FreeBSD 14.0-Release

226 points10
BSDobelix8 hours ago

I love how easy it is to be a part of FreeBSD:

Open a account at

Go to and find your outdated port (or port without maintainer (

Update port (makefile) open a bugreport add your diff and that's it...or ask to take additionally maintainership of that port.

akoster9 hours ago

From the release notes, it appears this may be the last release with i386 / 32-bit Intel x86 (as well as 32-bit armv6 and PowerPC) support.

“FreeBSD 15.0 is not expected to include support for 32-bit platforms other than armv7. The armv6, i386, and powerpc platforms are deprecated and will be removed. 64-bit systems will still be able to run older 32-bit binaries.“


cperciva8 hours ago

Probably 14.3 will be the last release with i386. But yes, 14.x will be the last major branch with i386.

csdreamer78 hours ago

Surprised that armv7 will be getting 32bit support but not x86. I know arm is huge, but it's platform support is also fragmented compared to an x86 box. Can anyone share some more info on this?

Also surprised they are cutting Power. That is one of the 4 platforms RHEL supports.

dragontamer7 hours ago

There's an industrial computer chip using ARM9 (aka: ARMv5 !!!!), let alone ARMv7.

This was released in the year 2020, for example, the latest Atmel SAM Microprocessor. While ARM9 / ARMv5 is abnormally out-of-date (lol Nintendo DS was ARMv6), its still getting new chips even today.

ARMv7, consisting of Cortex-A5, A7, and similar chips, is also similarly widespread today. I don't know how much FreeBSD support there is but I can think of multiple chips that have been made in the past 5 years that are still 32-bit ARMv7.

In an embedded world that still buys 8-bit computers, 32-bit is a luxury and 64-bit is just too much.


I'm only familiar with these chips from a Linux perspective however. But I have to imagine that some FreeBSD fanboi is hard at work porting FreeBSD to them!

EDIT: Lets see....

Oh snap, Xilinx Zynq7 family. Yeah, that will do it. That's an extremely common chip (FPGA + ARMv7 / Cortex-A9).

laxd5 hours ago

> ... some FreeBSD fanboi is hard at work porting ...

Or developers.

cperciva1 hour ago

Aside from 32-bit arm being used in more small embedded systems, I think it has 64-bit time_t. One of the reasons for killing of i386 is the Y2038 issue.

dragontamer7 hours ago

> Also surprised they are cutting Power. That is one of the 4 platforms RHEL supports.

They're cutting 32-bit Powerpc. It looks like powerpc64le support remains in FreeBSD14.

packetlost7 hours ago

I have 2 ARMv7 boards sitting on my desk. They're still extremely common in industry.

dragontamer7 hours ago

Which ones? ... If you don't mind me asking? At least the microprocessor if you can't tell me the board :-)

petecooper9 hours ago

I was introduced to FreeBSD (v3.3) in the late 90s by /user?id=gjvc. I bought the CD set and the FreeBSD Handbook in paperback format from The FreeBSD Mall.

I was too young to appreciate it back then, but now in my mid-40s I find myself hankering back to those early days for me. It's a shame that some cloud providers like DigitalOcean and Hetzner have dropped native support for FreeBSD as base operating systems for their VPSes. I think this release will be the turning point for me getting back into FreeBSD after too many years away.

Thanks to the FreeBSD release team!

jbverschoor9 hours ago

Yup.. FreeBSD was awesome becausethe FreeBSD handbook has always been top notch. It covers everything you need to install and administer FreeBSD + many of its packages

whartung3 hours ago

My early FreeBSD moment was when I had a cable modem, and you were able to download one or two boot floppies. After you booted them up, you could install the entire OS from the network. No CD needed.

I assume it just downloaded everything straight from FTP servers.

ioman3 hours ago

Oh, look who has a fancy cable modem! Back in my day, we had to do it with 14.4 kbaud modems (really) after walking to school, uphill both ways in the snow (not really).

mzi3 hours ago

I would guess you had a 14.4 kbps modem operating on 9600 baud.

