/ -50G /usr - 264G /var - 120G swap - 32G --- pkg install mc-nox11-4.8.26 pkg install sudo-1.9.7p1 pkg install bash-5.1.4_1 pkg install openvpn-auth-ldap-2.0.4 pkg install openvpn-auth-script-1.0.0.3 pkg install openvpn-auth-radius-2.1_4 kldload ipfw /etc/defaults/rc.conf /etc/rc.conf pkg install isc-dhcp44-server-4.4.2_1 ---------------------------------------------- root@gw:/etc/defaults# pkg install isc-dhcp44-server-4.4.2_1 Updating FreeBSD repository catalogue... FreeBSD repository is up to date. All repositories are up to date. The following 1 package(s) will be affected (of 0 checked): New packages to be INSTALLED: isc-dhcp44-server: 4.4.2_1 Number of packages to be installed: 1 The process will require 6 MiB more space. 1 MiB to be downloaded. Proceed with this action? [y/N]: y [1/1] Fetching isc-dhcp44-server-4.4.2_1.txz: 100% 1 MiB 1.5MB/s 00:01 Checking integrity... done (0 conflicting) [1/1] Installing isc-dhcp44-server-4.4.2_1... ===> Creating groups. Creating group 'dhcpd' with gid '136'. ===> Creating users Creating user 'dhcpd' with uid '136'. [1/1] Extracting isc-dhcp44-server-4.4.2_1: 100% ===== Message from isc-dhcp44-server-4.4.2_1: -- **** To setup dhcpd, please edit /usr/local/etc/dhcpd.conf. **** This port installs the dhcp daemon, but doesn't invoke dhcpd by default. If you want to invoke dhcpd at startup, add these lines to /etc/rc.conf: dhcpd_enable="YES" # dhcpd enabled? dhcpd_flags="-q" # command option(s) dhcpd_conf="/usr/local/etc/dhcpd.conf" # configuration file dhcpd_ifaces="" # ethernet interface(s) dhcpd_withumask="022" # file creation mask **** If compiled with paranoia support (the default), the following rc.conf options are also supported: dhcpd_chuser_enable="YES" # runs w/o privileges? dhcpd_withuser="dhcpd" # user name to run as dhcpd_withgroup="dhcpd" # group name to run as dhcpd_chroot_enable="YES" # runs chrooted? dhcpd_devfs_enable="YES" # use devfs if available? dhcpd_rootdir="/var/db/dhcpd" # directory to run in dhcpd_includedir="" # directory with config- files to include **** WARNING: never edit the chrooted or jailed dhcpd.conf file but /usr/local/etc/dhcpd.conf instead which is always copied where needed upon startup. ---------------------------------------------- pkg install bind916-9.16.18 ---------------------------------------------- BIND requires configuration of rndc, including a "secret" key. The easiest, and most secure way to configure rndc is to run 'rndc-confgen -a' to generate the proper conf file, with a new random key, and appropriate file permissions. The /usr/local/etc/rc.d/named script will do that for you. If using syslog to log the BIND9 activity, and using a chroot'ed installation, you will need to tell syslog to install a log socket in the BIND9 chroot by running: # sysrc altlog_proglist+=named And then restarting syslogd with: service syslogd restart ----------------------------------------------- /usr/local/etc/dhcpd.conf /usr/local/etc/namedb ------------------------------------------------ pkg install py37-fail2ban-0.11.2_1 ===== Message from libinotify-20180201_2: -- Libinotify functionality on FreeBSD is missing support for - detecting a file being moved into or out of a directory within the same filesystem - certain modifications to a symbolic link (rather than the file it points to.) in addition to the known limitations on all platforms using kqueue(2) where various open and close notifications are unimplemented. This means the following regression tests will fail: Directory notifications: IN_MOVED_FROM IN_MOVED_TO Open/close notifications: IN_OPEN IN_CLOSE_NOWRITE IN_CLOSE_WRITE Symbolic Link notifications: IN_DONT_FOLLOW IN_ATTRIB IN_MOVE_SELF IN_DELETE_SELF Kernel patches to address the missing directory and symbolic link notifications are available from: https://github.com/libinotify-kqueue/libinotify-kqueue/tree/master/patches You might want to consider increasing the kern.maxfiles tunable if you plan to use this library for applications that need to monitor activity of a lot of files. ===== Message from py37-fail2ban-0.11.2_1: -- Please do not edit the fail2ban.conf, jail.conf, or any other files in the distributen as they will be overwritten upon each upgrade of the port. Instead, create new files named *.local e.g. fail2ban.local or jail.local. For more information, see the official manual: http://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Configuration If you have custom filters or actions and you are upgrading from 0.9.x please check them. Users of pf: please read the notes in action.d/pf.conf and the discussion at https://github.com/fail2ban/fail2ban/pull/1925 Please note that fail2ban will put curly braces '{}' around the ports in the action so you shouldn't do it yourself. -------------------------------------------------------------------------------