FreeBSD Quickstart Guide for Linux® Users

This document highlights some of the technical differences between FreeBSD and Linux® so that intermediate to advanced Linux® users can quickly familiarize themselves with the basics of FreeBSD.

This document assumes that FreeBSD is already installed. Refer to the Installing FreeBSD chapter of the FreeBSD Handbook for help with the installation process.

Linux® users are often surprised to find that Bash is not the default shell in FreeBSD. In fact, Bash is not included in the default installation. Instead, FreeBSD uses tcsh(1) as the default root shell, and the Bourne shell-compatible sh(1) as the default user shell. sh(1) is very similar to Bash but with a much smaller feature-set. Generally shell scripts written for sh(1) will run in Bash, but the reverse is not always true.

However, Bash and other shells are available for installation using the FreeBSD Packages and Ports Collection.

After installing another shell, use chsh(1) to change a user's default shell. It is recommended that the root user's default shell remain unchanged since shells which are not included in the base distribution are installed to /usr/local/bin. In the event of a problem, the file system where /usr/local/bin is located may not be mounted. In this case, root would not have access to its default shell, preventing root from logging in and fixing the problem.

FreeBSD provides two methods for installing applications: binary packages and compiled ports. Each method has its own benefits:

If an application installation does not require any customization, installing the package is sufficient. Compile the port instead whenever an application requires customization of the default options. If needed, a custom package can be compiled from ports using make package.

A complete list of all available ports and packages can be found here.

# pkg install apache24

# cd /usr/ports/www/apache24
# make install clean

# cd /usr/ports/www/apache24
# make WITH_LDAP="YES" install clean

Many Linux® distributions use the SysV init system, whereas FreeBSD uses the traditional BSD-style init(8). Under the BSD-style init(8), there are no run-levels and /etc/inittab does not exist. Instead, startup is controlled by rc(8) scripts. At system boot, /etc/rc reads /etc/rc.conf and /etc/defaults/rc.conf to determine which services are to be started. The specified services are then started by running the corresponding service initialization scripts located in /etc/rc.d/ and /usr/local/etc/rc.d/. These scripts are similar to the scripts located in /etc/init.d/ on Linux® systems.

The scripts found in /etc/rc.d/ are for applications that are part of the “base” system, such as cron(8), sshd(8), and syslog(3). The scripts in /usr/local/etc/rc.d/ are for user-installed applications such as Apache and Squid.

Since FreeBSD is developed as a complete operating system, user-installed applications are not considered to be part of the “base” system. User-installed applications are generally installed using Packages or Ports. In order to keep them separate from the base system, user-installed applications are installed under /usr/local/. Therefore, user-installed binaries reside in /usr/local/bin/, configuration files are in /usr/local/etc/, and so on.

Services are enabled by adding an entry for the service in /etc/rc.conf . The system defaults are found in /etc/defaults/rc.conf and these default settings are overridden by settings in /etc/rc.conf. Refer to rc.conf(5) for more information about the available entries. When installing additional applications, review the application's install message to determine how to enable any associated services.

The following entries in /etc/rc.conf enable sshd(8), enable Apache 2.4, and specify that Apache should be started with SSL.

# enable SSHD
sshd_enable="YES"
# enable Apache with SSL
apache24_enable="YES"
apache24_flags="-DSSL"

Once a service has been enabled in /etc/rc.conf, it can be started without rebooting the system:

# service sshd start
# service apache24 start

If a service has not been enabled, it can be started from the command line using onestart:

# service sshd onestart

Instead of a generic ethX identifier that Linux® uses to identify a network interface, FreeBSD uses the driver name followed by a number. The following output from ifconfig(8) shows two Intel® Pro 1000 network interfaces (em0 and em1):

% ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=b<RXCSUM,TXCSUM,VLAN_MTU>
        inet 10.10.10.100 netmask 0xffffff00 broadcast 10.10.10.255
        ether 00:50:56:a7:70:b2
        media: Ethernet autoselect (1000baseTX <full-duplex>)
        status: active
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=b<RXCSUM,TXCSUM,VLAN_MTU>
        inet 192.168.10.222 netmask 0xffffff00 broadcast 192.168.10.255
        ether 00:50:56:a7:03:2b
        media: Ethernet autoselect (1000baseTX <full-duplex>)
        status: active

An IP address can be assigned to an interface using ifconfig(8). To remain persistent across reboots, the IP configuration must be included in /etc/rc.conf. The following /etc/rc.conf entries specify the hostname, IP address, and default gateway:

hostname="server1.example.com"
ifconfig_em0="inet 10.10.10.100 netmask 255.255.255.0"
defaultrouter="10.10.10.1"

Use the following entries to instead configure an interface for DHCP:

hostname="server1.example.com"
ifconfig_em0="DHCP"

FreeBSD does not use Linux® IPTABLES for its firewall. Instead, FreeBSD offers a choice of three kernel level firewalls:

PF is developed by the OpenBSD project and ported to FreeBSD. PF was created as a replacement for IPFILTER and its syntax is similar to that of IPFILTER. PF can be paired with altq(4) to provide QoS features.

This sample PF entry allows inbound SSH:

pass in on $ext_if inet proto tcp from any to ($ext_if) port 22

IPFILTER is the firewall application developed by Darren Reed. It is not specific to FreeBSD and has been ported to several operating systems including NetBSD, OpenBSD, SunOS, HP/UX, and Solaris.

The IPFILTER syntax to allow inbound SSH is:

pass in on $ext_if proto tcp from any to any port = 22

IPFW is the firewall developed and maintained by FreeBSD. It can be paired with dummynet(4) to provide traffic shaping capabilities and simulate different types of network connections.

The IPFW syntax to allow inbound SSH would be:

ipfw add allow tcp from any to me 22 in via $ext_if

There are two methods for updating a FreeBSD system: from source or binary updates.

Updating from source is the most involved update method, but offers the greatest amount of flexibility. The process involves synchronizing a local copy of the FreeBSD source code with the FreeBSD Subversion servers. Once the local source code is up-to-date, a new version of the kernel and userland can be compiled.

Binary updates are similar to using yum or apt-get to update a Linux® system. In FreeBSD, freebsd-update(8) can be used fetch new binary updates and install them. These updates can be scheduled using cron(8).

0 3 * * * root /usr/sbin/freebsd-update cron

For more information on source and binary updates, refer to the chapter on updating in the FreeBSD Handbook.

In some Linux® distributions, one could look at /proc/sys/net/ipv4/ip_forward to determine if IP forwarding is enabled. In FreeBSD, sysctl(8) is instead used to view this and other system settings.

For example, use the following to determine if IP forwarding is enabled on a FreeBSD system:

% sysctl net.inet.ip.forwarding
net.inet.ip.forwarding: 0

Use -a to list all the system settings:

% sysctl -a | more

If an application requires procfs, add the following entry to /etc/fstab:

proc                /proc           procfs  rw,noauto       0       0

Including noauto will prevent /proc from being automatically mounted at boot.

To mount the file system without rebooting:

# mount /proc

Some common command equivalents are as follows:

This document has provided an overview of FreeBSD. Refer to the FreeBSD Handbook for more in-depth coverage of these topics as well as the many topics not covered by this document.