Gleb Smirnoff writes on the FreeBSD PF Mailing List about a some improvements he has made to make Packet Filter (PF) SMP-scalable and faster:
“As you already may now, last half a year I’ve been working on making pf SMP-scalable and faster in general. More info can be found here:
Since that announce in June, I’ve been running experimental code for more than 2 months in production on several routers. Also, some brave people volunteered to be beta-testers and also run the experimental branch in last couple of months. Code proved to be stable enough.
The new code performs better in production: less CPU load, less jitter, more responsive system under high load. It performs better under synthetic benchmarks like random generated UDP flood. It performs much better when DoS comes in.”
In this tutorial I will show you how to set up pfSense 2.0.1 up as an Internet Gateway with Squid Proxy / Squidguard Filtering. I will also show that you have to configure some extra features of pfSense like traffic shapping with squid.
Your choice of Desktop Environments, Installer automatically adjusts the defaults depending on how much ram you have installed
Your options: KDE, Gnome, LXDE or XFCE
Another option is TrueOS, a console based server, FreeBSD with the CLI version of Warden, the PBI system, ZFS Boot Environments and other utilities
The install also offers vanilla FreeBSD Server
PC-BSD allows you to do a full ‘root on ZFS’ install (only recommended if you have 4 or more GB of ram), including creating many different datasets with different settings such as compression for optimal use of space
You have the option of the Basic Wizard, the Advanced Wizard, or the FreeBSD CLI partitioning system
The advanced Wizard also allows you to setup more complex ZFS mirror or RAIDZ
You can choose to optionally encrypt your hard disk using GELI
Warden is a Graphical and Command Line based manager for FreeBSD’s Jails feature
In FreeBSD a jail is a secondary installation of the OS files, which is then started in a chroot, and the processes, network and user/group IDs are separate
Allows you to manage three types of jails:
Traditional Jail – run internet applications in a container, if compromised, the attacker only gains access to the jail, not the host OS
Ports Jail – less secure version if jails, allows you to install applications from the FreeBSD ports tree without interfering with the PBI package manager in the host OS
Linux Jail – install Debian or Gentoo in a jail, and run your linux applications in a full linux environment
Warden also allows you to stop a jail, pack it up, and move it to a different physical machine
Warden also allows you to install meta-packages into the jails with a single click, allowing you to deploy apache+php+mysql in no time
Warden can back your jails storage with ZFS, allowing you to take advantage of ZFS features such as snapshots, clones (writable snapshots), revert to a previous snapshot, etc
Dimitry Andric, a FreeBSD developer, has carried out some performance tests to explore the impact that LLVM/Clang as the default FreeBSD compiler has on FreeBSD 10, compared to GCC 4.2.1 and GCC 4.7.1. He concludes that to build FreeBSD with Clang less RAM is used and the compilation finishes quicker. Clang comes out in the benchmarks mostly ahead of GCC on FreeBSD.
I recently performed a series of compiler performance tests on FreeBSD 10.0-CURRENT, particularly comparing gcc 4.2.1 and gcc 4.7.1 against clang 3.1 and clang 3.2.
The attached text file contains more information about the tests,
some semi-cooked performance data, and my conclusions. Any errors and omissions are also my fault, so if you notice them, please let me know.
The executive summary: clang compiles mostly faster than gcc sometimes much faster), and uses significantly less memory.
Finally, please note these tests were purely about compilation speed,
not about the performance of the resulting executables. This still
needs to be tested.
The development of FreeBSD ports is done in Subversion nowadays. Fy February 28th 2013 the FreeBSD ports tree will no longer be exported to CVS. Therefore ports tree updates via CVS or CVSup will no longer available after that date. All users who use CVS or CVSup to update the ports tree are encouraged to switch to portsnap(8) or for users which need more control over their ports collection checkout use Subversion directly.
Installing and configuring FreeBSD as router is something most of us won’t do daily. It’s one of those jobs you do once, and when it’s up and running, you let your server / router do its work and you don’t touch it – unless there’s a problem.
Squid and DansGuardian are some excellent tools for caching and content filtering. Squid is a caching proxy supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. DansGuardian is a web content filter. It filters the actual content of pages based on many methods including phrase matching, PICS filtering and URL filtering.
FreeBSD News is a participant in the RootBSD and Amazon Services LLC Associates Programs, affiliate advertising programs designed to provide a means for sites to earn advertising fees by promoting and linking to their products.
The mark FreeBSD is a registered trademark of the FreeBSD Foundation and is used by Gerard van Essen with the permission of the FreeBSD Foundation.