Hard switch off on pfsense box
-
Just keep in mind that you will still need to power it off afterward if you want it off.
As far as whether it is mounted read-only or r/w – as far as I know, the embedded and nanobsd versions are supposed to keep it mounted read-only for general usage, only mounting r/w during certain boot processes (possibly), when you change the configuration, and at shutdown when saving certain collected data. There is a chance certain packages could have an effect on this, but it should be as described if you are not using any.
Assuming it is working as intended, turning off the power after it is fully started but before it has gone through the shutdown process (which only halts the system at the very end) should only keep it from getting that collected data written to disk.
While not doing anything that would make it write to the card, the output from the mount command looks like this on mine:
/dev/ufs/pfsense1 on / (ufs, local, read-only) devfs on /dev (devfs, local) /dev/md0 on /var/tmp (ufs, local) /dev/md1 on /var (ufs, local) /dev/ufs/cf on /cf (ufs, local, read-only) devfs on /var/dhcpd/dev (devfs, local)
/dev/md devices probably being memory disks and devfs itself not being an actual storage location. It should basically look like this on yours.
-
Here is the output of the mount command on mine (thanks for the hint, it didn't occur to me to use the mount command without argument to get that info) :
$ mount /dev/ufs/pfsense0 on / (ufs, local) devfs on /dev (devfs, local) /dev/md0 on /var/tmp (ufs, local) /dev/md1 on /var (ufs, local) /dev/ufs/cf on /cf (ufs, local) devfs on /var/dhcpd/dev (devfs, local)
So I guess the snort package I have installed makes the card being mounted rw permanently.
Yes, I'll need to power off after shutdown. I'll think a bit more about that, but that should be doable.
-
Have you rebooted the system at all after setting up pfSense or installing snort? I'm not really familiar with the snort package for pfSense, so I'm unsure of whether this is normal behavior or just a temporary condition from an installer bug, if you haven't restarted yet.
-
Yes, I have restarted the box since. From what I read on the forums, snort does require quite a lot of memory and ample space for logfiles so this is no surprise. However, I have not found an explicit information on the behavior of snort wrt mounting disks. I've actually asked that question here: http://forum.pfsense.org/index.php/topic,23154.msg119193.html#msg119193.
-
You can trigger a remote shutdown from Windows like so:
http://forum.pfsense.org/index.php/topic,14310.msg78215.html#msg78215
Or from UNIX using a similar ssh command.
However, that will not power off the ALIX, only halt the OS. Any automated task will do the same. Only pulling the plug will make it stop drawing power. The ALIX doesn't have a "power switch", it's always on.
Given the low power consumption of the ALIX, and also the long boot time, it isn't worth the trouble to shut it off, IMHO.
You'd probably save more electricity by unplugging your TV at night so it isn't drawing standby power. :)
That said, it should be mounted RO all the time. I'm not sure what happened to the snort package since I first made it work on nanobsd, but it didn't used to keep things RW.
-
You can trigger a remote shutdown from Windows like so:
http://forum.pfsense.org/index.php/topic,14310.msg78215.html#msg78215
Or from UNIX using a similar ssh command.
Thank you! I guess I should have been able to work that out… I'll enable ssh login (only using the web interface so far) and play with it.
However, that will not power off the ALIX, only halt the OS. Any automated task will do the same. Only pulling the plug will make it stop drawing power.
Yes, but I think I should be able to issue a command to the UPS from the pfsense's shutdown scripts to power off the UPS after some delay (enough to let the Alix finish shutdown). Just installed the NUT package. Actually that is the whole point: It's not only the Alix draining power, it's also the ADSL modem, the UPS itself (5W for just being plugged in and doing nothing :o) power adapters for external hard drives etc. So I'd like to shut off all that stuff in one go. And as I'd like to have the Alix on the UPS, it'll need to be switched off with the rest.
You'd probably save more electricity by unplugging your TV at night so it isn't drawing standby power. :)
Probably not, I don't have a TV ;D
That said, it should be mounted RO all the time. I'm not sure what happened to the snort package since I first made it work on nanobsd, but it didn't used to keep things RW.
That's interesting. I'll reboot the box and check again just in case something went wrong on the last reboot.
-
I just faced the same situation that I really had to shut down a pfsense box. It is located in a production truck where the power is not always connected. I first ran it without shutting it down correct (just unplugged the cable) but just recently the filesystem crashed…
I just thought I post my solution if somebody else has the same need.
What I did was to modify the file: /etc/devd.conf
and added the following lines of code:
attach 10 {
match "product" "your USB stick product ID";
action "halt";
};This way I have a special USB key that I just stick in to the alix box, and the system will halt.
If you want to use any usb key, just replace the match line with: device-name "(umass|umass0)";With this command you can see what product ID your USB key has:
sysctl -a | grep dev.umass.0Here is a link to other variables you can use:
http://leaf.dragonflybsd.org/cgi/web-man?command=devd.conf§ion=5The best would have been to use the serial, but I didn't get it to work.
-
on your USB key do you have an actual fild saved on it that the system looks for or is it just looking for a device named "USB key" (or what ever your device is called)? how did you set it up, this sounds like it would be something I would like. Or do I just need to edit that one conf. file and tell it the USB device name (example: "USB keyboard 1", or "untitled USB stick") and then when the device is detected it just halts/turns off?
-
If I were doing something like this, I would not key it on attach, I'd key it on detach.
That way if you still need to get a file onto your ALIX via USB key, it won't shut down every time you try :)
jaime - no, no file, it's triggered by the detection process when the USB key is plugged in.
-
sweet! defiantly somthing I am gonna look into my self!