Submit your real world pf.conf

As some of you may know, fwbuilder.org is a cross-platform, graphical firewall management utility that supports iptables, ASA, PIX, FWSM, Cisco router access lists, pf, ipfw, ipfilter, and HP ProCurve ACL firewalls. Vadim Kurland and Mike Horn, the lead fwbuilder developers, have begun work on providing complete pf.conf import functionality, the last piece that was missing to provide 100% pf support. This work is a direct result of several customers expressing interest in the addition of pf configuration import and they expect the work to be completed by this summer.

In order for them to be confident that as many permutations as possible are covered, they are looking for BSD users who can share their real world pf.conf files. The configs need to contain valid IP addresses, but users can sanitize the configs by globally replacing “real” IP addresses with “fake” IP addresses.  Users who are concerned about privacy can encrypt their file with Vadim’s public PGP key:http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x8B08DC58.

You can send your pf.conf file(s) to configs at netcitadel dot com. They will also be looking for testers as the work nears completion. Please help spread the word through social media and by posting to other mailing lists that may be interested.

Google SoC 2011 FreeBSD Accepted Projects

FreeBSD Google summer of codeGoogle has announced today that the following FreeBSD related projects have been accepted for the annual Google Summer of Code (2011).

With 17 approved projects, FreeBSD is one of the Top 10 supported projects.

  1. Path-based file system MAC policy (Alan Alvarez)
  2. Implement TCP UTO (Catalin Nicutar)
  3. Replacing the old regex implementation (Gábor Kövesdán)
  4. Capsicum application adaptation and core libraries (Ilya Bakulin)
  5. Finish porting FUSE to FreeBSD (Ilya Putsikau)
  6. FreeBSD/arm port to NXP LPC32x0 (Jakub Klama)
  7. pkgng: Implementation of sub-commands to convert .rpm and .deb to pkgng package format (Joffrey Lassignardie)
  8. Implement the RPS/RFS in FreeBSD (Kazuya GODA)
  9. FreeBSD port of NetworkManager (Kulakov Anton)
  10. Testing temporal properties of FreeBSD with Temporally Enhanced Security Logic Assertions (Mateusz Kocielski)
  11. Extending Capsicum for Common System Services (Nathan Dautenhahn)
  12. Disk device error counters (Oleksandr)
  13. Multiqueue BPF support and other BPF features (Takuya ASADA)
  14. SMB (smbfs) infrastructure work (Walter Artica)
  15. Multibyte Encoding Support in Nvi (Zhihao Yuan)
  16. (Re)implement the BFS scheduler in FreeBSD (rudot)
  17. Adding DWARF2 Call Frame Information (xxp)

Well done, to everyone who got in.

FreeBSD Security Advisory (mountd)

The FreeBSD Security Team has identified a security bug in mountd.

I. Background

The mountd(8) daemon services NFS mount requests from other client machines. When mountd is started, it loads the export host addresses and options into the kernel using the mount(2) system call.

II. Problem Description

While parsing the exports(5) table, a network mask in the form of “-network=netname/prefixlength” results in an incorrect network mask being computed if the prefix length is not a multiple of 8.

For example, specifying the ACL for an export as “-network 192.0.2.0/23″ would result in a netmask of 255.255.127.0 being used instead of the correct netmask of 255.255.254.0.

III. Impact

When using a prefix length which is not multiple of 8, access would be granted to the wrong client systems.

For a workaround and solution, check out the security advisory: FreeBSD Security Advisory (mountd)

FreeBSD Quarterly Status Report (Jan – Mar 2011)

FreeBSD’s quarterly status report for 2011 Q1 is now available. This report covers FreeBSD related projects between January and April 2011. During this quarter, developers focused on releasing FreeBSD 7.4 and 8.2, which were released in February 2011. Currently, the project is starting to work on the next major version, 9.0.

It’s good to see so much activity, projects and contribution to FreeBSD, most of which is done by dedicated volunteers.

