bastille
bastille copied to clipboard
BastilleBSD
[ENHANCEMENT] Convert to vnet
Is your feature request related to a problem? Please describe. So I wanted to try vnet jails because some services might not be running in "regular" jails, like qbittorrent
Describe the solution you'd like Would be great to be able to convert a regular jail to a vnet one like we can do with thin to thick jails
Describe alternatives you've considered I'm currently exporting my jail, gonna tweak the jail.conf by hand to try to make vnet work
Additional context Nothing more to says other that all my next jails will be thick and vnet ;p
For anyone looking to do the same it is fairly simple.
- Edit the jail.conf for the jail to be converted to VNET Add the following lines, replacing X with a free number 2, 3, 4 .. NIC with your network interface and JAILNAME with your jails name:
vnet;
vnet.interface = e0b_bastilleX;
exec.prestart += "jib addm bastilleX NIC";
exec.prestart += "ifconfig e0a_bastilleX description \"vnet host interface for Bastille jail JAILNAME\"";
exec.poststop += "jib destroy bastilleX";
Comment or remove the following lines:
interface = em0;
ip4.addr = aa.bb.cc.dd;
ip6 = disable;
- Edit the jail /etc/rc.conf Add the following lines (the X should match the unique number you chose in the first step)
ifconfig_e0b_bastilleX_name="vnet0"
ifconfig_vnet0="inet aa.bb.cc.dd"
Replace aa.bb.cc.dd with your preferred IP address.
I'll add that you may need to set defaultrouter in the jail's rc.conf.
Also, if you have not created any bastille vnet jails, then you'd need:
install -m 0544 /usr/share/examples/jails/jib /usr/local/bin/jib
VNET fully supported today in current release. Solution above posted to change a jail from non-vnet to vnet.
Closing.
It still would be nice if bastille had a command (or, at the very least, documentation) on how to do the conversion. But I guess that internet search and/or likes of ChatGPT are considered good enough these days :slightly_smiling_face: