patpro<p>Hey <a href="https://social.patpro.net/tags/freebsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FreeBSD</span></a> friends, I’m testing <a href="https://social.patpro.net/tags/bastillebsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BastilleBSD</span></a> and I’ve created my first VNET Jails.<br>It’s all great and good but what is the use case that make you choose a <a href="https://social.patpro.net/tags/vnet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VNET</span></a> <a href="https://social.patpro.net/tags/jail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jail</span></a> instead of a "regular" jail? (I’m using regular jails for many years)</p><p>thank you! :)</p>
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.
Administered by:
Server stats:
195active users
eupolicy.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
#vnet
0 posts · 0 participants · 0 posts today
rvstaveren<p>If you have a bridge on <a href="https://mastodon.online/tags/FreeBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FreeBSD</span></a> with many members, but no addresses (<a href="https://mastodon.online/tags/vnet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vnet</span></a> jails, <a href="https://mastodon.online/tags/bhyve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bhyve</span></a> VMs?) there may be a performance improvement for you in this patch that landed in stable/14 <a href="https://cgit.freebsd.org/src/commit/?h=stable/14&id=ff1980d569c8167d38cda5f2713664866d9802bc" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cgit.freebsd.org/src/commit/?h</span><span class="invisible">=stable/14&id=ff1980d569c8167d38cda5f2713664866d9802bc</span></a></p>
Larvitz :fedora: :redhat:<p>After a while of fiddling, I got dual-stack for FreeBSD (IPv4 and IPv6) VNet Jails working properly and reliably 🙂 </p><p>The important lessons, I've learned:</p><p>/etc/sysctl.conf:<br>+net.link.bridge.inherit_mac=1</p><p>/boot/loader.conf:<br>+if_epair_load="YES"</p><p>/etc/rc.conf:<br>+create_args_bridge0="inet6 auto_linklocal -ifdisabled addm vtnet0"<br>+ifconfig_vtnet0="up -tso -vlanhwtso"<br>+rtsold_enable="YES"<br>+rtsold_flags="-i -m bridge0"</p><p>Then, configuring ifconfig_bridge0_ipv6 as well as ipv6_defaultrouter for the host to have IPv6 connectivity as well as the network-configuration in the jail via $jail/etc/rc.conf (The jail of course needs it's own IP on the same subnet as the host)</p><p>Screenshots of the fully working configuration with a connectivity test are attached :-) </p><p><a href="https://burningboard.net/tags/freebsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freebsd</span></a> <a href="https://burningboard.net/tags/jails" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jails</span></a> <a href="https://burningboard.net/tags/vnet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vnet</span></a> <a href="https://burningboard.net/tags/ipv6" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ipv6</span></a> <a href="https://burningboard.net/tags/container" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>container</span></a> <a href="https://burningboard.net/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networking</span></a></p>
vermaden<p>Added 𝗨𝗣𝗗𝗔𝗧𝗘 𝟭 - 𝗧𝗵𝗼𝘂𝗴𝗵𝘁𝘀 𝗔𝗳𝘁𝗲𝗿 𝗖𝗼𝗺𝗺𝗲𝗻𝘁𝘀 to the 𝗙𝗿𝗲𝗲𝗕𝗦𝗗 𝗝𝗮𝗶𝗹𝘀 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 article.</p><p><a href="https://vermaden.wordpress.com/2025/04/11/freebsd-jails-security/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">vermaden.wordpress.com/2025/04</span><span class="invisible">/11/freebsd-jails-security/</span></a></p><p><a href="https://mastodon.bsd.cafe/tags/containers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>containers</span></a> <a href="https://mastodon.bsd.cafe/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a> <a href="https://mastodon.bsd.cafe/tags/docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>docker</span></a> <a href="https://mastodon.bsd.cafe/tags/freebsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freebsd</span></a> <a href="https://mastodon.bsd.cafe/tags/jail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jail</span></a> <a href="https://mastodon.bsd.cafe/tags/jails" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jails</span></a> <a href="https://mastodon.bsd.cafe/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://mastodon.bsd.cafe/tags/podman" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>podman</span></a> <a href="https://mastodon.bsd.cafe/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.bsd.cafe/tags/server" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>server</span></a> <a href="https://mastodon.bsd.cafe/tags/vnet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vnet</span></a> <a href="https://mastodon.bsd.cafe/tags/cve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cve</span></a></p>
vermaden<p>New 𝗙𝗿𝗲𝗲𝗕𝗦𝗗 𝗝𝗮𝗶𝗹𝘀 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 (𝘃𝗲𝗿𝘀𝘂𝘀 𝗣𝗼𝗱𝗺𝗮𝗻) [FreeBSD Jails Security (versus Podman)] article on the blog.</p><p><a href="https://vermaden.wordpress.com/2025/04/11/freebsd-jails-security/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">vermaden.wordpress.com/2025/04</span><span class="invisible">/11/freebsd-jails-security/</span></a></p><p><a href="https://mastodon.bsd.cafe/tags/verblog" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>verblog</span></a> <a href="https://mastodon.bsd.cafe/tags/containers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>containers</span></a> <a href="https://mastodon.bsd.cafe/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a> <a href="https://mastodon.bsd.cafe/tags/docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>docker</span></a> <a href="https://mastodon.bsd.cafe/tags/freebsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freebsd</span></a> <a href="https://mastodon.bsd.cafe/tags/jail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jail</span></a> <a href="https://mastodon.bsd.cafe/tags/jails" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jails</span></a> <a href="https://mastodon.bsd.cafe/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://mastodon.bsd.cafe/tags/podman" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>podman</span></a> <a href="https://mastodon.bsd.cafe/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.bsd.cafe/tags/server" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>server</span></a> <a href="https://mastodon.bsd.cafe/tags/vnet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vnet</span></a></p>
Larvitz :fedora: :redhat:<p>My main webserver is running FreeBSD and I've been running my services (nginx, postgresql, exim, etc) in individual jails. Each one with a ZFS dataset for it's data.</p><p>So far, I've been using traditional jails, but now, I did successfully implement VNET jails, to give each Jail it's own ip address and make them communicate via a private network, that I've been securing with pf firewall. Very smooth experience 🙂 </p><p>Christmas project for this year: Updating my server and jails to FreeBSD 14.2</p><p><a href="https://burningboard.net/tags/success" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>success</span></a> <a href="https://burningboard.net/tags/freebsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freebsd</span></a> <a href="https://burningboard.net/tags/unix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>unix</span></a> <a href="https://burningboard.net/tags/vnet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vnet</span></a> <a href="https://burningboard.net/tags/jails" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jails</span></a> <a href="https://burningboard.net/tags/zfs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>zfs</span></a></p>
Felix Palmen 📯<p><a href="https://techhub.social/tags/FreeBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FreeBSD</span></a> 13.3 deployed at home. 4 times "metal", one VM, 12 <a href="https://techhub.social/tags/VNET" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VNET</span></a> <a href="https://techhub.social/tags/jails" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jails</span></a>.</p><p>First time ever not the vanilla version from the releng branch (with just one commit adding kernel configs on top), but pulling in extra patches from some repo on github. 🙄 Because it's unusable in my setup otherwise 😞.</p><p>I really really hope this will stay a rare exception for FreeBSD. And of course I hope for an EN including the functionality of all these patches I now pulled in myself ... would probably be a PITA having to maintain them locally.</p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload