1. Update binary packages
First thing to do just like on any new operating system install is to update / patch the server
# freebsd-update fetch
# freebsd-update install
2. Update FreeBSD port packages
As a FreeBSD administrator you will need ports every now and then so make sure you have them at their latest release for your FBSD release
# pkg update
# pkg upgrade
3. Install editors and bash
# pkg install nano vim joe bash bash_completion
4. Install sudo
To be able to run commands without becoming superuser root just like on any Linux you will probably want to have sudo package installed
# pkg install sudo
Sudo config file is under /usr/local/etc/sudoers
To edit it with syntax check enabled use visudo
# visudo
…
# sudo pkg update
If you want a regular account to have root superuser edit / modify and do things permissions
# pw groupmod wheel -M your_user_name
Then to make the wheel permissions work add to sudoers:
%wheel ALL=(ALL=ALL) ALL
5. FreeBSD modify personal information for account
# chpass your_user_name
To change your account and others to use bash instead of default freebsd csh
# csh -s /bin/bash your_user_name
7. Set a Static IP address for a FreeBSD server and configure DNS
Edit /etc/rc.local to look something like so
#ifconfig_em0="DHCP"
ifconfig_em0="inet 192.168.1.100 netmask 255.255.255.0"
# default gateway
defaultrouter="192.168.1.1"
/etc/rc.conf is also the file where you can easily enable / disable freebsd startup scripts
To restart network interafaces just like Debian Linux's /etc/init.d/networking restart type
# service netif restart
# service routing restart
To set Google DNS in FreeBSD just like in Linux add the IPs with nameserver prefix to /etc/resolv.conf
# echo 'nameserver 8.8.8.8' >> /etc/resolv.conf
# echo 'nameserver 8.8.8.8' >> /etc/resolv.conf
# echo 'search your-domain-name' >> /etc/resolv.conf
– If you need to change the hostname of the FreeBSD server change in /etc/rc.conf
hostname="your-freebsdhostname"
– To add multiple IP addresses to a network interface on FBSD add line like below to /etc/rc.conf
ifconfig_em0_alias0="192.168.1.5 netmask 255.255.255.255"
ifconfig_em0_alias1="192.168.1.6 netmask 255.255.255.255"
…
To apply changes and bring up the newly set multiple IPs
# service netif restart
8. Setting up proper timezone
If for some reason the Time zone is improperly set during FreeBSD install, you can later set that with
# tzsetup
9. Set up ntp time server synchronization daemon
# vim /etc/rc.conf
ntpd_enable="YES"
ntpd_sync_on_start="YES"
First command will bring up NTP server at start up and second make it synchroniza with Internet NTP servers, to restart ntp so it set proper time
immediately
# service ntpd start
10. Add additional SWAP space to FreeBSD server after install
– First we need to create the swap file with command and then set up proper permissions for it
# truncate -S 3G /swapf
# chmod 0600 /swapf
– Then to make the swapf being used on boot we need to add it to /etc/fstab
# echo "md99 none swap sw,file=/swapf,late 0 0" >> /etc/fstab
To immediately apply the new added swap to be used by the system run:
# swapon -aqL
To check various things on how swap is configured use
# swapinfo -g
11. Configure Firewall in FreeBSD
# vim /etc/rc.conf
firewall_enable="YES"
firewall_script="/usr/local/etc/ipfw.rules"
A very basic firewall to add to ipfw.rules file would be something like so:
$IPF 70 allow all from any to any out keep-state
$IPF 80 allow icmp from any to any
# open port ftp$IPF 110 allow tcp from any to any 21 in
$IPF 120 allow tcp from any to any 21 out# 22 for ssh
$IPF 130 allow tcp from any to any 22 in
$IPF 140 allow tcp from any to any 22 out# mail port 25
$IPF 150 allow tcp from any to any 25 in
$IPF 160 allow tcp from any to any 25 out# dns (53) udp and tcp in
$IPF 170 allow udp from any to any 53 in
$IPF 175 allow tcp from any to any 53 in# dns (53) udp and tcp out
$IPF 180 allow udp from any to any 53 out
$IPF 185 allow tcp from any to any 53 out# http (80),
$IPF 200 allow tcp from any to any 80 in
$IPF 210 allow tcp from any to any 80 out
# deny and log everything
$IPF 500 deny log all from any to any
To launch the firewall
# service ipfw start
To list current FreeBSD Firewall rules use
# ipfw list
Finally if you need to check your connections to the server just like Linux's netstat you might consider using sockstat comand
# sockstat -4 -6
…
– 4 -6 will list you network connections for ipv4 and ipv6 both tcp and udp