FreeBSD Manual Pages
bastille.conf(5) File Formats Manual bastille.conf(5) NAME bastille.conf -- Configuration file for Bastille DESCRIPTION Bastille has most options preconfigured with sane defaults. These can be adjusted to fit your environment. The config file also has the de- fault options documented, but the following will outline what the pur- pose is of each one. DEFAULT PATHS bastille_prefix This is the main Bastille prefix. All Bastille directories, ex- cluding 'bastille_logsdir' will start with this prefix. If zfs is enabled, this will become the mount point of the zfs dataset. The following directories, excluding 'bastille_logsdir' will be prefixed by 'bastille_prefix'. If zfs is enabled, they will inherit the mount point of 'bastille_prefix'. bastille_backupsdir Bastille will store backups and exports here. bastille_cachedir Bastille will store cache here. bastille_jailsdir Bastille will store jails here. bastille_releasesdir Bastille will store releases here. bastille_templatesdir Bastille will store templates here. bastille_logsdir Bastille will store jail console logs here. FIREWALL bastille_pf_conf Path to the pf firewall configuration file. SUB-COMMANDS PATH bastille_sharedir This is the path where Bastille expects sub- commands to live at. BOOTSTRAP bastille_bootstrap_archives This is a whitespace-separated list of distribution sets to fetch when boot- strapping a legacy (non-pkgbase) re- lease. bastille_pkgbase_packages This is a whitespace-separated list of package sets to install when bootstrap- ping a release using PkgBase. bastille_url_freebsd Url from which to fetch legacy distrib- utions sets when bootstrapping a FreeBSD release. bastille_url_hardenedbsd Url from which to fetch legacy distrib- utions sets when bootstrapping a Hard- enedBSD release. bastille_url_midnightbsd Url from which to fetch legacy distrib- utions sets when bootstrapping a Mid- nightBSD release. TIMEZONE bastille_tzdata Set the timezone to apply to newly created jails. RESOLV.CONF This file is copied into newly created jails to allow them to reach DNS. ZFS bastille_zfs_enable Whether to enable or disable zfs support. bastille_zfs_zpool Which zpool to use when zfs is enabled. bastille_zfs_prefix Which dataset to use when zfs is enabled. Do not include the zpool here. bastille_zfs_options Zfs options to use when creating any and all datasets for any and all supported actions. EXPORT/IMPORT bastille_compress_xz_options xz specific compress op- tions. bastille_decompress_xz_options xz specific de- compress op- tions. bastille_compress_gz_options gz specific compress op- tions. bastille_decompress_gz_options gz specific de- compress op- tions. bastille_compress_zst_options zst specific compress op- tions. bastille_decompress_zst_options zst specific de-compress op- tions. bastille_export_options Any flags sup- ported by the 'export' com- mand can be de- fined here to make it slightly more convenient. NETWORKING bastille_network_vnet_type Control whether to use the de- fault 'if_bridge' mode or Net- graph. bastille_network_loopback Set the loop- back inter- face name. bastille_network_shared Set the shared inter- face name. bastille_network_pf_ext_if Set the exter- nal in- terface for the 'pf' fire- wall rules. bastille_network_pf_table Set the name of the de- fault table used for NAT jails. bastille_network_gateway Specify a de- fault gate- way. bastille_network_gateway6 Specify a defa- lut Ipv6 gate- way. TEMPLATES bastille_template_base The de- fault tem- plate that is ap- plied to all jails. bastille_template_empty The de- fault tem- plate that is ap- plied to empty jails. bastille_template_thick The de- fault tem- plate that is ap- pled to thick jails. bastille_template_clone The de- fault tem- plate that is ap- pled to clone jails. bastille_template_thin The de- fault tem- plate that is ap- pled to thin jails. bastille_template_vnet The de- fault tem- plate that is ap- pled to vnet jails. bastille_template_vlan The de- fault tem- plate that is ap- pled to vnet+vlan jails. MONITORING Cron file for au- to- matic mon- i- tor- ing en- try. Ac- tual cron en- try. The de- fault is to check every 5 min- utes. Log stor- age. This is the FQDN for op- tional alert ser- vices. Cur- rently only sup- ports 'healthchecks.io'. SEE ALSO bastille-bootstrap(8), bastille-clone(8), bastille-cmd(8), bastille-config(8), bastille-console(8), bastille-convert(8), bastille-cp(8), bastille-create(8), bastille-destroy(8), bastille-edit(8), bastille-etcupdate(8), bastille-export(8), bastille-htop(8), bastille-import(8), bastille-jcp(8), bastille-limits(8), bastille-list(8), bastille-migrate(8), bastille-mount(8), bastille-network(8), bastille-pkg(8), bastille-rcp(8), bastille-rdr(8), bastille-rename(8), bastille-restart(8), bastille-service(8), bastille-setup(8), bastille-start(8), bastille-stop(8), bastille-sysrc(8), bastille-tags(8), bastille-template(8), bastille-top(8), bastille-umount(8), bastille-update(8), bastille-upgrade(8), bastille-verify(8), bastille-zfs(8) FreeBSD ports 15.quarterly December 6, 2025 bastille.conf(5)
NAME | DESCRIPTION | SEE ALSO
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=bastille.conf&sektion=5&manpath=FreeBSD+Ports+15.0.quarterly>