Lammy7 hours ago (formerly prgmr) has first-class FreeBSD support. I've been with them since 2011.

totallywrong3 hours ago

The problem with FreeBSD is that it couldn't keep up. No containers or VMs (jails and their homegrown HV don't cut it), fewer drivers, etc. It's great for some server use cases but I just couldn't do my work in FreeBSD. I did like it though, the docs and community are great.

shrubble3 hours ago

They have had jails for 20+ years at this point. I would consider FreeBSD jails and containers on Linux equivalent at this point with overall the FreeBSD jails being better to manage if you do some scripting. The bhyve hypervisor, I haven't played with enough to form an opinion on.

BSDobelix8 hours ago

Talking about hetzner, they write you an image on a USB-Stick and put it in your Server (at no cost). Since it's a real server i don't need any "native" support from them. Otherwise Oracle-Cloud or Vultr.

But you are right, it's sad that hetzner dropped the "webinstall no hands-on" support.

yourfate7 hours ago

I run freebsd on a hetzner cloud vps, don’t remember how exactly I did it but I think I uploaded the install medium to the server console. Wasn’t too much hassle iirc.

_paulc50 minutes ago

If you want to automate FreeBSD deployments on Hetzner Cloud you can try:

(Allows you to provision instances using either the hcloud utility/web uni with ssh key/user-data support)

Kimitri8 hours ago

If it's a FreeBSD VPS you're after, I'd suggest you give UpCloud a chance. I'm currently running a few FreeBSD VPSs on UpCloud and I have not run into any issues. It's kinda great!

dang9 hours ago


FreeBSD 14.0 Release Information - - Nov 2023 (6 comments)

FreeBSD 14.0 has reached – RELEASE - - Nov 2023 (93 comments)

FreeBSD 14.0-RC1 Now Available - - Oct 2023 (17 comments)

FreeBSD 14.0-BETA2 Now Available - - Sept 2023 (7 comments)

ksec9 hours ago

I think a lot of the work for serving 800Gbps of TLS encrypted traffic from Netflix landed on FreeBSD 14.

Cant wait to see if they are doing 1600Gbps.

crest1 hour ago

IIRC the limit right now is per CPU socket memory bandwidth and inter-socket bandwidth. There just isn't enough bandwidth available to treat dual socket Xeon or EPYC systems as a single node ans the networks colocating their appliances aren't able to steer connections to the NICs in the same NUMA domain as the NVMe storage holding the data users want.

ksec52 minutes ago

Probably need to dig up those info, because I keep remembering they were on Dual Socket 64core Zen 3 with PCI-e 4 and DDR 4. The 128Core Zen4C with more memory channel and DDR5 should be able to push further.

eatbitseveryday7 hours ago

When will the torrents be created and released?

EDIT: Looks like they're up now!

samtheprogram9 hours ago

I tried out FreeBSD and loved it, between the documentation, cohesion, and the ports system.

Unfortunately, I need Docker for work on a few different projects -- one for Supabase migrations, and another project that's orchestrated (in development too) via docker-compose.

Highly recommend it otherwise.

ptx8 hours ago

You could run Docker in a Linux VM, which is what Docker Desktop does anyway. FreeBSD has Bhyve for this.

gigatexal42 minutes ago

Having to use a VM for docker is no different than what MacOS users have to do and then at that point why not just use a Mac.

magicalhippo3 hours ago

I do this and the only thing that sucks is that network speed is limited. Between host and guest I only get about 1.5Gpbs on a Threadripper 1950X.

NIC pass-through should work though, I already got NVMe pass-through working, so if I had a spare PCIe slot I'd do that with a 10G adapter.

dehrmann2 hours ago

Do you even need a VM? FreeBSD has linux binary compatibility.

waynesonfire7 hours ago

I have a similar requirement and will be doing exactly this.

inferiorhuman2 hours ago

I've been running FreeBSD for homelab stuff for years now and the documentation is a huge pain point IMO. The handbook is okay, but beyond that it's pretty poor.

