.

freebsd_vm/devfs.rules

@@ -0,0 +1,116 @@
+#
+# The following are some default rules for devfs(5) mounts.
+# The format is very simple. Empty lines and lines beginning
+# with a hash '#' are ignored. If the hash mark occurs anywhere
+# other than the beginning of a line, it and any subsequent
+# characters will be ignored.  A line in between brackets '[]'
+# denotes the beginning of a ruleset. In the brackets should
+# be a name for the rule and its ruleset number. Any other lines
+# will be considered to be the 'action' part of a rule
+# passed to the devfs(8) command. These will be passed
+# "as-is" to the devfs(8) command with the exception that
+# any references to other rulesets will be expanded first. These
+# references must include a dollar sign '$' in front of the
+# name to be expanded properly.
+#
+# $FreeBSD: releng/12.1/sbin/devfs/devfs.rules 338204 2018-08-22 15:55:23Z brd $
+#
+
+# Very basic and secure ruleset: Hide everything.
+# Used as a basis for other rules.
+#
+[devfsrules_hide_all=1]
+add hide
+
+# Basic devices typically necessary.
+# Requires: devfsrules_hide_all
+#
+[devfsrules_unhide_basic=2]
+add path log unhide
+add path null unhide
+add path zero unhide
+add path crypto unhide
+add path random unhide
+add path urandom unhide
+
+# Devices typically needed to support logged-in users.
+# Requires: devfsrules_hide_all
+#
+[devfsrules_unhide_login=3]
+add path 'ptyp*' unhide
+add path 'ptyq*' unhide
+add path 'ptyr*' unhide
+add path 'ptys*' unhide
+add path 'ptyP*' unhide
+add path 'ptyQ*' unhide
+add path 'ptyR*' unhide
+add path 'ptyS*' unhide
+add path 'ptyl*' unhide
+add path 'ptym*' unhide
+add path 'ptyn*' unhide
+add path 'ptyo*' unhide
+add path 'ptyL*' unhide
+add path 'ptyM*' unhide
+add path 'ptyN*' unhide
+add path 'ptyO*' unhide
+add path 'ttyp*' unhide
+add path 'ttyq*' unhide
+add path 'ttyr*' unhide
+add path 'ttys*' unhide
+add path 'ttyP*' unhide
+add path 'ttyQ*' unhide
+add path 'ttyR*' unhide
+add path 'ttyS*' unhide
+add path 'ttyl*' unhide
+add path 'ttym*' unhide
+add path 'ttyn*' unhide
+add path 'ttyo*' unhide
+add path 'ttyL*' unhide
+add path 'ttyM*' unhide
+add path 'ttyN*' unhide
+add path 'ttyO*' unhide
+add path ptmx unhide
+add path pts unhide
+add path 'pts/*' unhide
+add path fd unhide
+add path 'fd/*' unhide
+add path stdin unhide
+add path stdout unhide
+add path stderr unhide
+
+# Devices usually found in a jail.
+#
+[devfsrules_jail=4]
+add include $devfsrules_hide_all
+add include $devfsrules_unhide_basic
+add include $devfsrules_unhide_login
+add path fuse unhide
+add path zfs unhide
+
+[usbrules=100]
+add path 'usbctl' mode 660 group uucp
+add path 'usb/*' mode 660 group uucp
+add path 'ttyU*' mode 660 group uucp
+
+[serial_usb_rules=1000]
+add include $devfsrules_jail
+add path 'cuau*' unhide
+add path 'cuaU*' unhide
+add path 'ttyu*' unhide
+add path 'ttyU*' unhide
+add path 'usb*' unhide
+add path 'usb/*' unhide
+
+[devfs_rules_bhyve_jail=2000]
+add include $devfsrules_jail
+add path vmm unhide
+add path vmm/* unhide
+add path vmm.io unhide
+add path vmm.io/* unhide
+add path tap* unhide
+add path zvol/ship/raw/* unhide
+add path nmdm* unhide
+
+[devfs_rules_tun_jail=3000]
+add include $devfsrules_jail
+add path tun* unhide

