!install total 40G ? / :4G swap :4G+ /usr/ports : 1G + 4G /usr/src :4G ---- /boot 200M / 20G /usr 24G + 15G (buildworld) = 40G /var 23G /home 100G+ SWAP 12G+ freebsd-update fetch freebsd-update install !FB13 upgrade *FB-13-tips !dig -> drill drill www.iij.ad.jp ! passwd 調べてみると、パスワードデータベースである /etc/pwd.db, /etc/spwd.db が更新される必要があり、その更新には # pwd_mkdb -p /etc/master.passwd ! RC_CONF #================================= # CHECK LRO/TSO option OFF!! # LRO (Large recieve offload) - セグメントの再構築をハードウェアで実施 # TSO (TCP segmentation offload) - TCPセグメンへの分割処理をハードウェアで実施 # TOE (Full TCP offload engine) - TCP/IPの処理をすべてハードウェアで実施 # RXCSUM,TXCSUM - 送受信のChecksumをハードウェアで # ifconfig_vtnet0="inet netmask -lro -tso" # ifconfig_bge0="inet netmask -lro -tso" #================================= # ifconfig_vtnet0="inet netmask -lro -tso" # ifconfig_bge1="inet netmask -lro -tso -rxcsum -txcsum" #================================= # sysctl net.inet.tcp.tso=0 #==========#======================= ifconfig_bge0="inet 192.168.250.15 netmask 255.255.255.0 -lro -rxcsum -txcsum " #==========#======================= dumpdev="AUTO" # Device to crashdump to (device name, AUTO, or NO). dumpdir="/var/crash" # Directory where crash dumps are to be stored #================================== ! ports pkg install rsync pkg install rcs pkg install subversion pkg install portupgrade pkg install python3 # pkg install py36-pip pkg install py37-pip # pkg install softether # pkg install haproxy # # env HTTP_PROXY="http://127.0.0.1:18080" pkg install squid # env HTTP_PROXY="http://127.0.0.1:18080" pkg install net-snmpd # env HTTP_PROXY="http://127.0.0.1:18080" pkg install bsnmp-ucd # env HTTP_PROXY="http://127.0.0.1:18080" pkg install apcupsd # env HTTP_PROXY="http://127.0.0.1:18080" pkg install py37-sqlite3 # pkg install smartmontools pkg install mbmon # pkg install munin-node munin-master # # env HTTP_PROXY="http://192.168.100.10:18080" pkg install squid # 初回 portsnap fetch portsnap extract 2回目移行 portsnap fetch portsnap update ## env HTTP_PROXY="http://172.16.70.10:8080" portsnap fetch ## env HTTP_PROXY="http://172.16.70.10:8080" portsnap update # ## rm /var/db/portsnap/tag # アップデートがうまく行かないばあい # env HTTP_PROXY="http://192.168.11.80:8080" portsnap fetch extract & # env HTTP_PROXY="http://192.168.11.80:8080" portsnap fetch update & pkg version -vL= portupgrade -rR apache # X 関連の build には 9Gbyte のHDDの空きが必要 ( /usr/ports で 11Gbyte 程度必要 ) ! Speedtest https://www.speedtest.net/ja/apps/cli https://github.com/sivel/speedtest-cli ! src ## svn svn : releng/12.0 ## # cd /usr/src ## # rm -rf * ## # svn checkout svn://svn.FreeBSD.org/base/releng/10.1 /usr/src ## # # mv /usr/src /usr/src.bak 1 ## # # svn checkout https://svn.freebsd.org/base/releng/10.3 /usr/src ## # ## # # chflags -R noschg /usr/obj/* ## # # rm -rf /usr/obj ## # # make -j4 -DNOPROFILE=true buildworld # 4process?? ## # # make -j4 -DNOPROFILE=true TARGET_ARCH=amd64 TARGET=amd64 buildworld ## # # make buildkernel TARGET_ARCH=amd64 TARGET=amd64 KERNCONF=GREN1SMP ## # # make installkernel TARGET_ARCH=amd64 TARGET=amd64 KERNCONF=GREN1SMP ## # # make -DNOPROFILE=true