May 1, 2025 update

configs/etc/ctl.conf

@@ -4,26 +4,6 @@ portal-group pg0 {
 	listen [::]
 }
 
-target iqn.nas.ahlawat.com:f11 {
-#	auth-group no-authentication
-	portal-group pg0
-    chap user secretsecret
-	lun 0 {
-		path /dev/zvol/ship/raw/FreeBSD11
-		size 128G
-	}
-}
-
-target iqn.nas.ahlawat.com:f12 {
-#	auth-group no-authentication
-	portal-group pg0
-    chap user secretsecret
-	lun 0 {
-		path /dev/zvol/ship/raw/FreeBSD12
-		size 128G
-	}
-}
-
 target iqn.nas.ahlawat.com:f13 {
 #	auth-group no-authentication
 	portal-group pg0
@@ -34,16 +14,6 @@ target iqn.nas.ahlawat.com:f13 {
 	}
 }
 
-target iqn.nas.ahlawat.com:f12p {
-#	auth-group no-authentication
-	portal-group pg0
-    chap user secretsecret
-	lun 0 {
-		path /dev/zvol/ship/raw/FreeBSD12p
-		size 128G
-	}
-}
-
 target iqn.nas.ahlawat.com:f13p {
 #	auth-group no-authentication
 	portal-group pg0

configs/etc/defaults/devfs.rules

@@ -13,7 +13,6 @@
 # references must include a dollar sign '$' in front of the
 # name to be expanded properly.
 #
-# $FreeBSD: releng/12.3/sbin/devfs/devfs.rules 338204 2018-08-22 15:55:23Z brd $
 #
 
 # Very basic and secure ruleset: Hide everything.
@@ -87,6 +86,12 @@ add include $devfsrules_unhide_login
 add path fuse unhide
 add path zfs unhide
 add path 'bpf*' unhide
+add path 'md*' unhide
+add path 'md*' mode 0777
+
+[devfsrules_jail_vnet=5]
+add include $devfsrules_jail
+add path pf unhide
 
 # members of group uucp can access all usb and tty devices
 [usbrules=100]

configs/etc/defaults/periodic.conf

@@ -13,14 +13,13 @@
 # For a more detailed explanation of all the periodic.conf variables, please
 # refer to the periodic.conf(5) manual page.
 #
-# $FreeBSD: releng/12.3/usr.sbin/periodic/periodic.conf 370770 2021-10-07 19:46:04Z asomers $
 #
 
 # What files override these defaults ?
-periodic_conf_files="/etc/periodic.conf /etc/periodic.conf.local"
+periodic_conf_files="/etc/periodic.conf /etc/periodic.conf.local ${_localbase}/etc/periodic.conf"
 
-# periodic script dirs
-local_periodic="/usr/local/etc/periodic"
+# periodic script dirs. _localbase is being set in /usr/sbin/periodic
+local_periodic="${_localbase}/etc/periodic"
 
 # Max time to sleep to avoid causing congestion on download servers
 anticongestion_sleeptime=3600
@@ -32,6 +31,7 @@ anticongestion_sleeptime=3600
 # that output.  $daily_output might be set to /var/log/daily.log if you
 # wish to log the daily output and have the files rotated by newsyslog(8)
 #
+daily_diff_flags="-b -U 0"				# flags for diff output
 daily_output="root"					# user or /file
 daily_show_success="YES"				# scripts returning 0
 daily_show_info="YES"					# scripts returning 1
@@ -109,9 +109,6 @@ daily_accounting_compress="NO"				# Gzip rotated files
 daily_accounting_flags=-q				# Flags to /usr/sbin/sa
 daily_accounting_save=3					# How many files to save
 
-# 330.news
-daily_news_expire_enable="YES"				# Run news.expire
-
 # 400.status-disks
 daily_status_disks_enable="NO"				# Check disk status
 daily_status_disks_df_flags="-l -h"			# df(1) flags for check
@@ -182,6 +179,11 @@ daily_scrub_zfs_pools=""			# empty string selects all pools
 daily_scrub_zfs_default_threshold="35"		# days between scrubs
 #daily_scrub_zfs_${poolname}_threshold="35"	# pool specific threshold
 
+# 801.trim-zfs
+daily_trim_zfs_enable="NO"
+daily_trim_zfs_pools=""				# empty string selects all pools
+daily_trim_zfs_flags=""				# zpool-trim(8) flags
+
 # 999.local
 daily_local="/etc/daily.local"				# Local scripts
 
@@ -252,7 +254,7 @@ security_show_badconfig="NO"				# scripts returning 2
 # These options are used by the security periodic(8) scripts spawned in
 # daily and weekly 450.status-security.
 security_status_logdir="/var/log"			# Directory for logs
-security_status_diff_flags="-b -u"			# flags for diff output
+security_status_diff_flags="-b -U 0"			# flags for diff output
 
 # Each of the security_status_*_period options below can have one of the
 # following values:
@@ -301,6 +303,7 @@ security_status_ipfdenied_period="daily"
 # 520.pfdenied
 security_status_pfdenied_enable="YES"
 security_status_pfdenied_period="daily"
+security_status_pfdenied_additionalanchors=""
 
 # 550.ipfwlimit
 security_status_ipfwlimit_enable="YES"

configs/etc/exports

@@ -1,6 +1,8 @@
-V4: / -network=192.168.10.0 -mask=255.255.255.0
+V4: / -network=192.168.10.0/24
 /mnt/ship/pxe/FreeBSD11 -alldirs -maproot=root
 /mnt/ship/pxe/FreeBSD12 -alldirs -maproot=root
 /mnt/ship/pxe/FreeBSD13 -alldirs -maproot=root
 /mnt/ship/pxe/FreeBSD12p -alldirs -maproot=root
 /mnt/ship/pxe/FreeBSD13p -alldirs -maproot=root
+/mnt/ship/backup -alldirs -maproot=root
+/mnt/ship/r-automated -alldirs -maproot=root 192.168.10.13

configs/etc/freebsd-update.conf

@@ -1,4 +1,3 @@
-# $FreeBSD: releng/12.3/usr.sbin/freebsd-update/freebsd-update.conf 370439 2021-08-29 16:58:35Z kevans $
 
 # Trusted keyprint.  Changing this is a Bad Idea unless you've received
 # a PGP-signed email from <security-officer@FreeBSD.org> telling you to
@@ -15,7 +14,7 @@ ServerName update.FreeBSD.org
 #Components src world kernel
 
 # Example for updating the userland and the kernel source code only:
-#Components src world
+#Components src/base src/sys world
 Components world
 # manually run - git pull in /usr/src - before recompiling the kernel
 

configs/etc/hosts

@@ -1,4 +1,3 @@
-# $FreeBSD: releng/12.3/lib/libc/net/hosts 338729 2018-09-17 18:56:47Z brd $
 #
 # Host Database
 #
@@ -13,26 +12,31 @@
 ::1			localhost
 127.0.0.1		localhost
 
-192.168.0.10		nas nas.ahlawat.com
-fd01::10	nas nas.ahlawat.com
-192.168.10.10		nas nas.ahlawat.com
-fd0a::10	nas nas.ahlawat.com
-192.168.48.10		nas nas.ahlawat.com
-2001:470:480a::10	nas nas.ahlawat.com
+192.168.0.10		nasv1 nasv1.ahlawat.com
+fd01::10	nasv1 nasv1.ahlawat.com
+192.168.8.10		nas nas.ahlawat.com
+fd08::10	nas nas.ahlawat.com
+192.168.10.10		nasv10 nasv10.ahlawat.com
+fd0a::10	nasv10 nasv10.ahlawat.com
+192.168.48.10		nasv48 nasv48.ahlawat.com
+2001:470:480a::10	nasv48 nasv48.ahlawat.com
 
-10.1.0.193 crucible.ad.inseego.com i01bitcru00.ad.inseego.com bitbucket.ad.inseego.com
+#10.1.0.193 crucible.ad.inseego.com i01bitcru00.ad.inseego.com bitbucket.ad.inseego.com
+
+13.56.245.15    rwe
+54.241.30.152   rwe-gw
 
 #
 # Imaginary network. 10.0.0.2 myname.my.domain myname 10.0.0.3 myfriend.my.domain myfriend
 #
-# According to RFC 1918, you can use the following IP networks for
-# private nets which will never be connected to the Internet:
+# According to RFC 1918, you can use the following IP blocks for
+# private internets:
 #
-#	10.0.0.0	-   10.255.255.255
-#	172.16.0.0	-   172.31.255.255
-#	192.168.0.0	-   192.168.255.255
+#	10.0.0.0	-   10.255.255.255	(10/8 prefix)
+#	172.16.0.0	-   172.31.255.255	(172.16/12 prefix)
+#	192.168.0.0	-   192.168.255.255	(192.168/16 prefix)
 #
-# In case you want to be able to connect to the Internet, you need
+# In case you want to make addresses available on the Internet, you need
 # real official assigned numbers.  Do not try to invent your own network
 # numbers but instead get one from your network provider (if any) or
 # from your regional registry (ARIN, APNIC, LACNIC, RIPE NCC, or AfriNIC.)

