***WARNING***
THIS DOES NOT MEAN YOU GET TO SHUT YOUR BRAIN OFF. UPGRADING FREENAS COULD STILL RENDER YOUR CHANGES NULL AND VOID. AFTER ANY FREENAS UPGRADE, VERIFY THAT YOUR CHANGES ARE STILL IN EFFECT EVEN WITH THIS STICKY HACK IN PLACE.
Part 1 of trying to get hacks to FreeNAS to survive an upgrade was a failure. But never fear, I went back to the drawing board and had great success tonight. Basically I changed my approach slightly, Instead of trying to make changes to /conf/base/etc/rc.conf , what ended up working was just making the changes to /etc/rc.conf on every boot.
This will have the added benefit of working even if the FreeNAS developers change their naming scheme again for things in /conf/base/etc.
Write our hacks.sh script
1. I have OpenVPN and pf Firewall enabled, neither of which are stock to FreeNAS. You’ll need to adjust this script to meet your needs. Open up your favorite text editor and save your hacks.sh file somewhere on your data drive on the FreeNAS box.
First thing is lets search /etc/rc.conf to see if our hacks are in place. If they are, we exit.
#!/bin/sh if grep "pf_enable" /etc/rc.conf then echo "Hacks in Place" else
Now, the else section is where we add our hacks back in to /etc/rc.conf when they are not there. I’m just using a simple echo command to write the line I want to add to the shell and then am adding it to the end of /etc/rc.conf. I’m adding a blank line before my hacks, some notes about the hacks I’m adding and the config changes. You will need to change the paths to pf_rules, openvpn_configfile and openvpn_dir to match your setup.
echo "" >> /etc/rc.conf echo "#Turn on PF Firewall" >> /etc/rc.conf echo "pf_enable='YES'" >> /etc/rc.conf echo "pf_rules='/mnt/Files/joe/hacks/pf.conf'" >> /etc/rc.conf echo "gateway_enable='YES'" >> /etc/rc.conf echo "" >> /etc/rc.conf echo "#Turn on OpenVPN" >> /etc/rc.conf echo "openvpn_enable='YES'" >> /etc/rc.conf echo "openvpn_if='tun'" >> /etc/rc.conf echo "openvpn_configfile='/mnt/Files/openvpn/openvpn.conf'" >> /etc/rc.conf echo "openvpn_dir='/mnt/Files/openvpn'" >> /etc/rc.conf
Next we want to start the services that we have added as hacks to FreeNAS. For me that is pf and openVPN. Last thing is to close out the if statement with fi.
service pf start service openvpn start fi
Here’s the full script.
#!/bin/sh if grep "pf_enable" /etc/rc.conf then echo "Hacks in Place" else echo "" >> /etc/rc.conf echo "#Turn on PF Firewall" >> /etc/rc.conf echo "pf_enable='YES'" >> /etc/rc.conf echo "pf_rules='/mnt/Files/joe/hacks/pf.conf'" >> /etc/rc.conf echo "gateway_enable='YES'" >> /etc/rc.conf echo "" >> /etc/rc.conf echo "#Turn on OpenVPN" >> /etc/rc.conf echo "openvpn_enable='YES'" >> /etc/rc.conf echo "openvpn_if='tun'" >> /etc/rc.conf echo "openvpn_configfile='/mnt/Files/openvpn/openvpn.conf'" >> /etc/rc.conf echo "openvpn_dir='/mnt/Files/openvpn'" >> /etc/rc.conf service pf start service openvpn start fi
Save it and exit.
2. Now we need to make our hacks.sh script executable and make it owned by root for good measure. Make sure to change the path below to match your setup.
chmod 700 /mnt/Files/joe/hacks/hacks.sh chown root /mnt/Files/joe/hacks/hacks.sh
Set up the FreeNAS GUI to run hacks.sh as an init script.
3. Log into the FreeNAS gui and go to System > Init/Shutdown Scripts. Then click add Init/Shutdown Script
You want to select script in the first field. Browse to your hacks.sh script and select it in the second field and select Post Init in the third field.
Hit OK.
4. Reboot and watch the magic.
Verification
5. After you’ve rebooted, check the status of your hacks.
service openvpn status
You should get this if you are running openVPN
openvpn is running as pid 17535.
service pf status
You should get this if you are running pf. Notice that is says enabled.
No ALTQ support in kernel
ALTQ related functions disabled
Status: Enabled for 5 days 00:16:00 Debug: UrgentState Table Total Rate
current entries 21
searches 1236116133 2855.0/s
inserts 75627 0.2/s
removals 75649 0.2/s
Counters
match 2299524 5.3/s
bad-offset 0 0.0/s
fragment 0 0.0/s
short 0 0.0/s
normalize 0 0.0/s
memory 0 0.0/s
bad-timestamp 0 0.0/s
congestion 0 0.0/s
ip-option 28950 0.1/s
proto-cksum 0 0.0/s
state-mismatch 94319 0.2/s
state-insert 0 0.0/s
state-limit 0 0.0/s
src-limit 15 0.0/s
synproxy 0 0.0/s
Final Thoughts
I set this up and tested it in a VM that started out as FreeNAS 9.2.0. After setting this all up, I did a system upgrade using the GUI and upgraded to 9.2.1.2. After rebooting, I checked /etc/rc.conf and my changes were in fact still there. I then checked to see if pf and openVPN were running and they were. SUCCESS!!!
I hope you all enjoy this. Let me know of all the great ways you find to use this.