High Availability Router/Firewall Using OpenBSD, CARP, pfsync, and ifstated, Building the Development Version of Emacs on NetBSD, rc.d belongs in libexec, not etc, FreeBSD 11.3 EOL, OPNsense 20.7.1 Released, MidnightBSD 1.2.7 out, and more.
This episode of BSDNow is brought to you by Tarsnap
I have been running OpenBSD on a Soekris net5501 for my router/firewall since early 2012. Because I run a multitude of services on this system (more on that later), the meager 500Mhz AMD Geode + 512MB SDRAM was starting to get a little sluggish while trying to do anything via the terminal. Despite the perceived performance hit during interactive SSH sessions, it still supported a full 100Mbit connection with NAT, so I wasn’t overly eager to change anything. Luckily though, my ISP increased the bandwidth available on my plan tier to 150Mbit+. Unfortunately, the Soekris only contained 4xVIA Rhine Fast Ethernet. So now, I was using a slow system and wasting money by not being able to fully utilize my connection.
I hadn’t really planned on installing a NetBSD VM (after doing all the other two BSDs), but then a NetBSD-related Emacs bug report arrived.
Let’s open with the controversy: the scripts that live under /etc/rc.d/ in FreeBSD, NetBSD, and OpenBSD are in the wrong place. They all should live in /libexec/rc.d/ because they are code, not configuration.
This misplacement is something that has bugged me for ages but I never had the energy to open this can of worms back when I was very involved in NetBSD. I suspect it would have been a draining discussion and a very difficult thing to change.
As of September 30, 2020, FreeBSD 11.3 will reach end-of-life and will no longer
be supported by the FreeBSD Security Team. Users of FreeBSD 11.3 are strongly
encouraged to upgrade to a newer release as soon as possible.
Overall, the jump to HardenedBSD 12.1 is looking promising from our end. From the reported issues we still have more logging quirks to investigate and especially Netmap support (used in IPS and Sensei) is lacking in some areas that were previously working. Patches are being worked on already so we shall get there soon enough. Stay tuned.
MidnightBSD 1.2.7 is available via the FTP/HTTP and mirrors as well as github.
It includes several bug fixes and security updates over the last ISO release and is recommended for new installations.
Users who don't want to updatee the whole OS, should consider at least updating libmport as there are many package management fixes
- This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups.
- Daniel - Documentation Tooling
- Fongaboo - Where did the ZFS tutorial Go?
- Johnny - Browser Cold Wars ***
- Send questions, comments, show ideas/topics, or stories you want mentioned on the show to firstname.lastname@example.org