Overview
JADM (“jail admin”) is a Python-based framework for end-to-end FreeBSD jail management that builds on your existing /etc/jail.conf while transparently adding ZFS and VNET capabilities:
-
Unified configuration parsing Reads your
/etc/jail.conf, interprets both global and per-jail stanzas, and emits an extended internal representation that drives all subsequent actions (raw.githubusercontent.com). -
ZFS-backed jail homes Creates and manages ZFS datasets under a configurable pool (default
zroot/jails), including special “BASE” skeleton models:- A read-only dataset (
./BASE/) holding shared bits, - A writable template (
./BASE-SKELETON/) used for new BASE jails, and - Per-jail read-write datasets (
./BASE-RW/and./BASE-jailname/) subject to quotas and snapshot/restore workflows (raw.githubusercontent.com).
- A read-only dataset (
-
VNET networking with bridge + epair For each VNET jail, JADM:
- Creates an
epairdevice pair, - Attaches one end to a host bridge (e.g.
bridge1, which must carry at least one gateway IP), - Moves the other into the jail’s private network stack,
- Assigns the jail’s IP/netmask and installs a default route via the bridge gateway,
- Tears it down cleanly on stop (raw.githubusercontent.com).
- Creates an
-
Multiple jail types & template cloning
- VNET (isolated network stack)
- Host IP (uses any host-assigned address)
- BASE (skeleton models for standardized environments)
- Normal (built via
bsdinstall, source tree, or existing templates) When cloning from a template, JADM uses ZFS send/receive of snapshots and replicates local settings, avoiding direct ZFS clone dependencies (raw.githubusercontent.com).
-
Comprehensive CLI Commands include:
initsetup setup create modify destroy remove migrate snap start stop reboot shell list/jls gateways log help about verbose quit/exit— with
migrateusing an AES-encrypted socket plus SSH for ZFS replication, and full support for incremental updates and remote transfers (raw.githubusercontent.com). -
Seamless integration Produced jails remain fully compatible with standard tools (
jexec,service jail, etc.), and JADM references upstream man pages (jail(8),jail.conf(5),zfs(8),ifconfig(8),bridge(4)) for anything outside its scope (raw.githubusercontent.com).
For the complete list of options, configuration examples, and extended usage notes, see the jadm(8) manual or run:
jadm help
Quick start:
Custom FreeBSD kernel for vnet support:
options VIMAGE
If are not installed:
pkg install python27 pkg install py27-pip
Install via setup.py:
./setup.py build ./setup.py install
Create FreeBSD bridge interface and assign ip address:
ifconfig bridge1 create ifconfig bridge1 192.168.1.1/24 ifconfig bridge1 alias 10.10.10.1/24 etc ..
IPFW Nat setup:
ipfw add divert 8668 ip from any to any via (external interface)
Example FreeBSD config:
/etc/rc.conf
cloned_interfaces="bridge1" ipv4_addrs_bridge1="192.168.1.1/24 10.10.10.1/24"
gateway_enable=”YES”
arpproxy_all=”NO”
firewall_enable=”YES”
firewall_script=”/etc/ipfw.conf”
natd_enable=”YES”
natd_flags=”-f /etc/natd.conf”
jail_enable=”YES”
jail_parallel_start=”YES”
jail_list=”firstjaisl secondjail “
/etc/natd.conf
interface (external interface) dynamic yes same_ports yes
/etc/ipfw.conf
#!/bin/sh
fwcmd=”/sbin/ipfw -q”
eif=”(external interface)”
${fwcmd} -f flush
${fwcmd} add 65532 divert natd ip from any to any via ${eif}
CURRENT VERSION:
FreeBSD port source: