freebsd logo

Oracle Cloud doesn’t propose FreeBSD like a lot of providers so we need to install it using a direct flash.

This is my initial setup phase and everything starts with an Always-Free running Oracle Linux.

Flashing FreeBSD 13.1

Connected using ssh and using root:

  1. You need to check that you have wget installed otherwise you need to install it: dnf install wget -y
  2. Identify your disk with fdisk -l, in my case it’s /dev/sda
  3. Flashing: depends of your VM (AMD64 or AARCH64), you need to use the good one
# AMD64
wget -O - | xz -dc | dd of=/dev/sda bs=1M cov=fdatasync

wget -O - | xz -dc | dd of=/dev/sda bs=1M cov=fdatasync
  1. Initiate the reboot using the dashboard:

FreeBSD is now installed

Post-install steps

Using the console using the dashboard, let’s do a quick config and enable ssh.

Switch from quarterly to the latest repository (optional)

Depending if the version in quarterly is valid for your usage or not.

sed -i '' 's/quarterly/latest/' /etc/pkg/FreeBSD.conf

Update the system

freebsd-update fetch install
pkg update

Install packages

Let’s install a text editor, tmux, a sudo alternative, a DHCP client doing IPv4 and IPv6 and OpenSSH

pkg install -y doas dual-dhclient-daemon openssh-portable tmux vim

sudo is also available but on FreeBSD, I prefer doas

Config doas for group wheel

echo "permit :wheel" > /usr/local/etc/doas.conf

Config ssh server

vim /usr/local/etc/ssh/sshd_config

In my case, I force post-install (before the configuration management run (ansible/saltstack)):

  • PubkeyAuthentication yes
  • PasswordAuthentication no
  • PermitEmptyPasswords no
  • VersionAddendum sycured

Tune the boot time



Tune the system and services at boot


ifconfig_DEFAULT="DHCP inet6 accept_rtadv"

Create opc user

pw user add -n opc -d /home/opc -G wheel -m -s /bin/sh

Change the password

passwd opc

Add you ssh public key

mkdir -p /home/opc/.ssh
echo "MY_PUBLIC_KEY" > /home/opc/.ssh/authorized_keys
chown -R opc:opc /home/opc/.ssh
chmod 600 /home/opc/.ssh/authorized_keys

And finally, run the last reboot


This is a working way to have a FreeBSD when your provider doesn’t offer it.

I haven’t added a part about the firewall because the VM is already protected using security rules at the subnet level.

But you’ve 2 possibilities about the firewall:

  • stateful: pf
  • stateless: ipfw

If you want more information about pf, you can look at Packet Filter - OpenBSD Handbook.