Menu Home

Easy and lightweight jails with BastilleBSD

HowTo create jails with Bastille


Bastille is a very lightweight jail/container management for FreeBSD and HardenedBSD

install bastille

Bastille is very active so make shure you switch to latest pkg mirror

change pkg mirror to “latest”

vim /etc/pkg/FreeBSD.conf
FreeBSD: {
  url: "pkg+${ABI}/latest",
  mirror_type: "srv",
  signature_type: "fingerprints",
  fingerprints: "/usr/share/keys/pkg",
  enabled: yes

enable bastille

sysrc bastille_enable=YES

create virtual network bridge

sysrc cloned_interfaces+=lo1
sysrc ifconfig_lo1_name="bastille0"
service netif cloneup

edit /etc/pf.conf (add the lines without #)


#set block-policy return
#scrub in on $ext_if all fragment reassemble
set skip on lo

table <jails> persist
nat on $ext_if from <jails> to any -> ($ext_if)

#block in all
#pass out quick modulate state
#antispoof for $ext_if inet
#pass in inet proto tcp from any to any port ssh flags S/SA keep state

add ZFS support (check zpool with “zpool list”)

sysrc -f /usr/local/etc/bastille/bastille.conf bastille_zfs_enable=YES
sysrc -f /usr/local/etc/bastille/bastille.conf bastille_zfs_zpool=zroot #check with "zpool list"

bootstrap and create jail

bastille bootstrap 12.1-RELEASE
bastille create testjail 12.1-RELEASE
bastille start

install packages and login

bastille pkg install vim-console tmux
bastille console testjail

Have fun!

Categories: freebsd