diff --git a/docs/chapters/networking.rst b/docs/chapters/networking.rst index eebd1eaa..25be017f 100644 --- a/docs/chapters/networking.rst +++ b/docs/chapters/networking.rst @@ -2,8 +2,8 @@ Networking ========== Bastille is very flexible with its networking options. Below are the supported -networking modes, how they work, and some tips on where you might want to use each -one. +networking modes, how they work, and some tips on where you might want to use +each one. Bastille also supports VLANs to some extent. See the VLAN section below. @@ -22,8 +22,8 @@ VNET whatever your interface is called. This will be used for the host/jail epairs. Bastille will create/destroy these epairs as the jail is started/stopped. -* This mode works best if you want your jail to be in your local network, acting as - a physical device with its own MAC address and IP. +* This mode works best if you want your jail to be in your local network, acting + as a physical device with its own MAC address and IP. Bridged VNET ^^^^^^^^^^^^ @@ -33,9 +33,9 @@ Bridged VNET the host/jail epairs to this interface when the jail starts, and remove them\ when it stops. -* This mode is identical to `VNET` above, with one exception. The interface it is - attached to is a manually created bridge, as opposed to a regular interface that - is used with `VNET` above. +* This mode is identical to `VNET` above, with one exception. The interface it + is attached to is a manually created bridge, as opposed to a regular interface + that is used with `VNET` above. Alias/Shared Interface ^^^^^^^^^^^^^^^^^^^^^^ @@ -44,12 +44,12 @@ Alias/Shared Interface within your local subnet (alias mode) Bastille will add the IP to the specified interface as an alias. -* This mode is best used if you have one interface, and don't want the jail to have its - own MAC address. The jail IP will simply be added to the specified interface as an additional - IP, and will inherit the rest of the interface. +* This mode is best used if you have one interface, and don't want the jail to + have its own MAC address. The jail IP will simply be added to the specified + interface as an additional IP, and will inherit the rest of the interface. -* Note that this mode does not function as the two `VNET` modes above, but still allows the jail - to have an IP address inside your local network. +* Note that this mode does not function as the two `VNET` modes above, but still + allows the jail to have an IP address inside your local network. NAT/Loopback Interface ^^^^^^^^^^^^^^^^^^^^^^ @@ -59,14 +59,15 @@ NAT/Loopback Interface additionally, add it to the pf firewall table (if available) to allow the jail outbound access. If you do not specify an interface, Bastille will assume you have run the ``bastille setup`` command and will attempt to use ``bastille0`` - (which is created using the setup command) as its interface. If you have not run - ``bastille setup`` and do not specify an interface, Bastille will error. + (which is created using the setup command) as its interface. If you have not + run ``bastille setup`` and do not specify an interface, Bastille will error. -* This mode works best if you want your jail to be in its own private network. Bastille - will dynamically add each jail IP to the firewall table to ensure network connectivity. +* This mode works best if you want your jail to be in its own private network. + Bastille will dynamically add each jail IP to the firewall table to ensure + network connectivity. -* This mode is similar to the Alias/Shared Interface mode, except that it is not limited to - IP addresses within your local network. +* This mode is similar to the Alias/Shared Interface mode, except that it is not + limited to IP addresses within your local network. Inherit ^^^^^^^ @@ -84,7 +85,8 @@ IP Hostname bastille will simply set ``ip4`` to ``ip_hostname`` inside the jail config. The jail will then function according the jail(8) documentation. -* This is an advanced parameter. See the official FreeBSD jail(8) documentation for details. +* This is an advanced parameter. See the official FreeBSD jail(8) documentation + for details. You cannot use ``-V|--vnet`` with any interface that is already a member of another bridge. For example, if you create a bridge, and assign ``vtnet0`` as a @@ -143,13 +145,17 @@ For the ``inherit`` and ``ip_hostname`` options, you can also specify Networking Limitations ---------------------- -* Bastille handles the epair naming scheme by creating an epair, then naming it ``e0a_JAILNAME`` for - host, and ``e0b_JAILNAME`` for the jail. A know limitaion is that interface