“As you already may now, last half a year I’ve been working on making pf SMP-scalable and faster in general. More info can be found here:
Since that announce in June, I’ve been running experimental code for more than 2 months in production on several routers. Also, some brave people volunteered to be beta-testers and also run the experimental branch in last couple of months. Code proved to be stable enough.
The new code performs better in production: less CPU load, less jitter, more responsive system under high load. It performs better under synthetic benchmarks like random generated UDP flood. It performs much better when DoS comes in.”
Ever wanted to set up a pfSense firewall/router with content filtering? Howtoforge has one of the easiest tutorials to help you set this up. If you have a spare box, there’s no reason now to wait any longer: pfSense – Squid + Squidguard / Traffic Shapping Tutorial
In this tutorial I will show you how to set up pfSense 2.0.1 up as an Internet Gateway with Squid Proxy / Squidguard Filtering. I will also show that you have to configure some extra features of pfSense like traffic shapping with squid.
The PC-BSD 9.1 review starts at 39:50.
Notes and Summary
- Your choice of Desktop Environments, Installer automatically adjusts the defaults depending on how much ram you have installed
- Your options: KDE, Gnome, LXDE or XFCE
- Another option is TrueOS, a console based server, FreeBSD with the CLI version of Warden, the PBI system, ZFS Boot Environments and other utilities
- The install also offers vanilla FreeBSD Server
- PC-BSD allows you to do a full ‘root on ZFS’ install (only recommended if you have 4 or more GB of ram), including creating many different datasets with different settings such as compression for optimal use of space
- You have the option of the Basic Wizard, the Advanced Wizard, or the FreeBSD CLI partitioning system
- The advanced Wizard also allows you to setup more complex ZFS mirror or RAIDZ
- You can choose to optionally encrypt your hard disk using GELI
- Warden is a Graphical and Command Line based manager for FreeBSD’s Jails feature
- In FreeBSD a jail is a secondary installation of the OS files, which is then started in a chroot, and the processes, network and user/group IDs are separate
- Allows you to manage three types of jails:
- Traditional Jail – run internet applications in a container, if compromised, the attacker only gains access to the jail, not the host OS
- Ports Jail – less secure version if jails, allows you to install applications from the FreeBSD ports tree without interfering with the PBI package manager in the host OS
- Linux Jail – install Debian or Gentoo in a jail, and run your linux applications in a full linux environment
- Warden also allows you to stop a jail, pack it up, and move it to a different physical machine
- Warden also allows you to install meta-packages into the jails with a single click, allowing you to deploy apache+php+mysql in no time
- Warden can back your jails storage with ZFS, allowing you to take advantage of ZFS features such as snapshots, clones (writable snapshots), revert to a previous snapshot, etc
Dimitry Andric, a FreeBSD developer, has carried out some performance tests to explore the impact that LLVM/Clang as the default FreeBSD compiler has on FreeBSD 10, compared to GCC 4.2.1 and GCC 4.7.1. He concludes that to build FreeBSD with Clang less RAM is used and the compilation finishes quicker. Clang comes out in the benchmarks mostly ahead of GCC on FreeBSD.
I recently performed a series of compiler performance tests on FreeBSD 10.0-CURRENT, particularly comparing gcc 4.2.1 and gcc 4.7.1 against clang 3.1 and clang 3.2.
The attached text file contains more information about the tests,
some semi-cooked performance data, and my conclusions. Any errors and omissions are also my fault, so if you notice them, please let me know.
The executive summary: clang compiles mostly faster than gcc sometimes much faster), and uses significantly less memory.
Finally, please note these tests were purely about compilation speed,
not about the performance of the resulting executables. This still
needs to be tested.
You can check the benchmarks here: Clang/llvm performance tests on FreeBSD 10.0-CURRENT
The development of FreeBSD ports is done in Subversion nowadays. Fy February 28th 2013 the FreeBSD ports tree will no longer be exported to CVS. Therefore ports tree updates via CVS or CVSup will no longer available after that date. All users who use CVS or CVSup to update the ports tree are encouraged to switch to portsnap(8) or for users which need more control over their ports collection checkout use Subversion directly.
Installing and configuring FreeBSD as router is something most of us won’t do daily. It’s one of those jobs you do once, and when it’s up and running, you let your server / router do its work and you don’t touch it – unless there’s a problem.
Squid and DansGuardian are some excellent tools for caching and content filtering. Squid is a caching proxy supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. DansGuardian is a web content filter. It filters the actual content of pages based on many methods including phrase matching, PICS filtering and URL filtering.
Since configuring Squid and DansGuardian is not something we daily do, the following tutorial may be useful: Installing and configuring Squid and DansGuardian under FreeBSD.
If you run pfSense, you can install Squid and DansGuardian too.
Most of the changes and updates have gone into AD and LDAP integration and improvements. Support for plugins has also been improved.
You can download the latest version from SF.