freebsd_vm/loader.conf

@@ -0,0 +1,4 @@
+boot_serial="NO"
+
+if_tap_load="YES"
+

freebsd_vm/rc.conf

@@ -0,0 +1,99 @@
+hostname="freebsd.ahlawat.com"
+#ifconfig_vtnet0="DHCP"
+#ifconfig_vtnet0_ipv6="inet6 accept_rtadv"
+sshd_enable="YES"
+# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
+dumpdev="AUTO"
+
+
+zfs_enable="YES"
+
+kld_list="nmdm vmm ipfw ipdivert linux64"
+
+# Do not mark to autodetach otherwise ZFS gets very unhappy.
+geli_autodetach="NO"
+
+# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
+dumpdir="/var/crash"
+savecore_enable="YES"
+
+# Turbo boost
+performance_cpu_freq="HIGH"
+
+ntpd_sync_on_start="YES"
+ntpd_enable="YES"
+
+powerd_enable="YES"
+powerd_flags="-a hiadaptive -n hiadaptive -m 2500 -M 3300"
+
+smartd_enable="YES"
+#nut_enable="YES"
+
+#dbus_enable="YES"
+
+firewall_enable="YES"
+firewall_type="open"
+firewall_logging="YES"
+firewall_logif="YES"
+
+# interfaces
+cloned_interfaces_sticky="YES"
+cloned_interfaces="bridge1"
+
+ifconfig_vtnet0="up -rxcsum -rxcsum6 -txcsum -txcsum6 -lro -tso -vlanhwtso"
+
+ipv6_activate_all_interfaces="YES"
+rtsold_enable="YES"
+
+ifconfig_vtnet0="inet 192.168.0.83/24"
+ifconfig_vtnet0_ipv6="inet6 fd01::83/64 auto_linklocal accept_rtadv"
+
+ifconfig_bridge1="ether random addm vtnet0 up"
+
+defaultrouter="192.168.0.5"
+ipv6_defaultrouter="fd01::5"
+# interfaces
+
+syslogd_enable="YES"
+syslogd_flags="-C -O rfc5424 -ss"
+
+syslog_ng_enable="NO"
+syslog_ng_config="-u daemon"
+syslog_ng_pid="/var/run/syslog-ng.pid"
+
+sendmail_enable="NO"
+sendmail_outbound_enable="NO"
+sendmail_submit_enable="YES"
+sendmail_msp_queue_enable="YES"
+
+sshd_enable="YES"
+
+iocage_enable="NO"
+
+devfs_system_ruleset="usbrules"
+
+#node_exporter_enable="YES"
+#node_exporter_args=--collector.filesystem.ignored-mount-points="/mnt/iocage*"
+#gstat_exporter_enable="YES"
+
+# modify hard disk cam queues
+cam_tag_enable="YES"
+
+# debian jail
+linux_enable="YES"
+
+nfs_server_enable="YES"
+nfsv4_server_enable="YES"
+nfsuserd_enable="YES"
+
+mountd_enable="YES"
+mountd_flags="-r"
+
+rpcbind_enable="YES"
+rpc_lockd_enable="YES"
+rpc_statd_enable="YES"
+
+tftpd_enable="YES"
+tftpd_flags="-s /mnt/ship/pxe"
+
+ctld_enable="YES"

freebsd_vm/sysctl.conf

@@ -0,0 +1,14 @@
+# $FreeBSD$
+#
+#  This file is read when going to multi-user and its contents piped thru
+#  ``sysctl'' to adjust kernel values.  ``man 5 sysctl.conf'' for details.
+#
+
+# Uncomment this to prevent users from seeing information about processes that
+# are being run under another UID.
+#security.bsd.see_other_uids=0
+
+net.inet.ip.forwarding=1       # Enable IP forwarding between interfaces
+net.link.bridge.pfil_onlyip=0  # Only pass IP packets when pfil is enabled
+net.link.bridge.pfil_bridge=0  # Packet filter on the bridge interface
+net.link.bridge.pfil_member=0  # Packet filter on the member interface