configs/etc/login.conf

@@ -7,7 +7,6 @@
 # This file controls resource limits, accounting limits and
 # default user environment settings.
 #
-# $FreeBSD: releng/12.3/usr.bin/login/login.conf 369215 2021-02-04 03:15:28Z kevans $
 #
 
 # Default settings effectively disable resource limits, see the
@@ -25,7 +24,7 @@
 default:\
 	:passwd_format=sha512:\
 	:copyright=/etc/COPYRIGHT:\
-	:welcome=/etc/motd:\
+	:welcome=/var/run/motd:\
 	:setenv=BLOCKSIZE=K:\
 	:mail=/var/mail/$:\
 	:path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin ~/bin:\
@@ -49,8 +48,7 @@ default:\
 	:ignoretime@:\
 	:umask=022:\
 	:charset=UTF-8:\
-	:lang=en_US.UTF-8:
-
+	:lang=C.UTF-8:
 
 #
 # A collection of common class names - forward them all to 'default'
@@ -130,7 +128,7 @@ russian|Russian Users Accounts:\
 ##
 #standard:\
 #	:copyright=/etc/COPYRIGHT:\
-#	:welcome=/etc/motd:\
+#	:welcome=/var/run/motd:\
 #	:setenv=BLOCKSIZE=K:\
 #	:mail=/var/mail/$:\
 #	:path=~/bin /bin /usr/bin /usr/local/bin:\

configs/etc/ntp.conf

@@ -1,5 +1,4 @@
 #
-# $FreeBSD: releng/12.3/usr.sbin/ntp/ntpd/ntp.conf 365704 2020-09-14 01:20:57Z emaste $
 #
 # Default NTP servers for the FreeBSD operating system.
 #
@@ -20,24 +19,27 @@
 tos minclock 3 maxclock 6
 
 #
-# The following pool statement will give you a random set of NTP servers
-# geographically close to you.  A single pool statement adds multiple
-# servers from the pool, according to the tos minclock/maxclock targets.
+# The following pool statements will give you a random set of IPv4 and IPv6
+# NTP servers geographically close to you.  A single pool statement adds
+# multiple servers from the pool, according to the tos minclock/maxclock
+# targets.
 # See http://www.pool.ntp.org/ for details.  Note, pool.ntp.org encourages
 # users with a static IP and good upstream NTP servers to add a server
-# to the pool. See http://www.pool.ntp.org/join.html if you are interested.
+# to the pool.  See http://www.pool.ntp.org/join.html if you are interested.
 #
 # The option `iburst' is used for faster initial synchronization.
 #
-#pool 0.freebsd.pool.ntp.org iburst
+pool 0.freebsd.pool.ntp.org iburst
+pool 2.freebsd.pool.ntp.org iburst
 
 #
 # If you want to pick yourself which country's public NTP server
-# you want to sync against, comment out the above pool, uncomment
-# the next one, and replace CC with the country's abbreviation.
-# Make sure that the hostname resolves to a proper IP address!
+# you want to sync against, comment out the above pool statements,
+# uncomment the next ones, and replace CC with the country's abbreviation.
+# Make sure that the hostnames resolves to a proper IP address!
 #
 # pool 0.CC.pool.ntp.org iburst
+# pool 2.CC.pool.ntp.org iburst
 
 #
 # To configure a specific server, such as an organization-wide local

configs/etc/profile

@@ -1,4 +1,3 @@
-# $FreeBSD: releng/12.3/bin/sh/profile 363525 2020-07-25 11:57:39Z pstef $
 #
 # System-wide .profile file for sh(1).
 #

configs/etc/rc.conf

@@ -1,6 +1,6 @@
 zfs_enable="YES"
 
-kld_list="nmdm vmm ipfw ipdivert linux64 wg"
+kld_list="nmdm vmm ipfw ipdivert tcp_bbr linux64 wg"
 
 # Do not mark to autodetach otherwise ZFS gets very unhappy.
 geli_autodetach="NO"
@@ -18,7 +18,7 @@ ntpd_sync_on_start="YES"
 ntpd_enable="YES"
 
 powerdxx_enable="YES"
-powerdxx_flags=""
+powerdxx_flags="-a hiadaptive"
 
 smartd_enable="YES"
 nut_enable="YES"
@@ -30,42 +30,56 @@ firewall_type="open"
 firewall_logging="YES"
 firewall_logif="YES"
 
