-
-
Working on a BastilleBSD website refresh this week.
The website has been in it's (mostly) current form for probably six years. A lot has changed since then!
I'll announce here when the new site is ready to view!
-
Reviewing DNS logs and noticed that `vuxml.freebsd.org` fails DNSSEC validation but `matrix-dev.freebsd.org` passes.
Can anyone else confirm or is my software buggy?
-
I am looking for a few more US-based early adopters to provide feedback on a protective DNS service offering aligned with NIST SP 800-81 Rev. 3 (March 2026).
https://csrc.nist.gov/pubs/sp/800/81/r3/final
This service merges Zero Trust and DNS without requiring client-side agents. Supports mobile devices, browsers, server hardware & IoT.
If you're interested in providing feedback on this service as a free beta tester, email me at:
-
This week the FreeBSD project published a number of security advisories and updates.
These include updates for components like: pf, tzdata, amd64, dhclient, libnv, and exec.
Be sure to update your systems using `freebsd-update`, `freebsd-rustdate` (a bit faster) or `pkg update` if you're on pkgbase.
Also patch your jails using `bastille update 15.0-RELEASE`
-
Maybe I'm biased, but I'm shocked when I see people still running iocage.
It's not that it's bad software, it just hasn't been maintained in literal years!
How are people still running software that never gets patched? Crazy to me!
For those on iocage that still need a new home, we can import your jails natively. A simple iocage export and bastille import and you're migrated to a supported platform.
-
I'm not getting much traction on a couple of reported issues in #FreeBSD ports.
Can some ports maintainers / committers take a look at these please?
These changes fully BROKE every adguardhome installation and need to be FULLY reverted. I've reported as such, but have not seen any responses.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=294574
-
We may be in the market to hire a part-time FreeBSD and Bastille sysadmin (~20hrs week) specifically in the EMEA or APAC timezones (eventually both).
The roles require experience with FreeBSD, Bastille, nginx, and at least one useful coding language.
Timeline is mid-to-late 2026 to start.
Any of our EU / APAC friends want to come work part-time with the Bastille creator on a cybersecurity startup?
-
SYNOPSIS
bastille console [-ax] TARGET [USER]DESCRIPTION
The bastille console sub-command will enter a jails shell. If a user is given, it will enter as that user.EXAMPLES
Console into myjail:
# bastille console myjailConsole into myjail as bob:
# bastille console myjail bobConsole into a stopped jail as bob:
# bastille console -a myjail bob -
SYNOPSIS
bastille config [-x] set|add PROPERTY [VALUE]
bastille config [-x] get|remove PROPERTYDESCRIPTION
The bastille config sub-command will modify targeted jail(s) configuration and get, set, add or remove properties.EXAMPLES
Set allow.mlock inside myjail:
# bastille config myjail set allow.mlock 1Set to priority value of myjail:
# bastille config myjail set priority 10Set the boot value:
# bastille config myjail set boot off -
SYNOPSIS
bastille template [-ax] TARGET|convert TEMPLATEDESCRIPTION
The bastille template sub-command will apply the specified TEMPLATE to TARGET.-a, --auto : Auto mode. Start/stop jail(s) if required.
-x, --debug : Enable debug mode.
EXAMPLES
Apply www/nginx to myjail:
bastille template myjail www/nginx -
SYNOPSIS
bastille tags [-x] TARGET add|delete tag1,tag2
bastille tags [-x] TARGET list [tag]DESCRIPTION
The bastille tags sub-command add, remove and list tags for jails.EXAMPLES
Add 'prod' tag to myjail and yourjail:
# bastille tags 'myjail yourjail' add prodShow jails with the tag 'web':
# bastille tags ALL list web -
SYNOPSIS
bastille setup [-ax]
bastille setup [-ax]
bridge|linux|loopback|netgraph|firewall|shared|storage|vnetDESCRIPTION
The bastille setup sub-command will attempt to configure different options for your environment. -
NAME
bastille etcupdate – Update /etc for jail(s).SYNOPSIS
bastille etcupdate [-fx] bootstrap RELEASE
bastille etcupdate [-dx] TARGET update RELEASE
bastille etcupdate [-x] TARGET diff|resolveDESCRIPTION
The bastille etcupdate sub-command will bootstrap a tarball from RELEASE which can then be used to update the contents of /etc inside jails after performing an upgrade. -
SYNOPSIS
bastille clone [-alx] TARGET NEW_NAME IPThe bastille clone sub-command will create an exact duplicate of the targeted jail, giving it the specified NEW_NAME and IP address.
EXAMPLES
Clone myjail to newjail:
# bastille clone myjail newjail 10.23.3.4/24Clone myjail to newjail with DHCP (VNET only):
# bastille clone myjail newjail DHCPClone myjail to newjail while running, with debug mode:
# bastille clone -xl myjail newjail 10.23.3.4/24 -
I'm pleased to report that I've just submitted the final capstone paper for my master's degree in cybersecurity!
#cybersecurity #infosec #freebsd #bastillebsd #learning #education
-
The bastille convert sub-command will convert a thin jail to a thick jail if only the TARGET argument is given.
If a TARGET and RELEASE is specified, it will convert the jail into a custom release. The jail will remain intact, and you will have a duplicate of it to use a a release base for any new jails.
EXAMPLES
Convert myjail from thin to thick:
# bastille convert myjailCreate myrelease from myjail:
# bastille convert myjail myrelease -
NAME
bastille jcp – Copy file(s)/directorie(s) from jail to jail(s).SYNOPSIS
bastille jcp [-qx] SOURCE_JAIL JAIL_PATH DESTINATION_JAIL JAIL_PATHDESCRIPTION
The bastille jcp sub-command will copy files and directories from a single jail to any targeted jail(s).-q, --quiet : Suppress output.
