Thanksgiving 2019
Pre-release
Pre-release
Changelog
This is a minor bug-fix release that improves the reliability of containers when using loopback-based networking. It also adds some safeguards against invalid network configurations and other minor cosmetic improvements.
Firewall Update
This introduces a change to the pf.conf
firewall configuration. Bastille also changes the way it manages entries in the firewall to go along with this. It is important, if upgrading, to update the firewall as follows:
Step 1:
## /etc/pf.conf
+ table <jails> persist
+ nat on $ext_if from <jails> to any -> ($ext_if)
- nat on $ext_if from bastille0:network to any -> ($ext_if)
Step 2:
Reload the firewall rules:
pfctl -vf /etc/pf.conf
Step 3:
Restart running containers:
bastille restart ALL
All public documentation has been updated to reflect this new method. This avoids a reported issue and ensures firewall state is retained.