as a wild guess, maybe the VM software is telling FreeBSD that the monitor is 1280x720, but when FreeBSD queries the monitor, it gets a mode with a larger size

so maybe tell your VM software to imitate a 1920x1080 monitor instead of just a 1280x720 one

(also, it says "Screen 0: ... maximum 1280 x 768", supporting this theory)

what's the freebsd kernel called? is it just "the freebsd kernel"?

FreeBSD is not a kernel. It's a complete OS. It is; "FreeBSD". This is not Linux.

Is it considered rude to bump a thread on the bugzilla? I sent a patch for www/caddy and the maintainer seemed OK with it after some changes, but hasn't responded since the "final" patch I sent wednesday. I wonder if he hasn't seen the notification e-mail?

tercaL: I know FreeBSD isn't just a kernel, i'm asking what the kernel itself is called

it's probably just called "freebsd kernel"

what else...

ok thanks, i know macos/darwin has "XNU" as their kernel name so figured i should ask

darwin was released in 2000, macos in 2001 and XNU in 1996. they have originally been separated things, hence the separated names

tmtt: it's the weekend tho, so who knows what they're up to

meena: You're right

test

zayd: there was project that packaged together the FreeBSD kernel and the GNU userland and called the FreeBSD kernel kFreeBSD, but that's particular to that project, not FreeBSD. wiki.debian.org/Debian_GNU/kFreeBSD

Title: Debian_GNU/kFreeBSD - Debian Wiki

at the end of a command string, is `</dev/null` the same as `< /dev/null` or is white space significant?

polyex: only in (t)csh

tcsh is weird about white space

oh hm so for max portability i need to remove the space?

tcsh isn't really compatible with anything

ok well i'm in a fresh system as root and my shell is csh, so it comes up

so for max portability i need to remove the space?

in other words does (t)csh require the space or lack of space?

I cannot recommend writing scripts for csh

it's the default for fbsd root

sh should be the default

at least now

k but not my point. ffs, the point is csh is the default for root ATM so making commands compatible with it makes sense to me but not meena

just confused by that

you can put spaces in there all you want, if it helps you with readability, but honestly, all i do is shellcheck.net

Title: ShellCheck – shell script analysis tool

anyway, csh isn't compatible with sh / bash, ksh, zsh

if you want something that's extra incompatible, but also usable for scripting, i suggest fish :D

so if csh sucks so bad why is it the default for fbsd root?

it isn't, sh is.

no it isn't

it used to be.

whicin 13.2 it's not

I'm on 14.0

so it's been changed?

yes

cool

so as not to have that issue anymore

but the reason we make root's shell sh (now since 14?), or csh before is because they are in Base

also cool that you talk about an unreleased version as if it's the state of the OS lol

great communication skills engineer

you can't pkg upgrade your root shell into pieces

14 is about to drop on Halloween.

spooky

it's been working great for me since BETA2

it is (was) default shell for interactive use, no one is forcing you to write scripts in csh

14 have anything big?

home directly is finally /home

damn that's nice

that too isn't something that was really forced, just changing the default

we got virtio drivers for 2D GPU on ARM

im making a scripted bsdinstall in a bhyve vm. after the preamble i try to pkg bootstrap, but before bsdinstall reboots i can see in the output that it can't resolve the freebsd.org domain. what am i doing wrong?

polyex: what does your script look like?

meena termbin.com/3adk

will a scripted bsdinstall environment have a dhcp connection normally or do we have to configure it and bring it up after the preamble?

polyex: i think dhcp is the default. but i could be wrong.

polyex: man 8 bsdinstall comes with an example on how to set it to dhcp

SKull so dhcp isn't initialized by default during a scripted bsdinstall?

SKull: it should be, but… i think… i would be explicit

polyex: i think it is, but if you want to make sure just put sysrc ifconfig_DEFAULT=DHCP in your bsdinstall script

doesn't the #! need to be the first thing in the file?

meena: yeah, i'd be explicit as well. but more out of principle than anything else

rsjw: bsdinstall is weird

SKull are you explicit in your configs with everything that's already set that way by default?

rsjw: according to the manpage, yes. i expect people to read it so i didn't think i'd have to mention it

polyex: yeah, because otherwise i have to remember defaults. and i'm not good in terms of remembering things ^^

rsjw i guess not because if you look at the examples in man bsdinstall, shebang comes after the preamble

well nothing in bsdinstall says it starts dhcp automatically so hmm maybe we do have to make it explicit

how can i make the scripted bsdinstall env use dhcp ONCE, but not write anything into /etc/rc.conf or anywhere else? it has a static ip config it needs to use after the reboot

maybe just add "dhclient vnet0" after the preamble?

that failed

says that interface doesn't exist

what interface is it?

vnet0 is what i put

oops

vtnet0 ?

:P

dhcp works now

ok so it DOES need to be explicit, and dhclient vtnet0 works for a temporary connection

i mean dhclient will litter it's lease and shit, if it's not in rc.conf it won't try again

huh?

what

i guess dhclient doesn't have -a anymore; or perhaps that's only isc dhclient

so it's ok to use dhclient like i am for a temporary connection?

yeah, why wouldn't it be

there any way to have dns resolution working during scripted bsdinstall before pkg is bootstrapped?

set up a resolv.conf ? dhclient should do it

does anyone else's var/run behave weirdly? bsd.to/d8ow

Title: dpaste/d8ow (Plain Text)

i'm just wondering if i can do this without dhcp. so i can do service netif start to bring up IP, but i don't have unbound installed yet to have resolution going, so i can't bootstrap pkg

you can't use the network's resolver ip then

?

?

is there a command to temporarily set an ip to use for resolution?

echo "nameserver 1.1.1.1" > /etc/resolv.conf

i don't want the change permanent though, only during the scripted bsdinstall

because once network is up, i'll bootstrap pkg, install unbound pkg, then that'll be used upon reboot

you don't go about things the less difficult way, do you ?

well dhcp requires a dhcp server and i wanna make this self contained to start

hosts or resolv.conf are the only way afaik

can we tell dhclient to use a specific ip?

sure; set a fixed-address on your dhcp server

i'm stuck at trying to wrap my brain about not having a dhcp server on the network

you might be able to do something with resolvconf(8) but i've never looked at it

or at least it might be able to undo the damage on the other side

i have a problem with poudriere and nfs

my /usr/local/poudriere/data/packages is on a nfs server

so the packages i build on my host are supposed to be on another server

thing is, nfsv4 doesn't allow the packages to be chown'd to nobody

before the package step, there's always a line "No name and/or group mapping for uid,gid:(65534,-1)"

previously i wasn't even able to save the package via nfs, now it works but with non-ideal exports mapall=root:wheel

and obviously the resulted files are not chown'd to nobody, but stay on root user

what would be the proper fix for that?

i use nfsv4, because with nfsv3 i had lots of "NLM: failed to contact remote rpcbind, stat = 0, port = 0" which resulted in damaged packages

rtprio ok in the scripted bsdinstall in echo "nameserver 1.1.1.1" > /etc/resolv.conf, then i run service netif start. i can see IP comes up before the reboot but name resolution fails. know why?

after the reboot, i can resolve from the terminal after logging in, so i know the resolv file is getting set up right

no i don't know

i wonder what dhclient vtnet0 does that service netif start doesn't?