TARGET_ARCH=amd64 TARGET=amd64 installworld # ## make -j4 -DNOPROFILE=true TARGET_ARCH=amd64 TARGET=amd64 buildworld ## make -j4 -DNOPROFILE=true TARGET_ARCH=amd64 TARGET=amd64 buildkernel ## make -DNOPROFILE=true TARGET_ARCH=amd64 TARGET=amd64 installkernel ## make -DNOPROFILE=true TARGET_ARCH=amd64 TARGET=amd64 installworld ## # cd /usr/src ## # svn update /usr/src ## cd /usr/src ## make update SVN_UPDATE=yes # svnlite update /usr/src check /usr/src/UPDATING ## # svnlite info /usr/src ## # cd /usr/src # make -j4 buildworld # make -j4 kernel ## shutdown -r now ## cd /usr/src ## make installworld ## mergemaster -Ui ## shutdown -r now ! FB12 UPDATE # freebsd-update fetch # freebsd-update install # tool & lib のインストール ##### UPGRADE ### freebsd-update -r 12.1-RELEASE upgrade ## freebsd-update -r 12.2-RELEASE upgrade # freebsd-update -r 12.4-RELEASE upgrade # 質問には基本的に「y」 ### freebsd-update -r 12.1-RELEASE install ## freebsd-update -r 12.2-RELEASE install # freebsd-update -r 12.4-RELEASE install # ## kernel インストール 再起動 # freebsd-update install # tool & lib のインストール # ( Package のアップデート ) # pkg upgrade -y #( 古い ファイルの削除 ) # freebsd-update install # # pkgdb -F ##: パッケージ・レジストリ・データベース (package registry database) の不整合修正 (fix) # portsdb -uU ##: ポーツ・データベース・ファイル INDEX.db の生成/更新と,ポーツ・インデックス・ファイル INDEXの生成/更新 ============================ $ sudo freebsd-update upgrade -r 12.0-RELEASE $ sudo freebsd-update install $ sudo reboot $ sudo freebsd-update install $ sudo pkg upgrade -y $ sudo freebsd-update install ## NTPなどがうまく動かないばあい # pwd_mkdb /etc/master.passwd # chown ntpd:ntpd /var/db/ntp/{ntpd.drift,ntpd.pid} ! PROXY 7 13:18 env HTTP_PROXY="http://192.168.11.80:8080" portsnap fetch # env HTTP_PROXY="http://192.168.11.80:8080" portsnap fetch # env HTTP_PROXY="http://192.168.11.80:8080" portsnap fetch extract # env HTTP_PROXY="http://192.168.11.80:8080" portsnap fetch update env HTTP_PROXY="http://192.168.11.80:8080" portsnap fetch update env HTTP_PROXY="http://192.168.11.80:8080" pkg install squid env HTTP_PROXY="http://192.168.11.80:8080" freebsd-update fetch env HTTP_PROXY="http://192.168.11.80:8080" freebsd-update install FreeBSD-UPgrade PROXY use # #### env HTTP_PROXY="http://127.0.0.1:18080" freebsd-update upgrade -r 12.1-RELEASE # env HTTP_PROXY="http://127.0.0.1:18080" freebsd-update upgrade -r 12.2-RELEASE # env HTTP_PROXY="http://127.0.0.1:18080" freebsd-update install < Reboot> # env HTTP_PROXY="http://127.0.0.1:18080" freebsd-update install # env HTTP_PROXY="http://127.0.0.1:18080" pkg bootstrap -f # env HTTP_PROXY="http://127.0.0.1:18080" pkg upgrade -y < > # env HTTP_PROXY="http://127.0.0.1:18080" freebsd-update install # pwd_mkdb /etc/master.passwd # env HTTP_PROXY="http://127.0.0.1:18080" pkg upgrade -y # env HTTP_PROXY="http://127.0.0.1:18080" pkg install munin-node /usr/local/sbin/munin-node-configure --shell | sh -x # env HTTP_PROXY="http://127.0.0.1:18080" pkg install perl5 # setenv HTTP_PROXY "http://proxy.ne.jp:8080" # setenv HTTP_PROXY_AUTH "basic:*:userid:password" # setenv HTTP_PROXY "http://userid:password@proxy.ne.jp:8080" # setenv HTTP_TIMEOUT 1800 ~/.subversion/servers [global] http-proxy-host = 192.168.11.80 http-proxy-port = 8080 !Release ISO の作成 FB-bootdvd に ! /proc マニュアルで mount -t procfs proc /proc fstab に proc /proc procfs rw 0 0 を追加 ---- https://wiki.freebsd.org/NetworkPerformanceTuning hw.igb.max_interrupt_rate- :: 32000以上 net.inet.tcp.tcbhashsize- :: 最大32K以上 net.inet.ip.output_flowtable_size :: kern.maxfiles- :: kern.maxfilesperproc ;; kern.ipc.nmbclusters-ローダーの調整可能および読み取り/書き込みsysctl、システム内のmbufクラスター数のグローバル制限。この値に達すると、パケットドロップが発生します。 kern.ipc.nmbjumbop-FreeBSD 7以降、TCPソケットは送信データに2Kサイズのmbufクラスターを使用せず、ページサイズのmbufクラスター(一般に4K)を使用します。これはローダーで調整可能であり、読み取り/書き込みsysctlで数を制限します。 kern.ipc.nmbjumbo9 kern.ipc.nmbjumbo16 net.inet.tcp.per_cpu_timers net.inet.flowtable.nmbflows https://people.freebsd.org/~olivier/talks/2018_AsiaBSDCon_Tuning_FreeBSD_for_routing_and_firewalling-Paper.pdf https://calomel.org/freebsd_network_tuning.html ---- !boot/locader.conf #RELOAD is # service sysctl restart # # amdtemp_load="YES" coretemp_load="YES" # Accept filters for data, http and DNS requests # Useful when your software creates process/thread on each request (i.e. apache) # Note: DNS accf available on 8.0+ # Note: In case of badly written software this can increase performance, # but I still would recommend against using accept filters in production because of # their opacity - they really break abstractions. Also it's not trivial to debug/monitor # their state. #accf_data_load="YES" #accf_http_load="YES" #accf_dns_load="YES" # Async IO system calls aio_load="YES" # Linux specific devices in /dev # As for 8.1 it only /dev/full #lindev_load="YES" # Adds NCQ support in FreeBSD # WARNING! all ad[0-9]+ devices will be renamed to ada[0-9]+ # 8.0+ only #ahci_load="YES" #siis_load="YES" # FreeBSD 9+ # New Congestion Control for FreeBSD cc_htcp_load="YES" #cc_cubic_load="YES" # Increase kernel memory size to 3G. # # Use ONLY if you have KVA_PAGES in kernel configuration, and you have more than 3G RAM # Otherwise panic will happen on next reboot! # # It's required for high buffer sizes: kern.ipc.nmbjumbop, kern.ipc.nmbclusters, etc # Useful on highload stateful firewalls, proxies or ZFS fileservers # (FreeBSD 7.2+ amd64 users: Check that current value is lower!) #vm.kmem_size="3G" # If you have really busy forking webserver (i.e. apache13) you may run out of processes #kern.maxproc=10000 # If your server has lots of swap (>4Gb) you should increase following value # according to http://lists.freebsd.org/pipermail/freebsd-hackers/2009- October/029616.html # Otherwise you'll be getting errors # "kernel: swap zone exhausted, increase kern.maxswzone" #kern.maxswzone="256M" # Older versions of FreeBSD can't tune maxfiles on the fly #kern.maxfiles="200000" # Useful for databases # Sets maximum data size to 1G # (FreeBSD 7.2+ amd64 users: Check that current value is lower!) #kern.maxdsiz="1G" # Maximum buffer size(vfs.maxbufspace) # You can check current one via vfs.bufspace # Should be lowered/upped depending on server's load-type # Usually decreased to preserve kmem # (default is 10% of mem) #kern.maxbcache="512M" # Sendfile buffers # Note: i386 only #kern.ipc.nsfbufs=10240 # syncache tuning net.inet.tcp.syncache.hashsize=32768 net.inet.tcp.syncache.bucketlimit=32 net.inet.tcp.syncache.cachelimit=1048576 # Send RST on listen queue overflow / memory shortage. # Hosts behind Load-Balancer should set it to 1 to fail fast. # Hosts facing clients should set it to 0 for client to retry connection. #net.inet.tcp.syncache.rst_on_sock_fail=0 # Increased hostcache # Later host cache can be viewed via net.inet.tcp.hostcache.list hidden sysctl # Very useful for it's RTT RTTVAR # Must be power of two net.inet.tcp.hostcache.hashsize=65536 # hashsize * bucketlimit (which is 30 by default) # It allocates 255Mb (1966080*136) of RAM net.inet.tcp.hostcache.cachelimit=1966080 # TCP control-block Hash table tuning # See: http://serverfault.com/questions/372512/why-change-net-inet-tcp-tcbhashsize-in-freebsd net.inet.tcp.tcbhashsize=524288 # Disable ipfw deny all # Should be uncommented when there is a chance that # kernel and ipfw binary may be out-of sync on next reboot #net.inet.ip.fw.default_to_accept=1 # # SIFTR (Statistical Information For TCP Research) is a kernel module that # logs a range of statistics on active TCP connections to a log file. # See prerelease notes: # # http://groups.google.com/group/mailing.freebsd.current/browse_thread/thread/b4c18be6 cdce76e4 # and man 4 sitfr #siftr_load="YES" # Enable superpages, for 7.2+ only # See: http://lists.freebsd.org/pipermail/freebsd-hackers/2009-November/030094.html vm.pmap.pg_ps_enabled=1 # Useful if you are using Intel-Gigabit NIC #hw.em.rxd=4096 #hw.em.txd=4096 #hw.em.rx_process_limit="-1" # Also if you have A LOT interrupts on NIC - play with following parameters # NOTE: You should set them for every NIC #dev.em.0.rx_int_delay: 250 #dev.em.0.tx_int_delay: 250 #dev.em.0.rx_abs_int_delay: 250 #dev.em.0.tx_abs_int_delay: 250 # There is also multithreaded version of em/igb drivers that can be found here: # http://people.yandex-team.ru/~wawa/ # # for additional em monitoring and statistics use # sysctl dev.em.0.stats=1 ; dmesg # sysctl dev.em.0.debug=1 ; dmesg # Also after r209242 (-CURRENT) there is a separate sysctl for each stat variable; # Same tunings for igb #hw.igb.rxd=4096 #hw.igb.txd=4096 #hw.igb.rx_process_limit=100 # Some useful netisr tunables. See sysctl net.isr #net.isr.maxthreads=4 #net.isr.defaultqlimit=10240 #net.isr.maxqlimit=10240 # Bind netisr threads to CPUs #net.isr.bindthreads=1 # # FreeBSD 9.x+ # Increase interface send queue length # See commit message http://svn.freebsd.org/viewvc/base? view=revision&revision=207554 net.link.ifqmaxlen=1024 # IPC prametor kern.ipc.msgmnb=8192 kern.ipc.msgssz=64 kern.ipc.msgtql=2048 # Nicer boot logo =) loader_logo="beastie" ---- loader.conf ########################## # smartpqi_load="YES" ########################## coretemp_load="YES" # aio_load="YES" cc_htcp_load="YES" ########################## machdep.hyperthreading_allowed="0" # net.inet.tcp.soreceive_stream="1" ########################## net.inet.tcp.syncache.hashsize=32768 net.inet.tcp.syncache.bucketlimit=32 net.inet.tcp.syncache.cachelimit=1048576 net.inet.tcp.hostcache.hashsize=65536 # net.inet.tcp.hostcache.cachelimit=1966080 net.inet.tcp.hostcache.cachelimit="0" net.inet.tcp.tcbhashsize=524288 vm.pmap.pg_ps_enabled=1 net.link.ifqmaxlen=1024 kern.ipc.msgmnb=8192 kern.ipc.msgssz=64 kern.ipc.msgtql=2048 ########################## net.graph.maxdata=65536 net.graph.maxalloc=65536 ########################## !