Quick Start

Description / name	Input element
Container Registry	GitHub Container Registry
Container Configuration Root Path
User ID
Group ID
Host Network Interface

Get daemonless containers running on FreeBSD in 5 minutes.

Customize Your Guide

Scroll to Interactive Configuration at the bottom to set your PUID, PGID, and paths. All commands will update automatically.

Prerequisites

Root Privileges Required

Podman on FreeBSD currently requires root. Rootless mode is not yet supported. All commands in this guide must be run as root (or via sudo/doas).

Install Podman and container networking:

pkg install podman-suite

ocijail Patch Required

Currently, a temporary patch for ocijail is required for .NET applications (Radarr/Sonarr). See ocijail patch.

Host Configuration

1. Enable Networking

Configure the kernel to allow packet filtering for local traffic and ensure fdescfs is mounted.

# Enable pf filtering for jails
sysctl net.pf.filter_local=1
echo 'net.pf.filter_local=1' >> /etc/sysctl.conf

# Mount fdescfs
mount -t fdescfs fdesc /dev/fd
echo 'fdesc /dev/fd fdescfs rw 0 0' >> /etc/fstab

2. Configure Firewall (pf.conf)

Add the following to /etc/pf.conf. Replace em0 if your external interface is different.

# Primary network interface
ext_if=em0

# Podman container networking
rdr-anchor "cni-rdr/*"
nat-anchor "cni-rdr/*"
table <cni-nat>
nat on $ext_if inet from <cni-nat> to any -> ($ext_if)
nat on $ext_if inet from 10.88.0.0/16 to any -> ($ext_if)

Reload the configuration:

pfctl -f /etc/pf.conf

3. Start Podman

sysrc podman_enable=YES
service podman start

Run Your First Container

We'll start with Tautulli, a lightweight Python app that doesn't require special permissions.

podman run -d --name tautulli \
  -p 8181:8181 \
  -e PUID=1000 -e PGID=1000 \
  -v /path/to/containers/tautulli:/config \
  ghcr.io/daemonless/tautulli:latest

Check the status:

podman ps
podman logs -f tautulli

Access the UI at: http://localhost:8181

.NET Applications

Applications like Radarr and Sonarr require the allow.mlock jail annotation to function correctly on FreeBSD.

podman run -d --name radarr \
  -p 7878:7878 \
  --annotation 'org.freebsd.jail.allow.mlock=true' \
  -e PUID=1000 -e PGID=1000 \
  -v /path/to/containers/radarr:/config \
  ghcr.io/daemonless/radarr:latest

Advanced Setup (Optional)

ZFS StorageContainer DNS

If you're using ZFS, configure Podman to use it for proper copy-on-write layering and snapshot support:

zfs create -o mountpoint=/var/db/containers/storage <pool>/podman

See ZFS Storage for storage.conf tuning.

To use container names as hostnames (e.g. postgres), the cni-dnsname plugin is required.

# Clone the ports overlay
git clone https://github.com/daemonless/freebsd-ports.git /usr/local/daemonless-ports

# Build and install
cd /usr/local/daemonless-ports/net/cni-dnsname
make install clean

See Networking Guide for details.

---

Interactive Configuration

Next Steps

• Available Images — Full image fleet
• Permissions — Understanding PUID/PGID
• Networking — Port forwarding vs host network