• I have seen a few posts on this around but could not find anything definitive.

    What needs done to get pfsense compatible with the ZFS fs.

    ZFS would be perfect for livebackups and has been in BSD for a while.

    I see the ZFS driver load…


  • soon…

  • waits…..

  • This would require some work on the pfSense installer, possibly in conjuction with a tool like beadm (inside ports).
    Heck, 10.0-BETA3 was actually one of the first FreeBSD builds to ship with a bsdinstall that does root-on-ZFS out of the box.
    Don't expect pfSense to get similar feature without some developer's effort.

    Currently on native FreeBSD you have to install something like 'beadm' to get full advantage of ZFS boot environments
    to fall back in case of failed updates. Additionnaly I'd guess that ZFS boot environments would only make sense on full, not embedded installs.

  • Sounds complicated.  Last time I used BSD for ZFS the system would boot a corrupt drive before it booted a good one.

    I do not know what the logistics are, but full, live, image backup for my router would be perfect if a HD fails.

  • @webdawg: Concerning overall ZFS support, I'd say that things are now pretty much solid.

    FreeBSD is actively tacking and giving back to the OpenZFS community (mostly illumos but also ZFS on Linux).
    From that side the development seems healthy. In pfSense it's an issue of having a recent base OS
    (though 8.3's ZFS was already ok) and the part of integration it into the installer and the management interface.

    You can already create full image and config only backups with pfSense - just not as nicely or as instantly as with ZFS.

  • I am not if favor of ZFS on a firewall.
    today your live backup is just one file away and you can restore quickly with that XML.

    I still do not see where ZFS comes in place in the normal use case apart complicating things!

  • Upstream the question was 'what is the point of ZFS on a firewall? it just complicates things.'

    That's certainly the case for many sorts of firewalls.  Consider firewalls that do lots of caching of client side http downloads, that run postfix mail exchangers and other 'big storage' packages.  Restoring from an XML backup doesn't preserve the mail queue, doesn't preserve potentially gigabytes of cached downloads.  ZFS snapshots and rollbacks and remote sends can do that.

    There's an even better reason:  The ability to run pfsense with ZFS on the 'bare metal' with direct access to several hardware nics, while running other 'close to the network' type servers (web, mail, cloud, voip/pbx, etc) in virtual machines running on a 'big iron' style pfsense install.  All those can use zvols maintained by ZFS on the bare metal with all the sys-admin and error catching advantages zfs brings.

    Currently to use ZFS and pfsense on a 'big iron' system, pfsense has to run in a virtual machine and the network interface card 'plumbing' is a pain.

Log in to reply