We’re excited to announce BastilleBSD, a new FreeBSD-based distribution designed for modern system administrators, privacy-conscious users, and DevOps professionals. BastilleBSD is built to be secure-by-default, automated from first boot, and ready for serious work—right out of the box.

This is more than just FreeBSD with pre-installed packages. BastilleBSD is a curated, hardened FreeBSD experience with a modern toolset and sane defaults, tailored for both servers and power users.

What’s Included: Bastille – Container automation for FreeBSD, pre-installed and auto-configured.

Rocinante – Host configuration management using Bastillefile-style templates.

Modern shells and tools – Zsh (default), with bash, fish, vim-tiny, git-tiny, htop, and more.

Pre-configured automation – On first boot, BastilleBSD automatically:

Runs ‘bastille setup’, configuring the host networking, ZFS storage, and a secure firewall

Bootstraps the host release and applies latest patches

Privacy & Security by Default: Hardened sysctl values inspired by HardenedBSD

Secure SSH defaults (no DSA/ECDSA, modern ciphers, stricter MACs/KEX)

Firewall (pf) enabled out of the box

doas configured for the wheel group – no sudo required

DNS-over-HTTPS with blocky, preconfigured to forward encrypted DNS to privacy-friendly Quad9

openntpd – lightweight and privacy-respecting time sync, already set up

smartd – pre-installed and ready to monitor drive health

Plus: Uses pkg-base by default — no freebsd-update needed

Custom boot graphics and branding

Clean ZFS defaults, periodic snapshots optional

BastilleBSD is fully compatible with FreeBSD and will track upstream point releases (e.g., BastilleBSD-14.3-RELEASE). This is a distribution for people who want FreeBSD to just work with modern tools, privacy-first defaults, and zero guesswork.

Get it, test it, break it! We’re eager to hear your feedback and ideas for future improvements.

🖥️ Download: https://download.bastillebsd.org