Installing Bastille
# Install from packages
pkg install bastille
# Or from ports
cd /usr/ports/sysutils/bastille
make install clean
Initial Setup
# Enable bastille
sysrc bastille_enable="YES"
# Configure ZFS (recommended)
sysrc -f /usr/local/etc/bastille/bastille.conf bastille_zfs_enable=YES
sysrc -f /usr/local/etc/bastille/bastille.conf bastille_zfs_zpool=zroot
# Bootstrap bastille
bastille bootstrap 14.0-RELEASE
Network Setup
# Create loopback network for jails
sysrc cloned_interfaces+="lo1"
sysrc ifconfig_lo1="inet 10.0.0.1 netmask 255.255.255.0"
service netif cloneup
# Configure PF NAT
# /etc/pf.conf
ext_if="em0"
jail_if="lo1"
set skip on lo0
scrub in all
nat on $ext_if from ($jail_if:network) to any -> ($ext_if)
pass all
Creating Containers
# Create basic container
bastille create myjail 14.0-RELEASE 10.0.0.10
# Create with specific interface
bastille create myjail 14.0-RELEASE 10.0.0.10 lo1
# Create VNET container
bastille create -V myjail 14.0-RELEASE 192.168.1.50/24 em0
Container Management
# List containers
bastille list
# Start/stop containers
bastille start myjail
bastille stop myjail
bastille restart myjail
# Get console
bastille console myjail
# Execute command
bastille cmd myjail pkg update
Package Management
# Install packages
bastille pkg myjail install nginx
# Update packages
bastille pkg myjail upgrade
# Bootstrap pkg in container
bastille pkg myjail bootstrap
Templates
# Apply template from GitHub
bastille bootstrap https://github.com/bastilleBSD/templates
# Apply nginx template
bastille template myjail bastilleBSD/templates/nginx
# Create custom template
mkdir -p /usr/local/bastille/templates/mytemplate
cat > /usr/local/bastille/templates/mytemplate/Bastillefile << 'EOF'
PKG nginx vim
SYSRC nginx_enable=YES
SERVICE nginx start
EOF
# Apply custom template
bastille template myjail mytemplate
Port Redirection
# Forward host port to container
bastille rdr myjail tcp 80 80
bastille rdr myjail tcp 443 443
# List redirects
bastille rdr myjail list
# Remove redirect
bastille rdr myjail clear
Import/Export
# Export container (creates .xz archive)
bastille export myjail
# Import container
bastille import myjail-backup.xz
# Clone container
bastille clone myjail newjail 10.0.0.11
Updates and Upgrades
# Update container's FreeBSD base
bastille update 14.0-RELEASE
# Upgrade container to new release
bastille upgrade myjail 14.1-RELEASE
Destroy Container
# Stop and destroy
bastille destroy myjail
# Force destroy
bastille destroy -f myjail
intermediate | Jails | Updated 2025-01-15
- freebsd
- jails
- bastille
- containers
- templates