Skip to content
Pre-release
Pre-release

@cedwards cedwards released this Nov 28, 2019 · 16 commits to master since this release

Changelog

This is a minor bug-fix release that improves the reliability of containers when using loopback-based networking. It also adds some safeguards against invalid network configurations and other minor cosmetic improvements.

Firewall Update

This introduces a change to the pf.conf firewall configuration. Bastille also changes the way it manages entries in the firewall to go along with this. It is important, if upgrading, to update the firewall as follows:

Step 1:

## /etc/pf.conf
+ table <jails> persist
+ nat on $ext_if from <jails> to any -> ($ext_if)
- nat on $ext_if from bastille0:network to any -> ($ext_if)

Step 2:
Reload the firewall rules:

pfctl -vf /etc/pf.conf

Step 3:
Restart running containers:

bastille restart ALL

All public documentation has been updated to reflect this new method. This avoids a reported issue and ensures firewall state is retained.

Assets 2
You can’t perform that action at this time.