Search
280 results for “BastilleBSD”
-
@BastilleBSD thanks.
Not `pkg update`. Instead (as shown in the notice and advisories):
pkg upgrade -r FreeBSD-base
Side note: where pkgbase is not active, the command above will run and give a false sense of security; as if the system is patched, when it is not.
<https://www.reddit.com/r/freebsd/comments/1tjaceg/20260520_freebsd_errata_notice_and_seven_security/>
-
@BastilleBSD thanks.
Not `pkg update`. Instead (as shown in the notice and advisories):
pkg upgrade -r FreeBSD-base
Side note: where pkgbase is not active, the command above will run and give a false sense of security; as if the system is patched, when it is not.
<https://www.reddit.com/r/freebsd/comments/1tjaceg/20260520_freebsd_errata_notice_and_seven_security/>
-
@BastilleBSD thanks.
Not `pkg update`. Instead (as shown in the notice and advisories):
pkg upgrade -r FreeBSD-base
Side note: where pkgbase is not active, the command above will run and give a false sense of security; as if the system is patched, when it is not.
<https://www.reddit.com/r/freebsd/comments/1tjaceg/20260520_freebsd_errata_notice_and_seven_security/>
-
@BastilleBSD thanks.
Not `pkg update`. Instead (as shown in the notice and advisories):
pkg upgrade -r FreeBSD-base
Side note: where pkgbase is not active, the command above will run and give a false sense of security; as if the system is patched, when it is not.
<https://www.reddit.com/r/freebsd/comments/1tjaceg/20260520_freebsd_errata_notice_and_seven_security/>
-
@BastilleBSD thanks.
Not `pkg update`. Instead (as shown in the notice and advisories):
pkg upgrade -r FreeBSD-base
Side note: where pkgbase is not active, the command above will run and give a false sense of security; as if the system is patched, when it is not.
<https://www.reddit.com/r/freebsd/comments/1tjaceg/20260520_freebsd_errata_notice_and_seven_security/>
-
Today the FreeBSD project published a number of security advisories and updates.
These include updates for components like: ptrace, file, fusefs, bsdinstall, libcasper, cap_net, and secretd.
Be sure to update your systems using `freebsd-update`, `freebsd-rustdate` (a bit faster) or `pkg update` if you're on pkgbase.
Also patch your jails using `bastille update 15.0-RELEASE`
-
-
Working on a BastilleBSD website refresh this week.
The website has been in it's (mostly) current form for probably six years. A lot has changed since then!
I'll announce here when the new site is ready to view!
-
@BastilleBSD I also saw this on mine. Actually ~30% block rate here but it depends on how is used the Internet. I mean if you use Social Media like Facebook and Instagram, you will get a higher rate compared to Mastodon only for sure.
Using blocklists with 3M lines doesn’t mean you will be better protected. The difficulty is to use the right blocklists in AGH to get the smoothest experience: if Mrs always asks to unblock websites, you are on the wrong way 😅
There are a lot of trackers in emails and websites now: this a a mess.
#ads #trackers #AdGuardHome -
@BastilleBSD I also saw this on mine. Actually ~30% block rate here but it depends on how is used the Internet. I mean if you use Social Media like Facebook and Instagram, you will get a higher rate compared to Mastodon only for sure.
Using blocklists with 3M lines doesn’t mean you will be better protected. The difficulty is to use the right blocklists in AGH to get the smoothest experience: if Mrs always asks to unblock websites, you are on the wrong way 😅
There are a lot of trackers in emails and websites now: this a a mess.
#ads #trackers #AdGuardHome -
@BastilleBSD I also saw this on mine. Actually ~30% block rate here but it depends on how is used the Internet. I mean if you use Social Media like Facebook and Instagram, you will get a higher rate compared to Mastodon only for sure.
Using blocklists with 3M lines doesn’t mean you will be better protected. The difficulty is to use the right blocklists in AGH to get the smoothest experience: if Mrs always asks to unblock websites, you are on the wrong way 😅
There are a lot of trackers in emails and websites now: this a a mess.
#ads #trackers #AdGuardHome -
@BastilleBSD I also saw this on mine. Actually ~30% block rate here but it depends on how is used the Internet. I mean if you use Social Media like Facebook and Instagram, you will get a higher rate compared to Mastodon only for sure.
Using blocklists with 3M lines doesn’t mean you will be better protected. The difficulty is to use the right blocklists in AGH to get the smoothest experience: if Mrs always asks to unblock websites, you are on the wrong way 😅
There are a lot of trackers in emails and websites now: this a a mess.
#ads #trackers #AdGuardHome -
I am looking for a few more US-based early adopters to provide feedback on a protective DNS service offering aligned with NIST SP 800-81 Rev. 3 (March 2026).
https://csrc.nist.gov/pubs/sp/800/81/r3/final
This service merges Zero Trust and DNS without requiring client-side agents. Supports mobile devices, browsers, server hardware & IoT.
If you're interested in providing feedback on this service as a free beta tester, email me at:
-
I am looking for a few more US-based early adopters to provide feedback on a protective DNS service offering aligned with NIST SP 800-81 Rev. 3 (March 2026).
https://csrc.nist.gov/pubs/sp/800/81/r3/final
This service merges Zero Trust and DNS without requiring client-side agents. Supports mobile devices, browsers, server hardware & IoT.
If you're interested in providing feedback on this service as a free beta tester, email me at:
-
I am looking for a few more US-based early adopters to provide feedback on a protective DNS service offering aligned with NIST SP 800-81 Rev. 3 (March 2026).
https://csrc.nist.gov/pubs/sp/800/81/r3/final
This service merges Zero Trust and DNS without requiring client-side agents. Supports mobile devices, browsers, server hardware & IoT.
