Bastille VNET on GCP

Bastille VNET runs on GCP with a few small tweaks. In summary, they are:

• change MTU setting in jib script

• add an IP address to the bridge interface

• configure host pf to NAT and allow bridge traffic

• set defaultrouter and nameserver in the host

## Change MTU in the jib script

GCP uses vtnet with MTU 1460, which [jib fails on](https://github.com/BastilleBSD/bastille/issues/538).

Apply the below patch to set the correct MTU. You may need to cp /usr/share/examples/jails/jib /usr/local/bin/ first.

patch /usr/local/bin/jib jib.patch

## Configure bridge interface

Configure the bridge interface in /etc/rc.conf so it is available in the firewall rules.

## Configure host pf

This basic /etc/pf.conf allow incoming packets on the bridge interface, and NATs them through the external interface:

Restart the host and make sure everything comes up correctly. You should see the following ifconfig:

## Configure router and resolver for new jails

Set the default network gateway for new jails as described in the Networking chapter, and configure a default resolver.

You can now create a VNET jail with bastille create -V myjail 13.2-RELEASE 192.168.1.50/24 vtnet0