General

If it doesn’t belong anywhere, it belongs here.

Debugging aids for pf firewall rules [on FreeBSD]

It is not often that I need to debug pf firewall rules. Yet, when I do, I cannot remember the commands for what I want to do. What is being blocked First, I want to see the firewall rule numbers in the tcpdump output. I am logging all blocked packets, via pflog0. I can use that to see what is being blocked and by what rule. These are found in my /etc/pf.conf: There […]

Debugging aids for pf firewall rules [on FreeBSD] Read More »

Complete network shutdown – wtf?

This afternoon, I was running an Ansible script to update the snmpd configuration settings on nagios03 (which replaced nagios02 – which was intentionally destroyed earlier today). After the script completed, I could not access the ngaios3 website, nor could I ssh into the host. My first thoughts: I must have messed up the ssh configuration, I’ll fix it through the console. I can’t get to anything. Anywhere. WIFI now? No, it’s me that’s

Complete network shutdown – wtf? Read More »

kernel: Limiting closed port RST response from x to y packets/sec

For 3 days now, I’ve been seeing these messages. If you search online, it’s usually the result of port scanning. Aug 7 14:05:15 zuul kernel: Limiting closed port RST response from 212 to 195 packets/sec Aug 7 14:05:16 zuul kernel: Limiting closed port RST response from 219 to 215 packets/sec Aug 7 14:05:17 zuul kernel: Limiting closed port RST response from 220 to 193 packets/sec Aug 7 14:05:18 zuul kernel: Limiting closed port

kernel: Limiting closed port RST response from x to y packets/sec Read More »

Adding another pair of drives to a zpool mirror on FreeBSD

Today, I’m ready to adding two recently obtained 12T spinning disks to r730-03. This host is the work-horse which houses all the main backups and database regression testing. It also hosts my newly-created but not yet-functional graylog jail. I will be following a previous post about adding drives because I don’t want to remember these things. They occur infrequently enough that documenting it is a good idea. In this post: FreeBSD 14 The

Adding another pair of drives to a zpool mirror on FreeBSD Read More »

Where’s my drives?

This is just rough notes for myself. List the gpart output for each drive in my system. for drive in $(sysctl -n kern.disks) do gpart show $drive done gpart: No such geom: da11. => 40 9767541088 da10 GPT (4.5T) 40 8392664 – free – (4.0G) 8392704 9758048256 3 freebsd-zfs (4.5T) 9766440960 1100168 – free – (537M) => 40 976773088 da9 GPT (466G) 40 2008 – free – (1.0M) 2048 838860800 1 freebsd-zfs (400G)

Where’s my drives? Read More »

Getting Home Assistant running in a FreeBSD 13.1 jail

Home Assistant is not friendly for plain installs. It seems designed for containers or running everything out of pip install. That, in itself, is a disturbing trend I’ve seen on several projects (what? you’re not running a git cloned image?). I’ve seen reports of people running containers etc. However, I want to run this on FreeBSD. I don’t want to muck about with installing containers etc. If containers are the only way for

Getting Home Assistant running in a FreeBSD 13.1 jail Read More »

RIPE Atlas – Total Availability : 100.00%

Yes, this is blatant bragging. But realistically, this is more a function of my ISP (Verizon FiOS) and my electricity supplier (PECO) than my abilities. To be fair, it is more contingent upon no power failures than anything else. I do have a UPS, but that’s only good for about 10-20 minutes. For August 2021, my home network had 100% uptime, according to RIPE. I’ve been hosting this device since 2013-05-29 (just over

RIPE Atlas – Total Availability : 100.00% Read More »

cron is running all jobs twice – solved

This started earlier today and I solved it only just now. It took me a while to find out it was duplicate cron jobs, and even longer to find out why. It started with lockf notifications (if you’ve never heard of lockf before, please read this Twitter thread for examples). In short, one of those emails said: lockf: /var/run/periodic.hourly.lock: already locked I looked to see if there were any long-running jobs which might

cron is running all jobs twice – solved Read More »

OpenVPN: unsupported certificate purpose

See also SSL client vs server certificates and bacula-fd. I use OpenVPN since at least 2008 – now going on 13 years. I find it to be reliable and stable. A few days ago, I added another client to a VPN. I run this particular network with self-signed certificates which I create using ssl-admin – I find it particularly useful for this purpose. The problem Away I went, creating a new certicate, bundled

OpenVPN: unsupported certificate purpose Read More »

Scroll to Top