If you're interested in providing feedback on this service as a free beta tester, email me at:
-
I am looking for a few more US-based early adopters to provide feedback on a protective DNS service offering aligned with NIST SP 800-81 Rev. 3 (March 2026).
https://csrc.nist.gov/pubs/sp/800/81/r3/final
This service merges Zero Trust and DNS without requiring client-side agents. Supports mobile devices, browsers, server hardware & IoT.
If you're interested in providing feedback on this service as a free beta tester, email me at:
-
I am looking for a few more US-based early adopters to provide feedback on a protective DNS service offering aligned with NIST SP 800-81 Rev. 3 (March 2026).
https://csrc.nist.gov/pubs/sp/800/81/r3/final
This service merges Zero Trust and DNS without requiring client-side agents. Supports mobile devices, browsers, server hardware & IoT.
If you're interested in providing feedback on this service as a free beta tester, email me at:
-
This week the FreeBSD project published a number of security advisories and updates.
These include updates for components like: pf, tzdata, amd64, dhclient, libnv, and exec.
Be sure to update your systems using `freebsd-update`, `freebsd-rustdate` (a bit faster) or `pkg update` if you're on pkgbase.
Also patch your jails using `bastille update 15.0-RELEASE`
-
Maybe I'm biased, but I'm shocked when I see people still running iocage.
It's not that it's bad software, it just hasn't been maintained in literal years!
How are people still running software that never gets patched? Crazy to me!
For those on iocage that still need a new home, we can import your jails natively. A simple iocage export and bastille import and you're migrated to a supported platform.
-
Yes, there exist #FreeBSD tools that can set up the socket and the environment variable. I wrote one such tool years ago, and have been running a DNS server that accepts pre-created listening sockets and itself runs wholly unprivileged for almost as long.
Tell any naysayers that it can be done. (-:
http://jdebp.info/Softwares/nosh/guide/commands/udp-socket-listen.xml
http://jdebp.info/Softwares/djbwares/guide/commands/dnscache.xml
-
Making #AdGuardHome capable of receiving its listening socket, already created and bound, from the thing that invoked it has been on its issues list for a year without any seeming motion at all.
-
Am I the only one who regularly wishes #BastilleBSD would let you choose the zpool when creating a jail? 🤔
-
We may be in the market to hire a part-time FreeBSD and Bastille sysadmin (~20hrs week) specifically in the EMEA or APAC timezones (eventually both).
The roles require experience with FreeBSD, Bastille, nginx, and at least one useful coding language.
Timeline is mid-to-late 2026 to start.
Any of our EU / APAC friends want to come work part-time with the Bastille creator on a cybersecurity startup?
-
@BastilleBSD @patpro Thank you for your toot about this 🙏🏻
I posted a comment in the PR I created to update to port https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=294574
I didn’t find how to use this new port version in a jail. Luckily I made a backup of /usr/local/etc/rc.d/adguardhome and I easily restored it to be able to launch the service.
I hesitated to create a new PR for this issue. I posted a comment in the initial PR.
If you know how to deal with this new way (aka security/portacl-rc), please let me know.
#FreeBSD #AdGuardHome #Bastille #Jail #BastilleBSD -
SYNOPSIS
bastille console [-ax] TARGET [USER]DESCRIPTION
The bastille console sub-command will enter a jails shell. If a user is given, it will enter as that user.EXAMPLES
Console into myjail:
# bastille console myjailConsole into myjail as bob:
# bastille console myjail bobConsole into a stopped jail as bob:
# bastille console -a myjail bob -
SYNOPSIS
bastille config [-x] set|add PROPERTY [VALUE]
bastille config [-x] get|remove PROPERTYDESCRIPTION
The bastille config sub-command will modify targeted jail(s) configuration and get, set, add or remove properties.EXAMPLES
Set allow.mlock inside myjail:
# bastille config myjail set allow.mlock 1Set to priority value of myjail:
# bastille config myjail set priority 10Set the boot value:
# bastille config myjail set boot off -
SYNOPSIS
bastille template [-ax] TARGET|convert TEMPLATEDESCRIPTION
The bastille template sub-command will apply the specified TEMPLATE to TARGET.-a, --auto : Auto mode. Start/stop jail(s) if required.
-x, --debug : Enable debug mode.
EXAMPLES
Apply www/nginx to myjail:
bastille template myjail www/nginx -
SYNOPSIS
bastille tags [-x] TARGET add|delete tag1,tag2
bastille tags [-x] TARGET list [tag]DESCRIPTION
The bastille tags sub-command add, remove and list tags for jails.EXAMPLES
Add 'prod' tag to myjail and yourjail:
# bastille tags 'myjail yourjail' add prodShow jails with the tag 'web':
# bastille tags ALL list web -
SYNOPSIS
bastille setup [-ax]
bastille setup [-ax]
bridge|linux|loopback|netgraph|firewall|shared|storage|vnetDESCRIPTION
The bastille setup sub-command will attempt to configure different options for your environment. -
NAME
bastille etcupdate – Update /etc for jail(s).SYNOPSIS
bastille etcupdate [-fx] bootstrap RELEASE
bastille etcupdate [-dx] TARGET update RELEASE
bastille etcupdate [-x] TARGET diff|resolveDESCRIPTION
The bastille etcupdate sub-command will bootstrap a tarball from RELEASE which can then be used to update the contents of /etc inside jails after performing an upgrade.