After booting
mtu
hostname
tso
The image is not tuned, and has only been configured to boot in as many providers as possible, therefore extra adjustments need to be done after booting, starting by removing/changing the password for the user devops
In case not using GCE the mtu 1460
option may be removed from the rc.conf
:
ifconfig_DEFAULT="SYNCDHCP mtu 1460"
To:
ifconfig_DEFAULT="SYNCDHCP"
The image has been build using this src.conf, this kernel and the jail using this src-jail.conf.
The zfs layout used looks like this:
> zfs list
NAME USED AVAIL REFER MOUNTPOINT
zroot 496M 13.2G 88K /zroot
zroot/ROOT 254M 13.2G 88K none
zroot/ROOT/default 254M 13.2G 254M /
zroot/jails 226M 13.2G 88K /jails
zroot/jails/base 226M 9.78G 226M /jails/base
zroot/jails/base/tmp 88K 9.78G 88K /jails/base/tmp
zroot/tmp 88K 13.2G 88K /tmp
zroot/usr 13.5M 13.2G 88K /usr
zroot/usr/doc 88K 13.2G 88K /usr/doc
zroot/usr/home 128K 13.2G 128K /usr/home
zroot/usr/local 12.8M 13.2G 12.8M /usr/local
zroot/usr/obj 88K 13.2G 88K /usr/obj
zroot/usr/ports 264K 13.2G 88K /usr/ports
zroot/usr/ports/distfiles 88K 13.2G 88K /usr/ports/distfiles
zroot/usr/ports/packages 88K 13.2G 88K /usr/ports/packages
zroot/usr/src 88K 13.2G 88K /usr/src
zroot/var 1.49M 13.2G 88K /var
zroot/var/audit 88K 13.2G 88K /var/audit
zroot/var/crash 88K 13.2G 88K /var/crash
zroot/var/db 608K 13.2G 412K /var/db
zroot/var/db/pkg 196K 13.2G 196K /var/db/pkg
zroot/var/empty 88K 13.2G 88K /var/empty
zroot/var/log 120K 13.2G 120K /var/log
zroot/var/mail 88K 13.2G 88K /var/mail
zroot/var/ports 88K 13.2G 88K /var/ports
zroot/var/spool 184K 13.2G 96K /var/spool
zroot/var/spool/clientmqueue 88K 13.2G 88K /var/spool/clientmqueue
zroot/var/tmp 88K 13.2G 88K /var/tmp
The /etc/rc.conf
looks like:
> cat /etc/rc.conf
aws_firstboot_enable="YES"
gce_firstboot_enable="YES"
pf_firstboot_enable="YES"
zfs_firstboot_enable="YES"
zfs_enable="YES"
gateway_enable="YES"
hostname="fabrik" # change to your desired hostname
ifconfig_DEFAULT="SYNCDHCP mtu 1460" # change this to match your host
clear_tmp_enable="YES"
dumpdev="NO"
ntpd_enable="YES"
ntpdate_enable="YES"
sendmail_enable="NONE"
sshd_enable="YES"
syslogd_flags="-ssC"
cloned_interfaces="lo1"
ifconfig_lo1_aliases="inet 172.16.13.1/24 inet 172.16.13.2-5/32"
#-----------------------------------------------------------------------
# pf
#-----------------------------------------------------------------------
pf_enable="YES"
pf_rules="/etc/pf.conf"
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
#-----------------------------------------------------------------------
# jails
#-----------------------------------------------------------------------
jail_enable="YES"
jail_list="base"
And the /etc/pf.conf
like:
> cat /etc/pf.conf
ext_if = "em0"
set skip on lo
scrub in all
nat on $ext_if from lo1:network to any -> ($ext_if)
pass all