HxHippy

Managing Jails with Bastille

Using Bastille for simplified jail management and templates.

Last updated: 2025-01-15

Installing Bastille

# Install from packages
pkg install bastille

# Or from ports
cd /usr/ports/sysutils/bastille
make install clean

Initial Setup

# Enable bastille
sysrc bastille_enable="YES"

# Configure ZFS (recommended)
sysrc -f /usr/local/etc/bastille/bastille.conf bastille_zfs_enable=YES
sysrc -f /usr/local/etc/bastille/bastille.conf bastille_zfs_zpool=zroot

# Bootstrap bastille
bastille bootstrap 14.0-RELEASE

Network Setup

# Create loopback network for jails
sysrc cloned_interfaces+="lo1"
sysrc ifconfig_lo1="inet 10.0.0.1 netmask 255.255.255.0"
service netif cloneup

# Configure PF NAT
# /etc/pf.conf
ext_if="em0"
jail_if="lo1"

set skip on lo0
scrub in all

nat on $ext_if from ($jail_if:network) to any -> ($ext_if)

pass all

Creating Containers

# Create basic container
bastille create myjail 14.0-RELEASE 10.0.0.10

# Create with specific interface
bastille create myjail 14.0-RELEASE 10.0.0.10 lo1

# Create VNET container
bastille create -V myjail 14.0-RELEASE 192.168.1.50/24 em0

Container Management

# List containers
bastille list

# Start/stop containers
bastille start myjail
bastille stop myjail
bastille restart myjail

# Get console
bastille console myjail

# Execute command
bastille cmd myjail pkg update

Package Management

# Install packages
bastille pkg myjail install nginx

# Update packages
bastille pkg myjail upgrade

# Bootstrap pkg in container
bastille pkg myjail bootstrap

Templates

# Apply template from GitHub
bastille bootstrap https://github.com/bastilleBSD/templates

# Apply nginx template
bastille template myjail bastilleBSD/templates/nginx

# Create custom template
mkdir -p /usr/local/bastille/templates/mytemplate
cat > /usr/local/bastille/templates/mytemplate/Bastillefile << 'EOF'
PKG nginx vim
SYSRC nginx_enable=YES
SERVICE nginx start
EOF

# Apply custom template
bastille template myjail mytemplate

Port Redirection

# Forward host port to container
bastille rdr myjail tcp 80 80
bastille rdr myjail tcp 443 443

# List redirects
bastille rdr myjail list

# Remove redirect
bastille rdr myjail clear

Import/Export

# Export container (creates .xz archive)
bastille export myjail

# Import container
bastille import myjail-backup.xz

# Clone container
bastille clone myjail newjail 10.0.0.11

Updates and Upgrades

# Update container's FreeBSD base
bastille update 14.0-RELEASE

# Upgrade container to new release
bastille upgrade myjail 14.1-RELEASE

Destroy Container

# Stop and destroy
bastille destroy myjail

# Force destroy
bastille destroy -f myjail
intermediate Jails Updated 2025-01-15
  • freebsd
  • jails
  • bastille
  • containers
  • templates