Getting Started

Bastille has many different options when it comes to creating and managing jails. This guide is meant to show some basic setup and configuration options.

Setup

The first command a new user should run is bastille setup. This will configure the networking, storage, and firewall on your system for use with Bastille.

By default the bastille setup will configure a loopback interface, storage (ZFS if enabled, otherwise UFS) and the pf firewall.

Alternatively, you can run bastille setup OPTION command with any of the supported options to configure the selected option by itself.

To see a list of available options, see the setup subcommand.

ishmael ~ # bastille setup

Now we are ready to bootstrap a release and start creating jails.

Bootstrapping a Release

To bootstrap a release, run bastille bootstrap RELEASE.

ishmael ~ # bastille bootstrap 14.2-RELEASE

This will fetch the necessary components of the specified release, and enable us to create jails from the downloaded release.

Creating a Jail

There are a few different types of jails we can create, described below.

  • Thin jails are the default, and are called thin because they use symlinks to the bootstrapped release. They are lightweight and are created quickly.

  • Thick jails use the entire release, which is copied into the jail. The jail then acts like a full BSD install, completely independent of the release. Created with the --thick|-T option.

  • Clone jails are essentially clones of the bootstrapped release. Changes to the release will affect the clone jail. Created with the --clone|-C option.

  • Empty jails are just that, empty. These should be used only if you know what you are doing. Created with the --empty|-E option.

  • Linux jails are jails that run linux. Created with the --linux|-L option. See Linux Jails.

We will focus on thin jails for this guide.

Classic/Standard Jail

ishmael ~ # bastille create nextcloud 14.2-RELEASE 10.1.1.4/24

This will create a classic jail, which uses the loopback interface (created with bastille setup) for outbound connections.

To be able to reach a service inside the jail, use bastille rdr.

ishmael ~ # bastille rdr nextcloud tcp 80 80

This will forward traffic from port 80 on the host to port 80 inside the jail. See also rdr.

VNET Jail

VNET jails can use either a host interface with -V or a manually created bridge interface with -B. You can also optionally set a static MAC for the jail interface with -M.

ishmael ~ # bastille create -BM nextcloud 14.2-RELEASE 192.168.1.50/24 bridge0

or

ishmael ~ # bastille create -VM nextcloud 14.2-RELEASE 192.168.1.50/24 vtnet0

The IP used for VNET jails should be an IP reachable inside your local network. You can also specify 0.0.0.0 or DHCP to use DHCP.