cannot exceed 16 - characters. If it is more that 16 characters, FreeBSD will complain and fail to bring it up. To mitigate - this, Bastille will truncate the interface name if it exceeds the character limit in the following manner. - If your jail is called ``mylongjailnamehere``, Bastille will truncate the epairs to ``e0a_mylongjxxre`` and - ``e0b_mylongjxxre``, by using the first 11 characters, then ``xx``, then the last two characters. - This can cause issues if your jail naming scheme is similar to the follwoing example... +* Bastille handles the epair naming scheme by creating an epair, then naming it + ``e0a_JAILNAME`` for host, and ``e0b_JAILNAME`` for the jail. A know limitaion + is that interface cannot exceed 16 characters. If it is more that 16 characters, + FreeBSD will complain and fail to bring it up. To mitigate this, Bastille will + truncate the interface name if it exceeds the character limit in the following + manner. + If your jail is called ``mylongjailnamehere``, Bastille will truncate the + epairs to ``e0a_mylongjxxre`` and ``e0b_mylongjxxre``, by using the first 11 + characters, then ``xx``, then the last two characters. + This can cause issues if your jail naming scheme is similar to the following + example... ``nextcloud1jail`` ``nextcloud2jail`` ``nextcloud3jail`` diff --git a/docs/chapters/subcommands/restart.rst b/docs/chapters/subcommands/restart.rst index 77462c7b..9079779c 100644 --- a/docs/chapters/subcommands/restart.rst +++ b/docs/chapters/subcommands/restart.rst @@ -3,9 +3,9 @@ restart Restart jail(s). -Bastille will attempt to stop, then start the targetted jail(s). If a jail is not running, Bastille -will still start it. To avoid this, run the restart command with ``-i|--ignore`` to skip any -stopped jail(s). +Bastille will attempt to stop, then start the targetted jail(s). If a jail is +not running, Bastille will still start it. To avoid this, run the restart +command with ``-i|--ignore`` to skip any stopped jail(s). .. code-block:: shell @@ -26,4 +26,4 @@ stopped jail(s). -d | --delay VALUE Time (seconds) to wait after starting each jail. -i | --ignore Ignore stopped jails (do not start if stopped). -v | --verbose Print every action on jail restart. - -x | --debug Enable debug mode. \ No newline at end of file + -x | --debug Enable debug mode. diff --git a/docs/chapters/subcommands/zfs.rst b/docs/chapters/subcommands/zfs.rst index dc7a8c62..f0726c71 100644 --- a/docs/chapters/subcommands/zfs.rst +++ b/docs/chapters/subcommands/zfs.rst @@ -1,20 +1,22 @@ zfs === -Manage ZFS properties, create, destroy and rollback snapshots, jail and unjail datasets (ZFS only), -and check ZFS usage for targeted jail(s). +Manage ZFS properties, create, destroy and rollback snapshots, jail and unjail +datasets (ZFS only), and check ZFS usage for targeted jail(s). Snapshot Management ------------------- -Bastille has the ability to create, destroy, and rollback snapshots when using ZFS. To create a snapshot, -run ``bastille zfs TARGET snapshot``. This will create a snapshot with the default ``bastille_TARGET_DATE`` -naming scheme. You can also specify a TAG to use as the naming scheme, such as ``bastille zfs TARGET snapshot mytag``. +Bastille has the ability to create, destroy, and rollback snapshots when using +ZFS. To create a snapshot, run ``bastille zfs TARGET snapshot``. This will create +a snapshot with the default ``bastille_TARGET_DATE`` naming scheme. You can also +specify a TAG to use as the naming scheme, such as ``bastille zfs TARGET snapshot mytag``. Bastille will then create the snapshot with ``@mytag`` as the snapshot name. -Rolling back a snapshot follows the same syntax. If no TAG is supplied, Bastille will attempt to use the -most recent snapshot following the default naming scheme above. To rollback a snapshot with a custom tag, run -``bastille zfs TARGET rollback`` or ``bastille zfs TARGET rollback mytag``. +Rolling back a snapshot follows the same syntax. If no TAG is supplied, Bastille +will attempt to use the most recent snapshot following the default naming scheme +above. To rollback a snapshot with a custom tag, run ``bastille zfs TARGET rollback`` +or ``bastille zfs TARGET rollback mytag``. To destroy a snaphot however, you must supply a TAG. To destroy a snapshot, run ``bastille zfs TARGET destroy mytag``. @@ -32,4 +34,4 @@ To destroy a snaphot however, you must supply a TAG. To destroy a snapshot, run -a | --auto Auto mode. Start/stop jail(s) if required. -v | --verbose Enable verbose mode. - -x | --debug Enable debug mode. \ No newline at end of file + -x | --debug Enable debug mode.