-x, --debug : Enable debug mode.
EXAMPLES
Copy /etc/resolv.conf from myjail to yourjail:
# bastille jcp myjail /etc/resolv.conf yourjail /etc -
NAME
bastille rcp – Copy file(s)/directorie(s) from jail to host.SYNOPSIS
bastille rcp [-qx] TARGET JAIL_PATH HOST_PATHDESCRIPTION
The bastille rcp sub-command will copy JAIL_PATH to HOST_PATH from inside TARGET.-q, --quiet : Suppress output.
-x, --debug : Enable debug mode.
EXAMPLES
Copy /etc/resolv.conf.custom to host:
# bastille rcp myjail /etc/resolv.custom /jailstuff/etcCopy /etc to host quietly:
# bastille rcp -q myjail /etc /jailstuff/etc -
From `man bastille-restart`:
EXAMPLES
Restart all jails, ignoring stopped jail:
> bastille restart -i allRestart all jails, but only if boot=on:
> bastille restart -b allRestart all jails with a 5 second delay between each one:
> bastille restart -d 5 all -
Let's do something different today.
Join me for a live-stream of a beautiful desert sunset.
I'm currently exploring wild places in the American Southwest (Arizona), and sharing some of it with you.
Current location: Kofa National Wildlife Refuge
https://youtube.com/@chrisacrossamerica/streams
Take a few minutes for yourself, slow down, and consider joining. See you there. 😎
-
NAME
bastille service – Manage services within jail(s).SYNOPSIS
bastille service [-ax] TARGET SERVICE ARGSDESCRIPTION
The bastille service sub-command can manage services in jails.-a, --auto
Auto mode. Start/stop jail(s) if required.-x, --debug
Enable debug mode.EXAMPLES
Start nginx in myjail:
> bastille service myjail nginx startStop caddy in myjail:
> bastille service myjail caddy stop -
Did you know that there are historical and literary "easter eggs" in the Bastille documentation?
I can't provide any clues without giving them away, but after eight years I'm starting to think they're too clever.
-
Another sneak preview of the in-progress BastilleBSD web interface, powered by the new BastilleBSD API.
The Resources page provides you with a quick overview of the available hardware resources and allows you to manage CPU, MEM and DISK based limits.
What do you think about the Resources page?
Note: these previews are still subject to change before release.
-
2026 continues to be a good year for BastilleBSD!
We've onboarded our third training cohort this month, API development continues to mature and the UI is nearly ready for wider testing.
Let us know here if you'd like to help beta test the API and web interface on your Bastille hosts.
#BastilleBSD #FreeBSD #2026 #Training #API
-
Want to contribute to Rocinante?
It's an open-source project, and new contributors are always welcome. Check out the GitHub repository to get started.
-
Our FreeBSD training is not just for beginners.
Our courses also include advanced topics like network performance tuning, security hardening, and ZFS administration.
Email [email protected] for details and scheduling.
#TrainingTuesday #FreeBSD #ZFS #Hardening #ProfessionalDevelopment
-
Imagine you went to bed last night and somehow woke up in the past.
What year do you *wish* we were waking up to today?
…and what would you do differently this time?
#Rewind #2026
-
Enjoy your pre-holiday weekend!
I'm sure I will be doing homework toward to my Cybersecurity Master's degree.
Never stop learning.
-
Level up your career by adding FreeBSD expertise to your resume! Our focused training bridges the gap for experienced Linux admins. Invest in skills that power the most stable systems on earth.
-
Feeling hesitant about moving to a new OS or container strategy? Don't let fear of the unknown stop you. Start small—try Bastille on a VM this week. Sometimes the biggest security gains come from the smallest decisions.
-
What music is fueling your late-night Bastille development or sysadmin session? Are you coding to metal, classical, or total silence? Drop your power playlist!
-
Even the biggest problems are solved one step at a time. You can do this!
-
Infrastructure success isn't built on one heroic effort, but on daily, consistent maintenance. Did you run your system updates this morning?
Keep that momentum going! Small habits, big results.
-
Remember that open source is about community.
Don't be afraid to ask for help or share your solutions. Collaboration accelerates progress for everyone using Bastille. Let's build together!
-
The path to mastery starts with curiosity. If you haven't explored FreeBSD Jails yet, make this the
week you dive in.Learning new isolation techniques pays off big in security and efficiency!
-
Our community is our strength!
Want to make a real impact on a fantastic open-source security project?
Bastille is always looking for code, documentation, and fresh ideas.
Patches welcome!
Find us on GitHub: https://github.com/BastilleBSD/bastille
-
Don't let imposter syndrome win. You have the skills to build, secure, and manage your infrastructure.
Take that next step and containerize a key service with Bastille today! You've got this!
-
Securing your infrastructure is a marathon, not a sprint. Dedicate 30 minutes this week to learning a new command or setting up your first Bastille Jail. Small steps lead to massive knowledge gains!
-
Every great system starts with a single line of code. Don't be afraid to start small on your big project.
Keep coding, keep learning, and keep building!
What open-source task are you tackling this week?
-
Linux users: FreeBSD jails are like containers, but older and lighter.
BastilleBSD makes them approachable.
A great weekend project: try Bastille on FreeBSD and create some jails.
-
Are npm packages and dependencies an unmitigated disaster, or is it just me?