diff --git a/docs/chapters/networking.rst b/docs/chapters/networking.rst index 8b78b5db..48d0e4a9 100644 --- a/docs/chapters/networking.rst +++ b/docs/chapters/networking.rst @@ -1,3 +1,37 @@ +Network Basics - IP Address +=========================== + +Bastille includes a number of IP options. + +.. code-block:: shell + + bastille create alcatraz 13.2-RELEASE 192.168.1.50/24 vtnet0 + +The IP address specified above can be any of the following options. + +1. An IP in your local subnet should be chosen if you create your jail using -V or -B (VNET jail). +It is also preferable to add the subnet mask (/24 or whaterver your subnet is) to the IP. + +2. DHCP, SYNCDHCP, or 0.0.0.0 will configure your jail to use DHCP to obtain an address from your router. This should only +be used with -V and -B. + +3. Any IP address inside the RFC1918 range if you are not using a VNET jail. Bastille will automatically add +this IP to the firewall table to allow outbound access. It you want traffic to be forwarded into the jail, you +can use the `bastille rdr` command. + +4. Any IP in your local subnet without the -V or -B options will add the IP as an alias to the selected interface, which +will simply end up sharing the interface. If the IP is in your local subnet, you will not need the `bastille rdr` +command. Traffic will pass in and out just as in a VNET jail. + +5. Setting the IP to `inherit` will make the jail inherit the entire +host network stack. + +6. Setting the IP to `ip_hostname` will add all the IPs that the hostname resolves to. This is an advanced option +and should only be used if you know what you are doing. + +Note that jails support specifying an IP without the subnet (/24 or whatever yours is) but we highly recommend setting it, especially +on VNET jails. Not doing so can cause issues in some rare cases. + Network Requirements ==================== Here's the scenario. You've installed Bastille at home or in the cloud and want diff --git a/docs/chapters/targeting.rst b/docs/chapters/targeting.rst index a71331ce..63df3575 100644 --- a/docs/chapters/targeting.rst +++ b/docs/chapters/targeting.rst @@ -4,15 +4,19 @@ Targeting Bastille uses a `command target arguments` syntax, meaning that each command requires a target. Targets are usually containers, but can also be releases. -Targeting a container is done by providing the exact containers name. +Targeting a container is done by providing the exact jail name, the JID of the jail, or by typing the +starting few characters of a jail. If more than one matching jail will be found, you will see a message +saying so. -Targeting a release is done by providing the release name. (Note: do not +Targeting a release is done by providing the exact release name. (Note: do not include the `-pX` point-release version.) -Bastille includes a pre-defined keyword ALL to target all running containers. +Bastille includes a pre-defined keyword [ALL|all} to target all running containers. +It is also possible to target multiple jails by grouping them in quotes, as seen below. -In the future I would like to support more options, including globbing, lists -and regular-expressions. +.. code-block:: shell + + ishmael ~ # bastille cmd "jail1 jail2 jail3" echo Hello! Examples: Containers ==================== diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 03d35e41..8ddcd11a 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -73,7 +73,7 @@ validate_ip() { info "Valid: (${_ip6})." ipx_addr="ip6.addr" else - if [ "${_ip}" = "inherit" ] || [ "${_ip}" = "ip_hostname" ]; then + if [ "${_ip}" = "inherit" ] || [ "${_ip}" = "ip_hostname" ] || [ "${_ip}" = "DHCP" ] || [ "${_ip}" = "SYNCDHCP" ]; then info "Valid: (${_ip})." else local IFS