From the table of contents:

Projects

FreeBSD Team Reports

Network Infrastructure

Kernel

Documentation

Architectures

Ports

Miscellaneous

Google Summer of Code

Link: FreeBSD Quarterly Status Report (Jan – Mar 2011)

iXsystems’ recent contributions to FreeBSD and FreeNAS

iXsystems has been working hard recently to make the FreeBSD and FreeNAS operating systems even better storage solutions. Some of their recent announcements:

New GEOM-based FreeBSD RAID Driver

“Recently iX completed work on graid, a revised software-assisted RAID driver for FreeBSD. The graid driver replaces the existing ataraid driver with a new GEOM-based implementation. This allows graid to create stable, OS-independent software RAID arrays.

OS-independence in a RAID array means that no matter which operating system you use or install, the RAID will be recognized and addressed the same way. This also allows for the metadata format the RAID is built with to be migrated to another type.

Synchronizing a RAID across multiple operating systems is difficult to do manually, and the stakes are high if the user isn’t careful. For this reason, it is preferable to automate the process in order to protect user data and avoid headaches”. More

The GEOM-base FreeBSD driver will be merged with FreeBSD Current.

II iXsystems Teams with Fusion-io to Deliver FreeNAS Appliance

iXsystems has also announced it is collaborating with server-deployed memory innovator Fusion-io to introduce the Titan FreeNAS Pro Appliance.

Fusion-io provides a next generation storage memory platform for data decentralization that significantly improves processing capabilities within a datacenter by relocating process-critical data from centralized storage to the server where it is being processed.

The addition of server-deployed ioMemory technology to the Titan FreeNAS Pro Appliance creates a storage server that utilizes non-volatile memory to significantly increase data center efficiency and offer enterprise grade reliability, availability and manageability, with potential performance improvements of up to 10x.

The Titan FreeNAS Pro with Fusion’s ioMemory technology has the ability to fully saturate multiple 10Gb Ethernet connections, full ZFS support, and a host of software and hardware features. More

III FreeNAS 8.0-RC5 Released

FreeNAS 8.0-RC5 was released last week and is the final community peek at FreeNAS 8 before the release. Two major bits that are new are volume drive replacement in the GUI, and the ability to add to ZFS volumes, which also doubles as the ability to create stacked ZFS volumes, such as a stripe of RAIDZs (RAID 50) or a stripe of mirrors (RAID 10).

Release Candidate 5 contains both bug fixes and new functionality over previous release candidates and betas.

This release candidate is the result of a flurry of bug fixes for issues noticed by people using RC4, as well as some added functionality.  This image will now be handed over to QA to begin preparations for 8.0-Release.

New in 8.0-RC5:

The ability to create “stacked” ZFS configurations is now present in the GUI. This also goes hand in hand with the ability to add devices to ZFS volumes. For ZFS the volume wizard will now accept an existing volume name when adding volumes.  If an existing volume name is specified, the volume being created will be added to the existing volume as a stripe.  In this manner one can create complex volumes such as RAID 10, RAIDZ+0, RAIDZ2+0, RAIDZ3+0 in the same manner as conventional RAID controllers build complex volumes.

We are looking forward to the final release of 8.0. It has been a long time since FreeNAS 0.7(.2) became available.

IV FreeBSDMall now shipping FreeBSD 8.2 and 7.4 CDs/DVDs

FreeBSD 8.2 is the latest release from the 8-STABLE branch which introduces many new features along with many improvements to functionality present in the earlier branches.

V mFreeNAS 7 comes to iOS

This is not a release by iXsystems, but since it’s relating to FreeNAS we will mention it here: Walter from techwavedev.com has released mFreeNAS 7 for iOS. An Android version is already available: mFreeNAS 7 for Android.

With mFreeNAS it is possible to access your FreeNAS remotely from your iPhone or Android phone and perform some basic tasks.

Thanks Walter for your email!

iXsystems is an all-around FreeBSD company that builds FreeBSD-certified servers and storage solutions, runs the FreeBSD Mall, and is the corporate sponsor of the PC-BSD and FreeNAS Projects.

Configure advanced features with pfSense 2.0 (Packt Pub’s new book)

Packt Publishing, the publishers of Learning FreeNAS, are now in the process of publishing pfSense 2 Cookbook.