-# /interfaces
+# interfaces/
 cloned_interfaces_sticky="YES"
-cloned_interfaces="lagg0 bridge1 bridge2 bridge3 bridge5 bridge8 bridge9 bridge10 bridge48"
+cloned_interfaces="lagg0 bridge1 bridge2 bridge3 bridge5 bridge8 bridge9 bridge10 bridge48 bridge22 bridge99"
 
-ifconfig_lagg0="laggproto loadbalance laggport igb0 laggport igb1 up"
 ifconfig_igb0="up -rxcsum -rxcsum6 -txcsum -txcsum6 -lro -tso -vlanhwtso"
 ifconfig_igb1="up -rxcsum -rxcsum6 -txcsum -txcsum6 -lro -tso -vlanhwtso"
+ifconfig_lagg0="laggproto lacp laggport igb0 laggport igb1 up"
 
-vlans_lagg0="1 2 3 5 8 9 10 48"
+vlans_lagg0="1 2 3 5 8 9 10 48 22"
+#vlans_igb0="1 2 3 5 10 48 22"
+#vlans_igb1="8 9"
 
 ipv6_activate_all_interfaces="YES"
 rtsold_enable="YES"
 
 ifconfig_lagg0_1="inet 192.168.0.10/24"
 ifconfig_lagg0_1_ipv6="inet6 fd01::10/64 auto_linklocal accept_rtadv"
-ifconfig_lagg0_2="up"
-#ifconfig_lagg0_2="inet 192.168.2.10/24"
-#ifconfig_lagg0_2_ipv6="inet6 fd02::10/64 auto_linklocal accept_rtadv"
-ifconfig_lagg0_3="up"
-#ifconfig_lagg0_3="inet 192.168.3.10/24"
-#ifconfig_lagg0_3_ipv6="inet6 fd03::10/64 auto_linklocal accept_rtadv"
-ifconfig_lagg0_5="up"
-#ifconfig_lagg0_5="inet 192.168.5.10/24"
-#ifconfig_lagg0_5_ipv6="inet6 fd05::10/64 auto_linklocal accept_rtadv"
-ifconfig_lagg0_8="up"
-# to avoid asymmetric routing - keep ip for vlan8 disabled
-#ifconfig_lagg0_8="inet 192.168.8.10/24"
-#ifconfig_lagg0_8_ipv6="inet6 fd08::10/64 auto_linklocal accept_rtadv"
-ifconfig_lagg0_9="up"
-#ifconfig_lagg0_9="inet 192.168.200.10/24"
-#ifconfig_lagg0_9_ipv6="inet6 fd09::10/64 auto_linklocal accept_rtadv"
+#ifconfig_igb0_1="inet 192.168.0.10/24"
+#ifconfig_igb0_1_ipv6="inet6 fd01::10/64 auto_linklocal accept_rtadv"
+
 # required for lab servers netboot on vlan10
 ifconfig_lagg0_10="inet 192.168.10.10/24"
 ifconfig_lagg0_10_ipv6="inet6 fd0a::10/64 auto_linklocal accept_rtadv"
+#ifconfig_igb0_10="inet 192.168.10.10/24"
+#ifconfig_igb0_10_ipv6="inet6 fd0a::10/64 auto_linklocal accept_rtadv"
+
 ifconfig_lagg0_48="inet 192.168.48.10/24"
 ifconfig_lagg0_48_ipv6="inet6 2001:470:480a::10/64 auto_linklocal accept_rtadv"
+#ifconfig_igb0_48="inet 192.168.48.10/24"
+#ifconfig_igb0_48_ipv6="inet6 2001:470:480a::10/64 auto_linklocal accept_rtadv"
+
+# to avoid asymmetric routing - keep ip for vlan8 disabled
+# updated DNS entries to address the above concern
+ifconfig_lagg0_8="up"
+ifconfig_lagg0_8="inet 192.168.8.10/24"
+ifconfig_lagg0_8_ipv6="inet6 fd08::10/64 auto_linklocal accept_rtadv"
+#ifconfig_igb1_8="up"
+#ifconfig_igb1_8="inet 192.168.8.10/24"
+#ifconfig_igb1_8_ipv6="inet6 fd08::10/64 auto_linklocal accept_rtadv"
+
+ifconfig_lagg0_2="up"
+ifconfig_lagg0_3="up"
+ifconfig_lagg0_5="up"
+ifconfig_lagg0_9="up"
+ifconfig_lagg0_22="up"
+#ifconfig_igb0_2="up"
+#ifconfig_igb0_3="up"
+#ifconfig_igb0_5="up"
+#ifconfig_igb1_9="up"
+#ifconfig_igb1_22="up"
 
