This is a minor bug-fix release that improves the reliability of containers when using loopback-based networking. It also adds some safeguards against invalid network configurations and other minor cosmetic improvements.
This introduces a change to the
pf.conf firewall configuration. Bastille also changes the way it manages entries in the firewall to go along with this. It is important, if upgrading, to update the firewall as follows:
## /etc/pf.conf + table <jails> persist + nat on $ext_if from <jails> to any -> ($ext_if) - nat on $ext_if from bastille0:network to any -> ($ext_if)
Reload the firewall rules:
pfctl -vf /etc/pf.conf
Restart running containers:
bastille restart ALL
All public documentation has been updated to reflect this new method. This avoids a reported issue and ensures firewall state is retained.