E.g. every single major upgrade in recent memory has shat the bed. There's always a new reason, at one point it's because I rolled past the 3AM deadline and the periodic scripts absolutely fucked freebsd-update. So this time around I thought it'd be nice to script the 13.x install so I'd have a nice repeatable process.

Except the documentation around unattended installs still references sysinstall (which was replaced eons ago) in some parts. After quite a lot of digging I realized the automation story is "roll your own ISO". Nothing that even comes close to kickstart or quickstart in Linux land (geee no wonder AWS adoption is fairly low).

So I dug into some stuff that would've made automated installs from a stock ISO easier, got a proof of concept working and fired off an email to one of the names on the current installer (which is still missing features from sysinstall!). And that's where the story ends. I'm ready to get off of this train, and were it not for ZFS I would've already bailed.

Don't get me started on the ports tree.

I would not run FreeBSD in a production environment without a good reason. If you're already tied to docker that's a great reason to stay with Linux.

boznz9 hours ago

> FreeBSD supports up to 1024 cores on the amd64 and arm64 platforms.

Sounds pretty future proofed unless I'm missing a x86 processor out there that does this

krylon7 hours ago

If you combine multiple CPU sockets, you could get there. EPYC, IIRC, supports up to 64 cores per chip, so if you build a machine with 16 sockets, you get 1024 cores. To my knowledge, no such machine exists today, but HPE offers (or used to, anyway) a machine with 32 Xeon chips, so its core count could well reach several hundred. (I may or may not be drooling at the thought.)

justsomehnguy6 hours ago

    Intel® Xeon® Platinum 8490H Processor 
    Total Cores 60
    Total Threads 120
    Max Turbo Frequency 3.50 GHz
    Processor Base Frequency 1.90 GHz
    Scalability S8S
Up to 60 x 8 = 480 cores or 960 threads

    AMD EPYC™ 9754
    # of CPU Cores 128
    # of Threads 256
    Max. Boost Clock Up to 3.1GHz
    All Core Boost Speed  3.1GHz
    Base Clock 2.25GHz
    Socket Count
    1P / 2P
Up to 128 x 2 = 256 cores or 512 threads
Koshkin9 hours ago

> up to 1024

Curious where this (rather large, yet still seemingly arbitrary) limit comes from.

throw0101a9 hours ago

> Curious where this (rather large, yet still seemingly arbitrary) limit comes from.

It is Good Enough for now, while keeping various pre-allocated, statically created structures with-in reasonable size limits:

> Global and allocated arrays sized by MAXCPU result in excessive bloat on systems with lower core counts. In addition, some code used u_char (8 bits) to hold a CPU index, which is not valid if MAXCPU is greater than 256.

> A number of recent commits addressed these sorts of issues, including at least: […]



> The SMP system now supports up to 1024 cores on amd64 and arm64. Many kernel CPU sets are now dynamically allocated to avoid consuming excessive memory. The kernel cpuset ABI has been updated to support the higher limit. 76887e84be97[1] d1639e43c589[2] 9051987e40c5[3] e0c6e8910898[4] (Sponsored by The FreeBSD Foundation)


toast09 hours ago

Gotta have some limit, 4x the current limit of 256 seems reasonableish. Dual socket Epyc 9654 is 96 cores * 2 threads / core * 2 sockets = 384 threads. Intel says their Xeon Platinum 8490H can live on an 8 socket board[1], if you can find one (SuperMicro has one, no price listed [2]; not sure if this is really an 8 socket system, or if it's 4x dual-socket nodes in one chassis?); 60 * 2 * 8 = 960, so that's within the limit, and 8 socket boards are pretty difficult to find.



vluft7 hours ago

9754 is 128/256 now, so 256/512 for that.