 ifconfig_bridge1="addm lagg0.1 up"
 ifconfig_bridge2="addm lagg0.2 up"
@@ -75,6 +89,17 @@ ifconfig_bridge8="addm lagg0.8 up"
 ifconfig_bridge9="addm lagg0.9 up"
 ifconfig_bridge10="addm lagg0.10 up"
 ifconfig_bridge48="addm lagg0.48 up"
+ifconfig_bridge22="addm lagg0.22 up"
+
+#ifconfig_bridge1="addm igb0.1 up"
+#ifconfig_bridge2="addm igb0.2 up"
+#ifconfig_bridge3="addm igb0.3 up"
+#ifconfig_bridge5="addm igb0.5 up"
+#ifconfig_bridge8="addm igb1.8 up"
+#ifconfig_bridge9="addm igb1.9 up"
+#ifconfig_bridge10="addm igb0.10 up"
+#ifconfig_bridge48="addm igb0.48 up"
+#ifconfig_bridge22="addm igb0.22 up"
 
 # adding IP to bridges does not work
 #ifconfig_bridge1="inet 192.168.0.10/24"

configs/etc/rctl.conf

@@ -1 +1,3 @@
 jail:ioc-jump:vmemoryuse:deny=4G/jail
+jail:ioc-ldap:vmemoryuse:deny=8G/jail
+jail:ioc-monitor:vmemoryuse:deny=16G/jail

configs/etc/sysctl.conf

@@ -1,4 +1,3 @@
-# $FreeBSD: releng/12.3/sbin/sysctl/sysctl.conf 337624 2018-08-11 13:28:03Z brd $
 #
 #  This file is read when going to multi-user and its contents piped thru
 #  ``sysctl'' to adjust kernel values.  ``man 5 sysctl.conf'' for details.
@@ -72,10 +71,10 @@ net.inet.tcp.mssdflt=1448
 net.inet.tcp.nolocaltimewait=1
 net.inet.tcp.path_mtu_discovery=0
 net.inet.tcp.reass.maxqueuelen=1448
-net.inet.tcp.recvbuf_inc=65536
+###net.inet.tcp.recvbuf_inc=65536
 net.inet.tcp.recvbuf_max=16777216
 net.inet.tcp.recvspace=262144
-net.inet.tcp.rfc6675_pipe=1
+###net.inet.tcp.rfc6675_pipe=1
 net.inet.tcp.sendbuf_inc=65536
 net.inet.tcp.sendbuf_max=16777216
 net.inet.tcp.sendspace=262144
@@ -98,14 +97,14 @@ net.link.bridge.pfil_onlyip=0
 net.local.stream.recvspace=164240
 net.local.stream.sendspace=164240
 net.route.netisr_maxqlen=2048
-net.raw.recvspace=65536
-net.raw.sendspace=65536
+###net.raw.recvspace=65536
+###net.raw.sendspace=65536
 vfs.zfs.arc_max=51539607552
 vfs.zfs.delay_min_dirty_percent=96
 vfs.zfs.dirty_data_max=12884901888
-vfs.zfs.prefetch_disable=0
+###vfs.zfs.prefetch_disable=0
 #vfs.zfs.top_maxinflight=128
-vfs.zfs.trim.txg_delay=2
+###vfs.zfs.trim.txg_delay=2
 vfs.zfs.txg.timeout=90
 vfs.zfs.vdev.aggregation_limit=1048576
 vfs.zfs.vdev.write_gap_limit=0
@@ -114,13 +113,14 @@ vfs.zfs.vdev.write_gap_limit=0
 #vfs.zfs.l2arc_write_boost=402653184
 #vfs.zfs.l2arc_write_max=402653184
 
-net.inet.tcp.functions_default=rack
-net.inet.tcp.rack.tlpmethod=3
-net.inet.tcp.rack.data_after_close=0
+###net.inet.tcp.functions_default=rack
+###net.inet.tcp.rack.tlpmethod=3
+###net.inet.tcp.rack.data_after_close=0
 
-# Verify RACK
+net.inet.tcp.functions_default=bbr
+# Verify BBR
 # sysctl net.inet.tcp.functions_available
-# sysctl net.inet.tcp.rack.
+# sysctl net.inet.tcp.bbr.
 
 #Cheap Disk Issues
 kern.cam.ada.default_timeout=60