Jails are available on FreeBSD since version 4.4. Let us see how to implement jails in FreeBSD 11.x using ezjail. Ezjail is a tool used to create and administer jails.
Installation of ezjail
Jails are available as part of FreeBSD. Hence we need not install it seperately. But we would need to install ezjail. Ezjail can be installed using the following command.
pkg install ezjail
Add the following line in /etc/rc.conf to enable ezjail while booting.
service ezjail start
Base jail needs to be created first before other jails are created for use. The base jail directory structure can be created and populated using the following command.
To create base jail with the system sources, use the following command.
ezjail-admin install -s
To create base jail with ports tree, use the following command.
ezjail-admin install -p
Similarly use the appropriate options to create the base jail according to your requirements
To create a new jail named jail1 with interface IP 192.168.1.51, use the following command.
ezjail-admin create jail1 're0|192.168.1.51"
There may also be warnings in the output like this.
Warning: Some services already seem to be listening on all IP, (including 192.168.1.51) This may cause some confusion, here they are: root ntpd 769 20 udp4 *:123 *:* root ntpd 769 21 udp6 *:123 *:* root syslogd 671 6 udp6 *:514 *:* root syslogd 671 7 udp4 *:514 *:*
Start the jail created now.
ezjail-admin start jail1
Login to the console of jail1 using the following command.
ezjail-admin console jail
To exit the console of the jail use the following command.
To stop the jail
ezjail-admin stop jail1
To delete the jail using the following command
ezjail-admin delete jail1
To get the list of all the jails available
By default, jails are started automatically when the host machine starts. Autostarting can be disabled with the following command.
ezjail-admin config -r norun jail1
To archive the jail, stop it and use the following command.
ezjail-admin archive jail1
The archive files will be created in the following folder.
You can create a jail from the archive.
ezjail-admin create -a /usr/jails/ezjail_archives/jail1-201411251503.30.tar.gz jail1-clone 'lo|127.0.3.1,re0|192.168.1.53'