Vultr supports FreeBSD and gives us both a single ipv4 and a range of ipv6 addresses. So the simple thing to do is to give each container its own public ipv6 address. No need to mess with vnet. At least that is the theory. Wish me luck in getting this working. Am I really the first person to be using this approach?
I hope I got this all correct. I did get the containers networked correctly on vultr, but I am not a networking guy so I hope I did not misstate anything. Any edits I am happy to fix. And now I have to run, I am late for the multi lingual meetup. But this stuff is way more fun.
Updated with syntax from 0.9.20220216 as if running just bastille export TARGET it errors with:
"Error: Stream can not be written to a terminal.
You must redirect standard output.
Error: An export option is required, see 'bastille export, otherwise the user must redirect to standard output."
Some Linux packages (shakes fist angrily at Java) look to see if `/proc` is mounted as a part of the installation by running
`mountpoint /proc`
While the Linux jail can see the contents of its `/proc` directory, the linprocfs driver will not generate the correct contents for `/proc/mounts` or `/proc/self/mountinfo` as `kern_getfsstat()` will, by default, filter all mount points other than the jail's chroot directory.
Fix is to set `enforce_statfs` to allow mount points below the jail's chroot directory to be visible.
PF allows us to log rdr rules. The syntax to enable this is found in
pf.conf under the syntax grammar section for rdr-rule.
This commit extends Bastille's command line interface to allow users
to choose to log their rdr rules using the pf.conf syntax -
``````````````````````````````````````````````````````
tcp|udp host_port jail_port [log ['(' logopts ')'] ]
``````````````````````````````````````````````````````
Here, the syntax after jail_port is optional. This is sufficient to
provide backwards compatibility. The keyword 'log' enables logging with
the default options. The user can also provide custom options -
logopts - whose the syntax and allowed keywords are defined in pf.conf.
It's left to the user to supply correct logopts as the code does not
verify those values or their syntax.