That supermicro system is 8-way; it's 4 dual-socket motherboards but they're one system, hooked together by backplane boards. You can price supermicro's complete-system-only stuff (all of it now, alas) out on thinkmate or similar sites, but a minimal config (and you'd never buy that for a minimal config) hits around $60k.

crest1 hour ago

Bitmaps for logical CPU cores and certain lock-free algorithms don't scale well to arbitrary high CPU counts e.g. reclaiming resources once in a while is O(n^2) or worse or the size of the lock structure is linear to the maximum number of cores etc.

The relevant parts of the ABI have been future proofed to allow raising the kernel CPU core count limit without breaking the syscall interface for systems with less cores than the existing limit.

The_Colonel9 hours ago

"supports up to" doesn't have to mean "works well/optimally with".

adamddev19 hours ago

I want to love FreeBSD, but there are some things I wished were easier. Like getting the firewall pf set up. When I install Debian with ufw I get a really nice starting ruleset that works well with IPv6 and good ICMP filtering etc. With FreeBSD I was confused for awhile about how to get IPv6 working with (the very powerful) pf, which you have to write a config file completely from scratch for. I was left with a lot of suggestions and snippets but struggling to dig through the man pages and set all the complex rules for which types of ICMP messages to filter, etc. I wish there was an easier way to get going with the firewall with a good ready-made pf.conf file for a web server that works well with IPv6. Yes the power and easy customability of pf is great. But for many users who aren't network experts, some nice, accepted starting templates would be great.

gerdesj7 hours ago

"Like getting the firewall pf set up"

pfSense 2.7.0 is FreeBSD 14 based already and 2.7.1 was released todayish. You could try tearing their scripts apart to see what's what but bear in mind that pfSense is designed to be a router/firewall not a host based firewall, which sounds like what you really want.

It sounds like you want ufw or firewalld for FreeBSD. No idea if it exists and I am well passed DIY - I had custom scripts for ipfw, ipchains and iptables on Linux and then gave up. I don't use FreeBSD on the desktop but if I did ...

or keep it simple:

You mention a web server. I suggest you keep the host firewall simple, this is in pseudo code:

  allow ssh from LAN
  allow monitoring_ip to monitoring_ports
  drop blocklist_ips to ALL
  allow https from ALL to webserver_ip
  deny all
Your external router should keep most things out, the host firewall is a last resort. If you have a flat LAN, then this will keep your TV out etc. I have seen a TV port scan my home network, multiple times.

If you can, consider deploying multiple VLANs. This does raise the technical bar somewhat! Host firewalls are just as good for small setups. Decide on what your security requirements really are and work on from there. I will grant you that is quite tricky for the uninitiated but keep asking questions and ducking the inevitable "RTFM" style answers from entitled numbskulls and you will get there.

Good luck 8)

adamddev12 hours ago

Thanks, I used that Digital Ocean tutorial, but it doesn't get into the ICMP filtering enough, which you need for IPv6. And the pseudo code you shared is nice, but again, IPv6 will not work with that. ufw comes with a base ruleset with like 100ish lines of complex ICMP filtering. It's difficult/impossible to expect everyone to be able to write something like that from scratch in a syntax like pf. I just wish there was a complete, good template out there, but I haven't found anything.

inferiorhuman1 hour ago

I'd caution you from pulling examples from other operating systems. I started dicking around with writing an interactive pf shell earlier this year (which somehow got me to where I am today writing an xpath parser in rust) and quickly learned that a.) the documentation is often pretty sparse especially for the API and b.) pf is all over the place (Solaris, MacOS, FreeBSD, OpenBSD, DragonFly, pfSense, etc.) but each version has some pretty significant differences.

Every single one (including pfSense) has their own variant. From what I can tell FreeBSD's taken bigger steps to sync up with OpenBSD than the rest, certainly bigger than pfSense.

dehrmann2 hours ago

It's been forever since I really played with firewalls, but I remember pf being much more thought-out than iptables.

