Creating a Jail: Step by Step

The entire process takes only a few minutes and results in a fully functional, network-accessible environment.

Download the base system
We start by fetching the official FreeBSD release archive (base.txz). This contains the minimal userland and kernel modules needed.

fetch https://download.freebsd.org/releases/amd64/amd64/14.3-RELEASE/base.txz -o /vm/jls/base-143.txz

Prepare the jail root directory
Create a directory for the new jail and extract the archive directly into it.

mkdir /vm/jls/143-test
tar -xf /vm/jls/base-143.txz -C /vm/jls/143-test --unlink

Copy essential host files
The jail needs a working DNS resolver and timezone configuration.

cp /etc/resolv.conf /vm/jls/143-test/etc/
cp /etc/localtime /vm/jls/143-test/etc

Define the jail configuration
Create a file /etc/jail.conf.d/143-test.conf with the following content. This is the heart of the setup — a few lines that define everything the jail needs.

 143-test {
    # Startup and shutdown
    exec.start = "/bin/sh /etc/rc";
    exec.stop = "/bin/sh /etc/rc.shutdown";
    exec.consolelog = "/var/log/jail_console_${name}.log";
    # Permissions and devices
    allow.raw_sockets;
    exec.clean;
    mount.devfs;
    # Hostname and path
    host.hostname = "${name}";
    path = "/vm/jls/${name}";
    # Network (simple shared networking — no VNET!)
    ip4.addr = 192.168.2.82;
    interface = igc1;
 }

Start the jail
One command brings it online.

service jail start 143-test

Update the jail
Run updates inside the new environment so it’s fully patched.

freebsd-update -b /vm/jls/143-test fetch install

Initial setup inside the jail
Enter the jail and configure basic services (here, enabling SSH access as an example).

jexec -U root 143-test
# Inside the jail:
# Edit /etc/ssh/sshd_config to allow root login with password (PermitRootLogin yes)
sysrc sshd_enable="YES"
service sshd start
passwd root   # Set a strong root password
exit

That's it. You now have a running jail with its own filesystem, processes, and a dedicated IP address on your local network. You can SSH directly to 192.168.2.82 as root and work as if it were a separate machine.

Why This Approach Is So Simple and Lightweight

Traditional virtualization or container setups on other platforms often require:
- Creating bridges or virtual network interfaces
- Setting up epair pairs and VNET
- Configuring NAT and firewall rules
- Tweaking sysctls for networking
- Permanent changes to rc.conf

FreeBSD jails with shared networking avoid all of that. The jail reuses the host’s network stack directly, which is both simpler and more efficient.

Space usage is minimal too. After creation and updates, a typical jail occupies well under 500 MB:

# du -h -d1 .
463M    ./143-test

Compare that to a full VM image, which easily exceeds several gigabytes even for a minimal install.

Deleting a Jail: Clean and Complete Removal

When you’re done, removing a jail is just as straightforward — no leftover interfaces, bridges, or configuration fragments.

Stop the jail

service jail stop 143-test

Clear immutable flags (if any files were protected)

chflags -R 0 /vm/jls/143-test

Delete the entire directory

rm -fr /vm/jls/143-test

Optionally, remove the configuration file /etc/jail.conf.d/143-test.conf. That’s all — the jail is gone, with no traces left in the network stack or host configuration.

Conclusions

FreeBSD jails strike a rare balance: powerful isolation with almost zero administrative overhead. The process shown here — from download to deletion — requires only basic commands, a short configuration snippet, and no special networking gymnastics. Whether you’re testing software, running services in isolated environments, or experimenting with different FreeBSD versions, jails remain one of the most elegant solutions available.

If you’ve been hesitant to try jails because you assumed they were complex, give this method a shot. You’ll likely be surprised at how quickly you can create, use, and discard isolated environments on FreeBSD. Happy jailing!