Seems like they left a lot out “on purpose”. I can’t be bothered with it. I’ve already spent more time posting about it here today than i’ve had to spend on pfsense “random breakage” in the past 4 years.
UPnP/NAT-PMP on pfsense could be relatively secure as you could define an ACL for machines permitted to mess with it… or… you know. not enable it if you want.
Especially for home use, pfsense is already putting you deep into the top 1% as far as home network goes. Not like you really need the mostly hypothetical security advantages of hardenedbsd (and I say that as someone who uses Opensense in several places).
Yeah. I just installed opnsense to have a look. I’m planning to roll a bunch of pfsense boxes internally at work (inter-vlan internal firewalls). I’m happy that pfsense is pretty solid.
Have you ever configured a transparent filtering bridge? That’s becoming my preferred firewall implementation (edge though, so maybe not useful for intervlan).
Nah, haven’t really had a use case for it so far. I’ve had some ASAs which are capable of it way back to 2006, but i like splitting stuff at layer 3 personally.
One thing i am keen to set up internally is private vlans:
I’ll be working on this quite a bit in about 2 weeks. I have a draft schema that I’m playing with:
Each vlan represents a /24 and gets 1 private and 10 community pvlans. Should suit all my needs. The only issue is that I don’t think I can’t assign multiple primaries to one interface which is annoying.
so does anyone know how i verify the FQDN of my vcsa?
Also i paid for 3 years of VMUG but, it says my account is expired! i think i’ve been Fed in the A
EDIT: looks like the licenses picked a bad time to expire as did my flash drive with ESXi installed on it! also IDK what is what with VMUG Advantage atm.
i shall try to plug away. FYI everyone says you can install it on flash drive but, so far all my kingston flash drives with ESXi install on them have died, both usb 2 and 3 drives. i’m switching 32gb SSDs. no harder to swap than flash drive. at least in atx case servers.
EDIT: btw, how long should it take to migrate a 200gb VM on a !)g network? i get the feeling it’s running at gig speeds or maybe it just takes a while?
For me, personally, the main consideration when picking OPNSense was the behaviour of pfSense towards the fork. “Distasteful” is rather the understatement, I feel.
See, i don’t care about politics so much. I’m more concerned about whether something works or not and whether i am legally entitled to use it.
I went into the pfsense vs. opnsense comparison from a technical standpoint and opnsense just simply doesn’t hold up in my opinion.
It’s less feature complete and it’s flaky (i’ve experienced first hand within a month). There’s NO WAY i would run it in my production environment based on experience so far. Maybe i had a bad run, but i’ve run pfsense for years and never had an issue (and i’m only now considering running it in “important” roles at work as a result).
I’d also suggest (having looked into it since) that the opnsense guys spread a bunch of FUD about pfsense and started the shit flinging. not to excuse further shit slinging, but if you’re going to start spreading shit about somebody’s work you have to expect blow-back. Which they got.
So… gnome.
Wtf does “adjust for TV” do in gnome display settings.
I’ve looked at help.gnome.org here:
https://help.gnome.org/users/gnome-help/stable/look-resolution.html.en
and it is not mentioned.
It is not documented in the UI
There’s no tool tip.
what is it supposed to do? tried turning it on and it just made things look… worse? Surely, a mouse-over explanation would be … useful?
Surely for someone to add this “feature” there must be a reason? But for all my googling and reading gnome docs, i can’t find it?
I mean…
were you looking to post that in “small linux problem thread” ?
I don’t go in that thread. But yeah maybe not strictly sysadmin stuff. Like about 30-50% of this thread 
FUUUUU … Today a juniper core just went haywire … faild to reboot, won’t reply to anything but flooded the interco in the ring … all front was down. I had to drive to the DC in order to unplug it … I want managed PDU so bad :’(
Mother fuck hell yeah bitches.
Did I say ten minutes? LOL THAT SHIT TOOK SIXTY MOTHER FUCKING SECONDS.
Granted, performing the backups, archiving, making the database changes, and clicking “Create Release” added about nine minutes to that, but still 
The job was a success, but we ended up having to roll back. We have out dated testing material which generated some confusion as to whether or not the deployment was causing outages/404s. Once we had correct test data, we found inconsistencies with valid links. A database change had been missed and a table was skipped being updated. We also faced permission issues on two of the four servers behind the load balancers. Two of the servers lacked write permissions and were set to read only.
Database changes are being integrated into the CI/CD platform, making our process more resilient to human error and oversight. We have modified our documentation to include the correct permissions, which are being implemented on persistent servers and added to our CI/CD pipeline where necessary.
Practicing the post-mortem
Guess I’ll find out, given how both sides spread loads of FUD about the other it’s hard to know what’s what just by searching (which is a sad situation in itself). Based on what I’ve been reading on STH both are doing pretty well nowadays though.
To briefly touch on the fud topic again though. Hijacking a domain (OPNSense had to sue to get the opnsense.org domain from pfSense) and putting a rather distasteful site on it is going a bit beyond just fud (it’s still on the wayback machine, if you care, just be aware that it’s very much nsfw under the archive.org banner).
Should OPNSense turn out to be a trainwreck I’ll proably switch to pfSense (or look into other options) as I don’t exactly have a horse in this race, but I very much do let principles be a factor in my decision making, as long as the other options are just as good (I’ll take minor inconveniences/higher learning curve, but not less stability)
Probably fixes overscan
Just ping it.
approximately 200 seconds if you are saturating the full 10G, otherwise the speed is only as fast as the processor and disk can handle.
Out of curiosity, is this an actual enterprise network or a lab?
@freqlabs, how would you replicate hostname -i in FreeBSD? Tools like host and dig ignore the hosts file.
How about
host `hostname` 2>/dev/null || getent hosts `hostname`
host ignores hosts file