Messages

You can also simply go to the shell and use the PF tools to inspect the rules in detail. For example, pfctl -sr will show you the currently loaded rules. The rules in PF are quite a bit easier to read than, say, in Linux iptables.

This is one big advantage of an open solution: You can dig as deep as you like and see exactly what's going on.  ;)

Fantastic, thanks! Looking forward to the new release. I've been using OPNsense in our lab for a few days now and it's very pleasant to use overall. Much easier than the hand-configured Linux box I used before.  ;D

Yes, with -a4k you should be good.

I cannot spare a physical machine for testing ATM, but I can try installing it on VMWare in UEFI mode.

If you're going to support GPT everthing becomes much easier, since that uses only LBA addressing (so no need to bother with cylinder boundaries). Just make sure that the start sector and partition size are divisible by 8 (8*512=4096). But I imagine adding GPT support would be a lot of work in other ways ...

Yeah, it should be fairly easy to hack in.

Long term, the best solution would be if FreeBSD finally stopped obeing constraints originating from the archaic cylinder/head/sector addressing. All of the FreeBSD tools still enforce the stupid 63 sector alignment, even though drives that used cylinders with constant sector counts on the physical level have long gone extinct. Windows and Linux have used sector 2048 as the start of the first partition for years, and even OpenBSD switched to 64.  ;)

Hi Franco,

thanks for the reply! I was able to work around it manually in a VM. I first booted into single user mode from the installer ISO, then created a slice manually using gpart. I set the slice to start at the least common multiple of 63 and 4096/512=8 (which is 504), so it would land on both a cylinder and a 4k boundary. Then I used advanced mode in the OPNSense installer and used the partition editor to create a partition in the new slice. The installer complained about a non-standard partition layout, but it seems to work just fine.

I took a quick look at the installer code. I found a place in the partitioning LUA file where it makes sure that the starting block is on a cylinder (i.e. 63 sector) boundary. It should be easy to add an LCM calculation like the above there. I don't really have time to set up a build environment for OPNSense right now, otherwise I might have tried it myself. ;)

I just built a new router/firewall box with an SSD. I tested OPNSense in a VM and found that the installer does not align the main partition on a 4K boundary, which would result in non-optimal drive performance and higher write amplification when I later install it on the SSD. Is it somehow possible to force the installer to use something like gpart -a4k when creating the partition?