The first attempt at getting this to work failed miserably. Not only did the shell script mangle the additions to rc.conf, but the script created a reboot loop that was pretty much impossible to break. THIS NEEDS MORE WORK!
I’ve been customizing FreeNAS to do more than it is meant to do out of the box. I want to run OpenVPN on it. I want it to have a firewall enabled on it. I’ve got those things working, but the issue I have is after every OS upgrade, I have to remember to go back in and re-enable all of them.
What we really need is a way to make modifications to FreeNAS sticky. So, I was thinking, why not write a script that will launch when the system is initializing and check to see if the modifications are in place or not. The FreeNAS developers are pretty good about keeping things that are configured in the GUI and moving them forward with the OS upgrades.
Here are the basic steps involved:
- Write a shell script that checks /conf/base/etc/rc.conf for our customizations
- If they are not present, add them to the end of /conf/base/etc/rc.conf, then reboot
- If they are there, boot normally
- Run the script at startup by creating an init script in the GUI
I am not much of a code writer…and honestly this is my first shell script….so it isn’t going to be pretty. So far here is what I have.
if grep ‘pf_enable’ /conf/base/etc/rc.conf
echo “Hacks in Place”
mount -uw /
echo ‘#Turn on pf firewall’ >> /conf/base/etc/rc.conf
echo ‘pf_enable=”YES”‘ >> /conf/base/etc/rc.conf
echo ‘pf_rules=”/mnt/Files/joe/hacks/pf.conf”‘ >> /conf/base/etc/rc.conf
echo ‘gateway_enable=”YES”‘ >> /conf/base/etc/rc.conf
echo ‘ ‘ >> /conf/base/etc/rc.conf
echo ‘#Turn on OpenVPN’ >> /conf/base/etc/rc.conf
echo ‘openvpn_enable=”YES”‘ >> /conf/base/etc/rc.conf
echo ‘openvpn_if=”tun”‘ >> /conf/base/etc/rc.conf
echo ‘openvpn_configfile=”/mnt/Files/openvpn/openvpn.conf”‘ >> /conf/base/etc/rc.conf
echo ‘openvpn_dir=”/mnt/Files/openvpn”‘ >> /conf/base/etc/rc.conf
So, that’s where I am on this so far. Next step will be to test it out in a vm and see what it does. Hopefully it does what I expect and then it is just a matter of setting it up in the GUI under Init Scripts.
More to come, so stay tuned.