/ets/syscrl # $FreeBSD: releng/10.1/etc/sysctl.conf 112200 2003-03-13 18:43:50Z mux $ # # How many routing_table net.fibs=1 # Ensure ZFS uses 4k block size vfs.zfs.min_auto_ashift=12 kern.ipc.somaxconn=2048 # set to at least 16MB for 10GE hosts kern.ipc.maxsockbuf=16777216 # socket buffers net.inet.tcp.recvspace=4194304 net.inet.tcp.sendspace=2097152 net.inet.tcp.sendbuf_max=16777216 net.inet.tcp.recvbuf_max=16777216 net.inet.tcp.sendbuf_auto=1 net.inet.tcp.recvbuf_auto=1 net.inet.tcp.sendbuf_inc=16384 net.inet.tcp.recvbuf_inc=524288 # security security.bsd.see_other_uids=0 security.bsd.see_other_gids=0 # drop UDP packets destined for closed sockets net.inet.udp.blackhole=1 # drop TCP packets destined for closed sockets net.inet.tcp.blackhole=2 # ipfw net.inet.ip.fw.verbose_limit=3 # H-TCP congestion control algorithm net.inet.tcp.cc.algorithm=htcp # maximum incoming and outgoing IPv4 network queue sizes net.inet.ip.intr_queue_maxlen=2048 net.route.netisr_maxqlen=2048 net.inet.ip.redirect=0 net.inet.raw.maxdgram=16384 net.inet.raw.recvspace=16384 ---- # Ensure ZFS uses 4k block size # vfs.zfs.min_auto_ashift=12 # kern.ipc.somaxconn=2048 kern.ipc.somaxconn=4096 kern.ipc.soacceptqueue=4096 # set to at least 16MB for 10GE hosts kern.ipc.maxsockbuf=16777216 # socket buffers net.inet.tcp.recvspace=4194304 net.inet.tcp.sendspace=2097152 net.inet.tcp.sendbuf_max=16777216 net.inet.tcp.recvbuf_max=16777216 net.inet.tcp.sendbuf_auto=1 net.inet.tcp.recvbuf_auto=1 net.inet.tcp.sendbuf_inc=16384 net.inet.tcp.recvbuf_inc=524288 # net.local.stream.recvspace=131070 net.local.stream.sendspace=131070 # security security.bsd.see_other_uids=0 security.bsd.see_other_gids=0 # drop UDP packets destined for closed sockets net.inet.udp.blackhole=1 # drop TCP packets destined for closed sockets net.inet.tcp.blackhole=2 # ipfw net.inet.ip.fw.verbose_limit=3 # H-TCP congestion control algorithm net.inet.tcp.cc.algorithm=htcp # maximum incoming and outgoing IPv4 network queue sizes net.inet.ip.intr_queue_maxlen=2048 net.route.netisr_maxqlen=2048 #### # net.ip.redirect=0 # net.inet.raw.maxdgram=16384 # net.inet.raw.recvspace=16384 ############################################################################### #kern.ipc.maxsockbuf=2097152 # (wscale 6 ; default) 1G kern.ipc.maxsockbuf=4194304 # (wscale 7) 2G #kern.ipc.maxsockbuf=16777216 # (wscale 9) 10G #kern.ipc.maxsockbuf=157286400 # (wscale 12) 40G #kern.ipc.maxsockbuf=614400000 # (wscale 14) 100G ############################# # net.inet.tcp.recvbuf_inc=65536 # (default 16384) net.inet.tcp.recvbuf_max=4194304 # (default 2097152) net.inet.tcp.recvspace=65536 # (default 65536) net.inet.tcp.sendbuf_inc=65536 # (default 8192) net.inet.tcp.sendbuf_max=4194304 # (default 2097152) net.inet.tcp.sendspace=65536 # (default 32768) # net.inet.tcp.mssdflt=1460 # Option 1 (default 536) #net.inet.tcp.mssdflt=1240 # Option 2 (default 536) ############################# # net.inet.tcp.minmss=536 # (default 216) # net.inet.tcp.abc_l_var=44 # (default 2) if net.inet.tcp.mssdflt = 1460 #net.inet.tcp.abc_l_var=52 # (default 2) if net.inet.tcp.mssdflt = 1240 # net.inet.tcp.initcwnd_segments=44 # (default 10 for FreeBSD 11.2) if net.inet.tcp.mssdflt = 1460 #net.inet.tcp.initcwnd_segments=52 # (default 10 for FreeBSD 11.2) if net.inet.tcp.mssdflt = 1240 #net.inet.tcp.experimental.initcwnd10=1 # (default 1 for FreeBSD 10.1) net.inet.tcp.cc.htcp.adaptive_backoff=1 # (default 0 ; disabled) net.inet.tcp.cc.htcp.rtt_scaling=1 # (default 0 ; disabled) net.tcp.cc.abe=1 net.inet.tcp.rfc6675_pipe=1 # (default 0) net.inet.tcp.syncache.rexmtlimit=0 # (default 3) # net.inet.ip.maxfragpackets=0 # (default 63474) net.inet.ip.maxfragsperpacket=0 # (default 16) net.inet6.ip6.maxfragpackets=0 # (default 507715) net.inet6.ip6.maxfrags=0 # (default 507715) # net.inet.tcp.syncookies=0 # (default 1) # net.inet.tcp.isn_reseed_interval=4500 # (default 0, disabled) # net.inet.tcp.tso=0 # (default 1) kern.random.fortuna.minpoolsize=128 # (default 64) kern.random.harvest.mask=351 # (default 511, FreeBSD 11 and 12 without Intel Secure Key RNG) #kern.random.harvest.mask=65887 # (default 66047, FreeBSD 12 with Intel Secure Key RNG) # # net.inet.ip.redirect=0 kern.ipc.shm_use_phys=1 # lock shared memory into RAM and prevent it from being paged out to swap (default 0, disabled) kern.msgbuf_show_timestamp=1 # display timestamp in msgbuf (default 0) kern.randompid=1 # calculate PIDs by the modulus of an integer, set to one(1) to auto random (default 0) net.bpf.optimize_writers=1 # bpf is write-only unless program explicitly specifies the read filter (default 0) net.inet.icmp.drop_redirect=1 # no redirected ICMP packets (default 0) net.inet.ip.check_interface=1 # verify packet arrives on correct interface (default 0) net.inet.ip.portrange.first=32768 # use ports 32768 to portrange.last for outgoing connections (default 10000) net.inet.ip.portrange.randomcps=9999 # use random port allocation if less than this many ports per second are allocated (default 10) net.inet.ip.portrange.randomtime=1 # seconds to use sequental port allocation before switching back to random (default 45 secs) net.inet.ip.random_id=1 # assign a random IP id to each packet leaving the system (default 0) net.inet.ip.redirect=0 # do not send IP redirects (default 1) net.inet6.ip6.redirect=0 # do not send IPv6 redirects (default 1) net.inet.sctp.blackhole=2 # drop stcp packets destined for closed ports (default 0) net.inet.tcp.blackhole=2 # drop tcp packets destined for closed ports (default 0) net.inet.tcp.drop_synfin=1 # SYN/FIN packets get dropped on initial connection (default 0) net.inet.tcp.fast_finwait2_recycle=1 # recycle FIN/WAIT states quickly, helps against DoS, but may cause false RST (default 0) net.inet.tcp.fastopen.client_enable=0 # disable TCP Fast Open client side, enforce three way TCP handshake (default 1, enabled) net.inet.tcp.fastopen.server_enable=0 # disable TCP Fast Open server side, enforce three way TCP handshake (default 0) net.inet.tcp.finwait2_timeout=1000 # TCP FIN_WAIT_2 timeout waiting for client FIN packet before state close (default 60000, 60 sec) net.inet.tcp.icmp_may_rst=0 # icmp may not send RST to avoid spoofed icmp/udp floods (default 1) net.inet.tcp.keepcnt=2 # amount of tcp keep alive probe failures before socket is forced closed (default 8) net.inet.tcp.keepidle=62000 # time before starting tcp keep alive probes on an idle, TCP connection (default 7200000, 7200 secs) net.inet.tcp.keepinit=5000 # tcp keep alive client reply timeout (default 75000, 75 secs) # net.inet.tcp.msl=2500 # Maximum Segment Lifetime, time the connection spends in TIME_WAIT state (default 30000, 2*MSL = 60 sec) net.inet.tcp.path_mtu_discovery=0 # disable for mtu=1500 as most paths drop ICMP type 3 packets, but keep enabled for mtu=9000 (default 1) net.inet.udp.blackhole=1 # drop udp packets destined for closed sockets (default 0) net.inet.udp.recvspace=1048576 # UDP receive space, HTTP/3 webserver, "netstat -sn -p udp" and increase if full socket buffers (default 42080) security.bsd.hardlink_check_gid=1 # unprivileged processes may not create hard links to files owned by other groups, DISABLE for mailman (default 0) # security.bsd.hardlink_check_uid=1 # unprivileged processes may not create hard links to files owned by other users, DISABLE for mailman (default 0) # security.bsd.see_other_gids=0 # groups only see their own processes. root can see all (default 1) # security.bsd.see_other_uids=0 # users only see their own processes. root can see all (default 1) # security.bsd.stack_guard_page=1 # insert a stack guard page ahead of growable segments, stack smashing protection (SSP) (default 0) # security.bsd.unprivileged_proc_debug=0 # unprivileged processes may not use process debugging (default 1) # security.bsd.unprivileged_read_msgbuf=0 # unprivileged processes may not read the kernel message buffer (default 1) ############################################################################### check : # sysctl net.inet.tcp.tso=0 # # ifconfig vtnet0 -lro ############################################################################### ! TAG vlan http://wiki.tomocha.net/BSD_802.1QVLAN.html ! fib FB-setfib ! リンクアグリゲーション FB-interface command:: ifconfig lagg0 laggproto lacp laggport em0 laggport em1 ifconfig lagg0 rc.conf :: ifconfig_em0="up" ifconfig_em1="up" ifconfig_lagg0="laggproto lacp laggport em0 laggport em1" https://qiita.com/shiest/items/c2d559a60b8e0b561f51 https://qastack.jp/server/619574/freebsd-link-aggregation-no-faster-than-single-link !SoftEther https://gist.github.com/imksoo/4a768345443242e829d7b040047bd65f ! IP を複数 > ifconfig bgeo alias 192.168.16.130/28 ! シングルユーザモード FB13-single !tips https://calomel.org/freebsd_network_tuning.html https://techracho.bpsinc.jp/ika/2016_12_17/30656 https://calomel.org/freebsd_network_tuning.html https://calomel.org/freebsd_network_tuning.html https://calomel.org/freebsd_network_tuning.html