Mirrors/BastilleBSD_bastille
1
0
Fork 1
mirror of https://github.com/BastilleBSD/bastille.git synced 2025-12-13 02:19:52 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
9f0b5f1cdbb1093b7c57e4dbd25ba81712c47f17
BastilleBSD_bastille/docs/chapters/subcommands/setup.rst
tschettervictor 9f0b5f1cdb setup: move linux setup to setup command
2025-11-27 17:21:08 -07:00

74 lines
3.0 KiB
ReStructuredText
Raw Blame History

setup
=====
The ``setup`` sub-command attempts to automatically configure a host system for
Bastille jails. This allows you to configure networking, firewall, storage, and
some additional options for a Bastille host with one command.
Options
-------
Below is a list of available options that can be used with the ``setup`` command.
The ``bridge`` options will attempt to configure a bridge interface for use with
bridged VNET (``-B``) jails.
The ``linux`` options will attempt to configure your system to run
Linux (``-L|--linux``) jails. This will load some required kernel modules, and
add the to ``/boot/loader.conf``.
The ``loopback`` option will configure a loopback interface called ``bastille0``
that will be used as a default when not specifying an interface with the
``create`` command.
The ``netgraph`` option will attempt to configure your system to use ``netgraph``
as the network mode as opposed to the standard ``if_bridge`` mode.
The ``pf|firewall`` option will configure the pf firewall by enabling the service
and creating the default ``pf.conf`` file. Once this is done, you can use the
``rdr`` command to forward traffic into a jail.
The ``shared`` option will configure the interface you choose to also be used as
the default when not specifying an interface with the ``create`` command.
The ``storage`` option will attempt to configure a pool and dataset for Bastille,
but only if ZFS in enabled on your system. Otherwise it will use UFS.
The ``vnet`` option will configure your system for use with VNET (``-V``) jails.
Limitations
-----------
The ``loopback`` option is the default, and is enough for most use cases. It is
simply an ``lo`` interface that jails will get linked to on creation. It is not
attached to any specific interface. This is the simplest networking option. The
``loopback`` and ``shared`` options are only for cases where the ``interface``
is not specified during the ``create`` command. If an interface is specified,
these options have no effect. Instead, the specified interface will be used.
Please note. You CANNOT run both a loopback and a shared interface with Bastille.
Only one should be configured. If you configure one, it will disable the other.
The ``shared`` option is for cases where you want an actual interface to use with
Bastille as opposed to a loopback. Jails will be linked to the shared interface
on creation.
Running ``bastille setup`` without any options will attempt to auto-configure the
``loopback``, ``firewall`` and ``storage`` options.
.. code-block:: shell
ishmael ~ # bastille setup -h
Usage: bastille setup [option(s)] [bridge]
[linux]
[loopback]
[netgraph]
[pf|firewall]
[shared]
[storage]
[vnet]
Options:
-y | --yes Assume always yes on prompts.
-x | --debug Enable debug mode.
Reference in New Issue View Git Blame Copy Permalink