HxHippy

Managing Jails with iocage

Using iocage for modern FreeBSD jail management with ZFS integration.

Last updated: 2025-01-15

Installing iocage

# Install
pkg install py39-iocage

# Activate iocage (specify ZFS pool)
iocage activate zroot

Fetching Releases

# List available releases
iocage fetch -r

# Fetch a release
iocage fetch -r 14.0-RELEASE

# Fetch latest
iocage fetch

Creating Jails

# Basic jail
iocage create -n myjail -r 14.0-RELEASE

# With networking
iocage create -n webjail -r 14.0-RELEASE \
  ip4_addr="em0|192.168.1.50/24" \
  defaultrouter="192.168.1.1"

# Start on boot
iocage create -n myjail -r 14.0-RELEASE boot=on

# With resource limits
iocage create -n myjail -r 14.0-RELEASE \
  memoryuse=2G \
  cpuset=0,1

Managing Jails

# List jails
iocage list

# Start jail
iocage start myjail

# Stop jail
iocage stop myjail

# Restart jail
iocage restart myjail

# Console access
iocage console myjail

# Execute command
iocage exec myjail pkg update

Jail Properties

# View all properties
iocage get all myjail

# Set property
iocage set boot=on myjail
iocage set ip4_addr="em0|192.168.1.50/24" myjail

# Common properties:
# - boot: Start on system boot
# - ip4_addr: IPv4 address
# - ip6_addr: IPv6 address
# - defaultrouter: Default gateway
# - vnet: Enable VNET (virtualized network stack)
# - allow_raw_sockets: Allow raw sockets (for ping, etc.)

Networking Options

Shared IP (Default)

# Jail shares host's network stack
iocage create -n myjail ip4_addr="em0|192.168.1.50/24"

VNET (Virtualized Network)

# Jail gets its own network stack
iocage create -n myjail vnet=on \
  ip4_addr="vnet0|192.168.1.50/24" \
  defaultrouter="192.168.1.1"

Snapshots

# Create snapshot
iocage snapshot myjail

# List snapshots
iocage snaplist myjail

# Rollback
iocage rollback myjail@snapshotname

Templates & Cloning

# Create template from jail
iocage stop myjail
iocage set template=yes myjail

# Clone from template
iocage create -n newjail -t myjail \
  ip4_addr="em0|192.168.1.51/24"

# Clone running jail
iocage clone myjail -n myjail-clone

Mounting Host Directories

# Add nullfs mount
iocage fstab -a myjail "/data /mnt/data nullfs rw 0 0"

# View fstab
iocage fstab myjail

# Mount typical directories
iocage fstab -a myjail "/home/user/projects /usr/home/jailuser/projects nullfs rw 0 0"

Upgrading Jails

# Update packages
iocage exec myjail pkg upgrade

# Upgrade jail to new release
iocage upgrade myjail -r 14.1-RELEASE

Destroying Jails

# Stop and destroy
iocage stop myjail
iocage destroy myjail

# Force destroy
iocage destroy -f myjail
intermediate Jails Updated 2025-01-15
  • freebsd
  • jails
  • iocage
  • zfs
  • containers