sigmoid.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A social space for people researching, working with, or just interested in AI!

Server stats:

597
active users

#jails

1 post1 participant0 posts today

Did some really good progress on my FreeBSD server, running on OVHCloud:

- Re-Installed with ZFS instead of UFS via OVH rescue-system:

cat FreeBSD-14.3-RELEASE-amd64-zfs-rebuilt.raw.xz | ssh root@w.x.y.z "xz -dc | dd of=/dev/sdb bs=1M"

- Configured IPv4 and IPv6 networking in rc.conf

- Configured BastilleBSD to manage bridged VNET Jails

- Jail IPv6 networking via NAT66 and ULA addresses

- Solid firewall setup for NAT and packet-filtering via pf

Amazing 🙂 :freebsd:

#freebsd #unix #ipv6 #jails #bastilleBSD @BastilleBSD

WordPress on FreeBSD with BastilleBSD: A Secure Alternative to Linux/Docker

Tired of the Linux/Docker “monoculture” for WordPress? This article guides you step-by-step through the secure installation of WordPress on FreeBSD using BastilleBSD. Discover how jail separation, performance, and the versatility of ZFS offer a more robust and easily manageable environment, far from common vulnerabilities often linked to poorly maintained plugins. Get ready to make your site more secure and reliable.

journal.bsd.cafe/2025/07/21/wo

#FCC blocks ban on #prison #phone price gouging, benefiting top Trump donors
The move suspends a 2024 FCC decision that capped the price of in-state phone calls at 6 cents minute for prisons and large #jails and 7 cents per minute for medium-sized jails. Before the decision, a 15-minute phone call could cost as much as $11.35 at large jails in some states. Under the 2024 rules, those same phone calls would cost 90 cents.
popular.info/p/fcc-blocks-ban-

Popular Information · FCC blocks ban on prison phone price gouging, benefiting top Trump donorsBy Rebecca Crosby
Continued thread

At a news conference Tues, Giovanni Diaz, one of Guevara’s attorneys, said that if his client was taken into #ICE custody he would likely spend some time at the agency’s downtown field office before being transferred to one of 2 South Georgia #immigrant #jails: the Stewart Detention Center or the Folkston ICE Processing Center.

Diaz added that Georgia’s immigrant #detention facilities are “overwhelmed.”

Replied in thread

If you are looking for a container management workflow that's more production ready, consider #Ansible and #Jails / #Bhyve . Using Ansible for jail building and management is more flexible than Dockerfiles. And you can use it to create and manage BSD containers and Linux guests. This exposes full #Docker functionality inside a managed VM. Bonus is the full BSD networking stack, which is superior to Docker's networking IMO. Stability of a BSD base system, also.

@gyptazy @al1r4d @rl_dane @sirber

After some days of troubleshooting FreeBSD networking and pf firewalling (and learning a lot in the process!), I finally made an article about FreeBSD VNet jails behind a dedicated firewall jail, that works with both IPv4 AND IPv6:

Internet <-> firewall-jail <-> application jail

I hope, someone might find that helpful. The detailed article is here in my Codeberg gists:

codeberg.org/Larvitz/gists/src

My next step is trying to get IPv6 address support into the marvelous tool jmore from @vermaden and sending him a pull-request for that :)

#bsd#freebsd#jails

After a while of fiddling, I got dual-stack for FreeBSD (IPv4 and IPv6) VNet Jails working properly and reliably 🙂

The important lessons, I've learned:

/etc/sysctl.conf:
+net.link.bridge.inherit_mac=1

/boot/loader.conf:
+if_epair_load="YES"

/etc/rc.conf:
+create_args_bridge0="inet6 auto_linklocal -ifdisabled addm vtnet0"
+ifconfig_vtnet0="up -tso -vlanhwtso"
+rtsold_enable="YES"
+rtsold_flags="-i -m bridge0"

Then, configuring ifconfig_bridge0_ipv6 as well as ipv6_defaultrouter for the host to have IPv6 connectivity as well as the network-configuration in the jail via $jail/etc/rc.conf (The jail of course needs it's own IP on the same subnet as the host)

Screenshots of the fully working configuration with a connectivity test are attached :-)

#freebsd#jails#vnet
Continued thread

I use Jails with Ansible to automate their creation, their lifecycle management and automation of the jailed applications and I highly enjoy, how comfortable and easy it is.

No immutable images, no “Dockerfiles”, no weird volume mounts or image registries and no constant re-creation of images and new deployments just to update something. Just some simple, well isolated operating systems to run my applications in 🙂

I don’t say that Linux containers are bad. There’s for sure situations, where they shine. Just for my personal use-case, they are more effort in comparison to BSD jails and I’m a fan of “using the right tool for a task”

And the idempotent nature of Ansible automation makes it easy to describe them in a declarative way and manage them at scale.

Linux containers (OCI Containers) are ephemeral by design, except the volumes, you mount into them. In large scale environments, that can be useful (cattle vs pets argument). But that also introduces new challenges and makes it more complex to manage them.

For my personal environments, I like the approach of FreeBSD jails more. They are just a directory (or ZFS Dataset) with their own, persistent copy of the OS, easy to manage and the networking capabilities are flexible (bridged, vnet, they can be routed, firewalled, etc).

Jails are well aged, are around since FreeBSD 4 back in 2000, the non-ephemeral approach (and the absence of overlay file systems etc) makes them more feel like individual virtual servers than modern Linux containers but with extreme levels of flexibility.

Tools like jmore(8) (by @vermaden) and Bastille (Jails “Templates”) makes them even easier to manage.