Bastille has evolved over the years from a small collection of personal shell scripts into a secure container automation toolkit used on hardware ranging from the Raspberry Pi to “The Cloud”.

The early shell scripts evolved into a proof of concept in 2018 which evolved into what we use today.

Many of the automation concepts in Bastille come from lessons learned as a SaltStack contributor and package maintainer since 2011.

Bastille integrates security concepts taken from real-world experience as the Architect of HubbleStack in 2015, (which formed the initial engine for SaltStack SecOps).

Combining these security and automation best practices with FreeBSD’s production tested container solution and you have Bastille.

Fast-forward to today and Bastille has seen improvements from open-source contributors around the world, making it more robust, more mature and better able to handle a wide range of use cases.

To everyone that has contributed to Bastille, thank you!


December 25, 2021

Happy Holidays 2021 (0.9.20211225)

Dec 25, 2021 – Present

This release includes code from seven new contributors. Thank you!.

Bastille 0.9.20211225 includes support for Ubuntu 18.04 and 20.04 plus Debian 9, 10 and 11. We made improvements to the template validation, CMD now returns exit codes, VNET improvements, updates to PKG and more!

See the full release notes for details.


July 14, 2021

Bastille Day 2021 (0.9.20210714)

Jul 14, 2021 – Dec 25, 2021

This release adds a few exciting new features as well as patching a number of reported bugs.

Bastille 0.9.20210714 includes (experimental) support for Ubuntu-based containers, improvements to the import/export commands and an improved bastille list -a output.

See the full release notes for details.


January 15, 2021

New Year 2021 Bug Fix (0.8.20210115)

Jan 15, 2021 – Jul 14, 2021

This release addresses a few minor issues discovered in the New Year 2021 version.

Bastille 0.8.20210115 improves the dynamic port redirection and empty (experimental) container support..

Note: there is also a change to the bastille.conf in this release.

See the full release notes for details.


January 01, 2021

New Year 2021! (0.8.20210101)

Jan 1, 2021 – Jan 15, 2021

I figured we should start out 2021 with a brand new Bastille release. Happy New Year!

This release increments the version number from 0.7.x to 0.8.x

Note: there is also a change to the bastille.conf in this release.

Bastille 0.8.20210101 brings a number of improvements, bug-fixes and new features.

See the full release notes for details.


July 14, 2020

Bastille Day 2020 (0.7.20200714)

Jul 14, 2020 – Jan 1, 2021

This release matures the project from 0.6.x -> 0.7.x. Continued testing and bug fixes are proving Bastille capable for a range of use-cases. New (experimental) features are examples of innovation from community contribution and feedback. Thank you.

See the full release notes for details.


April 14, 2020

Quarantine 2020: Fixes (0.6.20200414)

Apr 14, 2020 – Jul 14, 2020

Thank you to everyone that submitted bug reports and/or fixes to this release. Your support has been amazing.

Primarily a bug-fix release addressing reported issues.

See the full release notes for details.


April 12, 2020

Quarantine 2020 (0.6.20200412)

Apr 12, 2020 – Apr 14, 2020

Bastille 0.6.20200412 release is dedicated to everyone around the world quarantined by the COVID-19 pandemic.

See the full release notes for details.


February 02, 2020

Groundhog Day (0.6.20200202)

Feb 2, 2020 – Apr 12, 2020

Bastille 0.6.20200202 is easily the biggest update we’ve ever had and it’s all thanks to the generous FreeBSD community. Your contributions have been amazing! I am sincerely thankful.

See the full release notes for details.


November 28, 2019

Thanksgiving 2019 (0.5.20191128)

Nov 28, 2019 – Feb 2, 2020
CHANGELOG: This is a minor bug-fix release that improves the reliability of containers when using loopback-based networking. It also adds some safeguards against invalid network configurations and other minor cosmetic improvements.

November 25, 2019

Captain Jack (0.5.20191125)

Nov 25, 2019 – Nov 28, 2019


  • standalone “thick” containers now available (create -T|--thick ...)
  • Bastille Templates: now tested with GitLab CI/CD
  • Bastille Documentation has been updated and extended
  • bootstrap now supports optional update command to auto-patch release
  • Network config validation added to avoid disconnected containers



October 25, 2019

Halcyon Days (0.4.20191025)

Oct 25, 2019 – Nov 25, 2019


  • Added support for FreeBSD 11.3-RELEASE, 12.1-RC1, 12.1-RC2 and 12.1-RELEASE.
  • Added option to assign network interface during container creation, if empty bastille obeys config file.
  • Added NIC validation.
  • Improved IP validation.
  • Added ability to destroy regex-matching base releases, cache content not affected.
  • Added validation for the ZFS parameters.


  • Fix for container and releases output listing.
  • Fix for prevent double distfile.txz file extraction on bootstrap.
  • Fix for missing subsequent directory creation for cache/*-RELEASE.
  • Fix for missing subsequent directory creation for releases/*-RELEASE.
  • Fix for chflags removal and container/release directory deletion if exist.
  • Minor code fixes.

July 14, 2019

Bastille Day (0.3.20190714)

Jul 14, 2019 – Oct 25, 2019

Happy Bastille Day! (Of course we had a release to celebrate)


  • ip@interface syntax now (optionally) supported during bastille create.
  • template system now supports INCLUDE and SERVICE.
  • /usr/local/bastille now 0750 to avoid unprivileged users from accessing Bastille files, container, releases, etc.
  • template hook CONFIG renamed to OVERLAY.
  • support for listing container(s), template(s), log(s), release(s).
  • only reload firewall on start/stop if loopback networking used.
  • ZFS sub-command additions of get|set|snapshot.

June 22, 2019

Support ZFS! (0.3.2019062202)

Jun 22, 2019 – Jul 14, 2019


  • fixes bootstrap regression in non-zfs installs
  • makes cp sub-command verbose (cp -av)
  • adds support for cloning templates from GitLab
  • code cleanup and formatting service sub-command added for managing services within container
  • verify sub-command documented properly

May 22, 2019

Support HardenedBSD! (0.3.20190522)

May 22, 2019 – Jun 22, 2019


  • This release adds initial (basic) support for HardenedBSD as a platform
  • Bastille now works on HardenedBSD and should work on OPNsense

November 13, 2018

Template Support (0.3.20181113)

Nov 13, 2018 – May 22, 2019


  • This release supports basic templates in Bastille. See README for details.

November 07, 2018

Good ‘nuf (0.3.20191107)

Nov 7, 2018 – Nov 13, 2018


  • this release should be “good ‘nuf” for others to use

April 6, 2018

Initial Commit (alpha)

Apr 6, 2018 – Nov 7, 2018


  • alpha quality.
  • no guarantees.
  • basic proof of concept.
  • startup script included