BSDobelix9 hours ago

Well there are some examples:

But yeah that pf.conf could be expanded allot, but there are many source to cobble a conf together. My conf is massive but 99.9% commented out so i have my "template" for nearly everything, from mail to web to blacklistd etc.

adamddev12 hours ago

Those are great but I don't see anything for a web server. Would just love a webserver that works with IPv6 and handles all the ICMP filtering like ufw does out of the box.

torstenvl8 hours ago

Have you considered putting your conf on GitHub?

One of my most popular repos (which isn't saying a lot) is a single config file.

BSDobelix8 hours ago

Let me think about's really massive and has comments like "*uck that if scrub on" or "set aggressive -> emailservers try and try again" and those are the best understandable comments believe me.

All is mixed from highly reliable and fast connections to dial-up "industry" stuff.

However that would be a good motivation to clean that monster up...hmmm

tambourine_man5 hours ago

Do it! :)

Gud9 hours ago

Finally FreeBSD has fast WiFi?

"WiFi 6 support has been added to wpa (wpa_supplicant(8) and hostapd(8)). c1d255d3ffdb 3968b47cd974 bd452dcbede6"

throw0101a9 hours ago

> The iwlwifi(4) driver for Intel wireless interfaces has been updated to the latest version, supporting chipsets up to WiFi 6E AX411/AX211/AX210, and with preparations for upcoming BX and SC chipsets. (Sponsored by The FreeBSD Foundation)



ThePowerOfFuet8 hours ago

>While iwlwifi supports all 802.11 a/b/g/n/ac/ax the compatibility code currently only supports 802.11 a/b/g modes. Support for 802.11 n/ac is to come. 802.11ax and 6Ghz support are planned.

doublepg234 hours ago

I am reading it correctly that FreeBSD doesn't have 802.11n wifi support?

csdreamer77 hours ago

What exactly is the compatibility code?

ThePowerOfFuet9 hours ago

Yes, but only if your card's driver does too. Mine uses iwm [0], which makes me sad:

>Currently, iwm only supports 802.11b and 802.11g modes. It will not associate to access points that are configured to operate only in 802.11n or 802.11ac modes.

Thankfully, 802.11a seems to work, so I can use my 5 GHz radio. But it's not fast.


BSDobelix9 hours ago

Thanks to everyone who made FreeBSD possible! Cheers!!

throw0101a9 hours ago
ggm9 hours ago

RACK? No mention of RACK or BBR. I thought the kld was being enabled by default in this release cycle.

or is this "old news" and it was rolled into an older release?

throw0101a9 hours ago

See "Request for Testing: TCP RACK" at:


tcp_rack(4) has been available since FreeBSD 13.0, just not the default:


An article from 2021:


* 2021 Discussion:

alwillis5 hours ago

If you really want BBR, you can build a custom kernel:

ggm5 hours ago

I know. I was asking if it had been brought into the premade, mainline state.

waynesonfire7 hours ago

I'm a fairly new FreeBSD user and this will be one of my first major upgrade. What should I be aware of when performing major upgrades? On Linux, I would avoid it and just start from a clean system. Curious what more experienced users thoughts are.

rwky31 minutes ago

I've had some issues with the opensmtpd port when upgrading from 13 to 14 which is probably due to the openssl upgrade. Apart from that the upgrade process tends to be pretty simple the updater warns you of any potential problems. As with any upgrade take a backup first so you can restore to 13 if you need to.

vedranm10 hours ago

Congratulations! Here's a summary of the highlights from the release announcement [1]:

- OpenSSH has been updated to version 9.5p1.

- OpenSSL has been updated to version 3.0.12, a major upgrade from OpenSSL 1.1.1t in FreeBSD 13.2-RELEASE.

- The bhyve hypervisor now supports TPM and GPU passthrough.

- FreeBSD supports up to 1024 cores on the amd64 and arm64 platforms.

- ZFS has been upgraded to OpenZFS release 2.2, providing significant performance improvements.