This book helps users discover the power of pfSense‘s core functionality. It is written by Matt Williamson and is filled with examples of interfaces, firewall rules, NAT port-forwarding, VPN services, etc.

pfSense 2 Cookbook helps readers determine their deployment scenario, their hardware, throughput, andinterface requirements, and to select the right platform version of pfSense. They will be able to configure essential networking services such as DHCP, DNS, Dynamic DNS, and will be able to provide external Remote Desktop Access to an internal machine.

Through this book readers will learn to create multiple WAN interfaces, virtual IPs, a virtual LAN, gateways, and bridged interfaces. They will be able to configure traffic-shaping and Quality of Service (QoS), firewall redundancy with a CARP firewall failover, and external logging with syslog.

Talking about CARP, I came across a very interesting site explaining how to set up a CARO cluster, step-by-step: http://pfsense.basis06.com/download/tutorials/carp/carp-cluster-new.htm. There’s enough material available and howtos explaining how to set this up, but this little demo, is super clear.

When I have read the book, I’ll let you know more about the contents.

More information can be found here: pfSense 2 Cookbook, and a free chapter, dealing with DHCP and DNS, can be downloaded here: pfSense 2 Cookbook – sample chapter.

Released: Portable C Compiler (pcc 1.0)

Thanks to funding by BSD Fund,  Anders Magnusson has released the first stable release of PCC 1.0.0 (Portable C Compiler) for i386 adn amd64. PCC was developed in order to create an alternative C compiler to GCC, but licensed under BSD.

pcc should be a well-working compiler on i386 and amd64 on a number of OSes, including the BSD’s, most Linuxes and also Microsoft Windows….

The compiler is based on the original Portable C Compiler by S. C. Johnson, written in the late 70’s. About 50% of the frontend code and 80% of the backend code has been rewritten. See the PCC History wiki page for details.

If you’re not familiar with PCC, the following from wikipedia may be of interest (portable c compiler):

The Portable C Compiler is an early compiler for the C programming language written by Stephen C. Johnson of Bell Labs in the mid-1970s—based in part on ideas from earlier work by Alan Snyder in 1973.

One of the first compilers that could easily be adapted to output code for different computer architectures, the compiler had a long life span. It shipped with BSD Unix until the release of 4.4BSD in 1994—when it was replaced by the GNU C Compiler. It was very influential in its day, so much so that at the beginning of the 1980s, the majority of C compilers were based on it.

The keys to the success of pcc were its portability and improved diagnostic capabilities:

  • The compiler was designed so that only a few of its source files were machine-dependent.
  • It was relatively robust to syntax errors and performed more thorough validity checks.

 

Links: ReleasePCC page

BSD Magazine 2011-04: FreeBSD: portability with VMware

A new issue of the free BSD Magazine is available: FreeBSD: Portability with VMware (pdf)

From the table of contents

Interview with Dru Lavigne

Dru Lavigne is a network and systems administrator, IT instructor, author and international speaker. She has over a decade of experience administering and teaching Netware, Microsoft, Cisco, Checkpoint, SCO, Solaris, Linux and BSD systems. She is author of BSD Hacks, The Best of FreeBSD Basics, and The Definitive Guide to PCBSD.

Why You Use FreeBSD Just May Start With A ‘Z’

You may have been using FreeBSD for a long time. You may have just started using it. Regardless of how long you’ve been using it, whether it’s been fifteen years or fifteen days, you have needs, and FreeBSD fulfills some or all of them.

OpenBSD improves upon /etc/rc.d/

The OpenBSD developers did not adopt a change like this until they were sure they had a mechanism that was both simple to implement and simple to use.

DragonFly News

There’s been some dramatic changes for DragonFly in the past month; all positive but having significant effects.

Package Management for the upcoming PC-BSD 9

Among the various improvements planned for PC-BSD 9.0, among the largest of these is the refreshed PBI package management format.

Converting a Physical Partition with FreeBSD to a vmware Image

Portability is something people increasingly value, because it has a number of advantages – you can, for example, carry your desktop (or server) anywhere with you and thus also all your very important personal data that you have created over some time, or perhaps over many years.

Build appliances with QEMU and OpenBSD

OpenBSD is the slimmest desktop OS. It is complete, functional and usable on any computer as long as your expectations are that of an engineer as opposed to a user.

