Créer un compteSe connecter

Recherches récentes

Aucune recherche récente

Options de recherche

Disponible uniquement lorsque vous êtes connecté.
mastouille.fr est l'un des nombreux serveurs Mastodon indépendants que vous pouvez utiliser pour participer au fédiverse.
Mastouille est une instance Mastodon durable, ouverte, et hébergée en France.

Administré par :

Statistiques du serveur :

660
comptes actifs

mastouille.fr: À proposAnnuaire des profilsPolitique de confidentialité

Mastodon: À proposTélécharger l’applicationRaccourcis clavierVoir le code sourcev4.3.4

#bastilleBSD

0 message0 participant0 message aujourd’hui
Public
SReyCoyrehourcq

Toc-toc #freebsd guys ! I created a bridge0 and Vnet running tailscale into #bastillebsd jail. Bridge and Vnet are connected using epair. I read on forum that rules from #pf operate on epair and not bridge, so I need to skip bridge0 in #pf rules ? Bridge0 is 193.168.42.1 connected with re0. Another thing, I want to separate/isolate my local network (192.168.1.0) from jails vnet network 192.168.42.0/24. Actually when I ping a local network address like 193.168.1.80 from the tailscale jail with epair 192.168.42.2, ping works... Isolation between networks don't work by default, and I search the good pf rules to isolate 192.168.42.0 from local network ... Any help appreciated.

Public *
bubbleb74
I finally came around to give #BastilleBSD a try on a #FreeBSD test system but I struggle with the rdr rules. I always get the following error when starting the vnet jail:

stdin:2: syntax error
pfctl: Syntax error in config file: pf rules not loaded

Here my pf.conf

lo_if="lo1"
ext_if="vmx0"
jail_if="vmx0bridge"

#set block-policy return
scrub in on $ext_if all fragment reassemble
set skip on lo
set skip on $jail_if

table <jails> persist
nat on $ext_if from <jails> to any -> ($ext_if:0)
#nat on $ext_if from $jail_if:network to any -> ($ext_if)
#nat on $jail_if from $jail_if:network to any -> ($jail_if)
#nat on $lo_if from $jail_if:network to any -> ($lo_if)
rdr-anchor "rdr/*"

#block in all
pass out quick keep state
#antispoof for $ext_if inet
pass in inet proto tcp from any to any port ssh flags S/SA keep state
pass in on $ext_if inet proto icmp to ($ext_if) icmp-type { unreach, redir, timex, echoreq }
pass in on $ext_if inet proto icmp to ($jail_if) icmp-type { unreach, redir, timex, echoreq }
pass in on $jail_if inet proto icmp to $jail_if:network icmp-type { unreach, redir, timex, echoreq }

My BastilleBSD version is 0.13.20250126
Public
Stefano Marinelli

Working on FreeBSD is always a pleasure. When I need to make a change to a production jail, using BastilleBSD, I clone it in a flash, make the changes, and test them. If they work, I can promote that jail to production or discard the test one and apply the changes.

A way of working that, in my opinion, is both safe and efficient.

#FreeBSD#RunBSD#BastilleBSD
Public
Autolycus 🏴‍☠️

It looks like iocage has been abandoned and I've found Bastille to have some advantages over it.

I tried to look up a way to migrate my jails to Bastille but so far everything includes exporting them from one system to another. Anyone know if I can do this on one system?

It seems that I should, given that both programs just manage the jails, but iocage uses a json file instead of the normal jail config and I'm not exactly sure what it's doing.

#FreeBSD#BastilleBSD#iocage
Public
Justine Smithies
Another thing ticked off of my to do list that I kept putting off. I've always just used the Nginx Proxy Manager add on that comes with #HomeAssistant for my #HomeLab reverse proxy. But today I decided that I should move off onto my own hand configured reverse proxy in another #BastilleBSD jail. The only thing that briefly gave me issue was my Home Assistant but I've got that sorted just now and setup a cron job to renew the SSL certs and reload Nginx periodically. Everything is working as expected so far and I'm impressed. Don't know why I didn't do this sooner ?
#FreeBSD
Public
Justine Smithies

Well I've tested #Syncthing on my #FreeBSD server and it runs up perfectly in a #BastilleBSD #Jail and syncs with my Ubuntu server and my laptop plus Fairphone 4. So that's another thing off my list. Eventually I will wipe beastie and fit new drives for os and data and set everything up permanently and decommission the old celeron Ubuntu server. I've just to play a little bit more on Beastie until I'm 100% happy.

Public *
Justine Smithies

Ahh neat ! Might not sound like much to you but I've been playing with #BastilleBSD jails on #FreeBSD . I've got several running successfully each with their own IP. Today's test was to see if I could successfully export one, then delete it. Yep you guessed it , Then see if I could successfully import it and it still work. Did it work I hear you ask ?
Of course it did and I'm well chuffed. I know I'm easily pleased. 😂 :freebsd:
#RunBSD

Public
Brendan

@homeassistant

Updated instructions for installing HA-Core 2025.5 in a FreeBSD jail: blog.brendans-bits.com/posts/2

Big thanks go to @jan for making it possible to install a new dependency (python-isal) and to @stefano for hosting brew.bsd.cafe where the homeassistant rc script is now located.

Any comments, suggestions, or corrections - please let me know.

blog.brendans-bits.com · FreeBSD Jails: HomeAssistant 2024.5Installing HomeAssistant 2024.5 into a FreeBSD Jail
#freebsd#selfhosting#homeassistant
ExplorerFlux en direct
À propos