- It is now possible to perform background filesystem checks on UFS file systems running with journaled soft updates.

- Experimental ZFS images are now available for AWS and Azure.

- The default congestion control mechanism for TCP is now CUBIC.


throw0101a9 hours ago

> - ZFS has been upgraded to OpenZFS release 2.2, providing significant performance improvements.

Post-2.2 OpenZFS has RAID-Z expansion committed:


Also committed to FreeBSD -HEAD/development:


e12e6 hours ago

How about zfs native encryption?

jbverschoor9 hours ago

- The bhyve hypervisor now supports TPM and GPU passthrough

Supernice.. I'm really looking forward to more separation between OS installs. similar to Qubes.

scythe9 hours ago

- cperciva (also submitter of this post) now head of the releng team

cperciva9 hours ago

To be clear, me taking over the release engineering team a few days before the release announcement was entirely coincidental timing.

alberth8 hours ago

A. Huge thanks for all involved in FreeBSD.

It's amazing how polished, supported and performant it is for the relative size of the team involved.

B. Please consider donating.

C. I have much love for FreeBSD and as such, these are things I hope get address in the next major version (15.0)

- turning all internet facing services (except ssh) off, by default. OpenBSD does this.

- move all non-core things out of the base, like sendmail (now DMA, what a nice import from DFly btw)

- the base should only have one way to do things (don’t have 3 different firewalls in base like today)

- better defaults,

- something like io-uring, (async-sendfile is similar but that’s only for sendfile)

Thank you again for an amazing OS.

EDIT: I updated the first bullet of C for more clarity.

toast08 hours ago

> - turning all services (except ssh) off, by default. OpenBSD does this.

I think people would be rightfully upset if syslogd, cron, and getty weren't started by default. moused and a mailer daemon I get not wanting to start. What else starts by default that you don't want?

> - the base should only have one way to do things (don’t have 3 different firewalls in base like today)

I dunno about ipf; but ipfw and pf don't have complete overlap --- I need to use both to run my network how I want to (pfsync has no equivalent in ipfw, ipfw pipe/queue/sched doesn't have an equivalent in pf)

alberth7 hours ago

Regarding the first bullet, thanks. I just updated my post for more clarity.

I meant internet facing services (e.g. not referring to cron, etc).

toast07 hours ago

Well still, what's running out of the box other than a mail daemon (which I agree with you about), and maybe sshd? (I think it asks you during setup for that one, but I'm not sure anymore)

15001009009 hours ago


yangl19969 hours ago

Gosh... This is not some random guy. He wrote the release announcement

gruturo9 hours ago


Colin is extremely well known on HN. Famously he was a center of a.... peculiar exchange where his skills were questioned, and he had the comeback of a lifetime:

cperciva9 hours ago

Yes, I do.

Obligatory reference:

wkat42424 hours ago

What's the Putnam if I may ask? It sounds like an academic competition? Google didn't really enlighten me.

I know what it's like though, I won a big prize in school. Not saying it compares to yours but I stood out too. Didn't really help me become more popular though or boost my self confidence. But it was nice to give a middle finger to all the bullies for once.

wkat42424 hours ago

Ah ok a maths prize, cool! My prize was more general science. I'm very good at sciences but I have a mental blind spot for maths, I can understand really complex abstract problems but only if I can imagine them, explaining them with math makes it more confusing. It's weird :) In fact I was super surprised I won it because I screwed up the math part as expected.

Nice about the scholarship! I didn't get one but we don't really need them in the Netherlands. All universities cost a minimal standard fee only.

koito179 hours ago

OP is the founder of Tarsnap, a Silver sponsor of the FreeBSD foundation for over a decade at this point. This means donations between $10,000 - $24,999 for the fiscal year.


blast9 hours ago

GP might have been joking

vedranm9 hours ago

I wish more random guys gave 2^18 dollars to open source.

BSDobelix9 hours ago