Drupal on FreeBSD part 5

Continuing the series on the Drupal Content Management System, we will look at adding discrete PHP and Javascript code to our pages.

Mutt On OS X part 2

Last time (BSD Magazine 02/2011), we installed Mutt on OS X and read and sent mail from a Gmail account. This month, we’ll get one step closer to replacing Mail.app by learning a way to handle multiple accounts and how to search our Mac’s Address book from within Mutt.

Realtime Weather Data EMWIN on FreeBSD

Have ever run to the TV, turned on a radio, or browsed to a weather site, just to find out what the weather conditions are, or about to become? You can now have data delivered right to server, use in a web site, or sent as notifications to pagers via e-mail.

Benchmarking Different Kind of Storage

In this article we will examine 2 types of storage: an iSCSI and a local hard drive.

Content Management Made Easy The Open Source Way!

We take a look at the open-source Content Management Systems available for your enterprise website.

Download: BSD Magazine 2011-04: FreeBSD: Portability with VMware

Available: FreeNAS 8.0-RC4

iXsystems has announced the availability of FreeNAS 8.0-RC4. Barring major bugs this is likely the last release candidate before 8.0-RELEASE.

Beside mostly bug fixes there is one last bit of new functionality, which is GUI replacement of drives in volumes, and a few small pieces, such as the ability to edit powerd settings in the GUI.

Most notable changes in this RC are:

“Snapshot functionality has been added.  There are features to create periodic snapshot jobs, create one time snapshots, clone snapshots (which can then be exported as shares like any other dataset) and rollback to previous snapshot.

VLAN interfaces are fully supported.  VLANs can be created from the GUI or from the CLI menu on the console.

NFS shares can be set to use the full range of maproot and mapall options.  In addition, tuning is available for the NFS service to boost performance past gigE networking speeds.

Users and groups available to the system from any source (local users, LDAP, AD) are now presented anywhere a user or group is specified, whether it’s volume permissions, samba anonymous user, or NFS maproot.

Several functions in System -> advanced were hooked up, a few were deleted. Powerd now works, toggling between the CLI script and a normal login works, the MOTD updates properly, and the serial console works.

The kernel modules to support several RAID controllers were added, as well as the modules to enable mount_smbfs to work from the CLI.”

I’m looking forward to installing and using FreeNAS 8.0-Release. Hopefully we won’t have to wait too long for that one to come out. iXsystems has done a great job so far.

For more information, please refer to Josh’ release announcement: FreeNAS 8.0 RC-4

Upcoming FreeBSD Events: BSDCan, GSoC 2011

As most of you will be aware, BSDCan is one of the major annual BSD conferences, and Google sponsors development of the 5 big BSD’s each year in the Summer of Code. More info with regards to these events below.

BSDCan 2011

BSD Talk has a 15 minutes interview with Dan Langille, the organiser of BSDCan 2011, wherein they chat about the upcoming BSDCan conference: BSDTalk 203 – BSDCan and PGCon with Dan Langille

The FreeBSD Foundation will be providing a limited number of travel grants to individuals requesting assistance. Please fill out and submit the (PDF) Travel Grant Request Application by April 15, 2011 to apply for this grant.

This program is open to FreeBSD developers of all sorts (kernel hackers, documentation authors, bugbusters, system administrators, etc). In some cases we are also able to fund non-developers, such as active community members and FreeBSD advocates. Read further

Google Summer of Code 2011

Google Announces Summer of Code Accepted Projects
Google has announced the accepted projects list for its 2011 Google Summer of Code (GSOC) Program. Accepted Projects can be viewed on this page. FreeBSD is among them. If you want to take part, check out the FreeBSD GSoC ideas page.

Grazer Linuxtag 2011

FH Joanneum Graz, Graz, Austria  –

The Grazer Linuxtag is a one day event (09 April 2011, FH Joanneum Graz, Graz, Austria) on Linux and free software in general. Besides a FreeBSD booth and the possibility to take the BSDA certification exam there will also be a BSD Bootcamp with live workshops covering different FreeBSD topics. More information can be found here.