Super awesome guide for a begineer like me to follow! Many thanks for sharing :)

awesome post - thanks for taking the time to produce this - as a relative newcomer found this really useful - thanks!

Excellent work. Much appreciated.

Thanks for the guide!

great guide!! thanks for this.

Thanks for this. You should maybe consider putting these on Github instead of maintaining a post here.

The best resource for making IOCAGE jails work with popular packages.

Thank you for this proper guide for all of the popular jails. Also for keeping it updated

no nonsense to the point

Great guide and thanks for keeping it up to date!

Great Guide! This greatly helped and also set good practices on mounted the configs. In a future update could you add a build for NZBget and maybe qbittorrent as an alternative to transmission?

There are a few issues when I tried this last night, for instance Radarr (not tried sonarr) has a fetch issue pulling the ssl certs:
iocage exec radarr "fetch https://github.com/Radarr/Radarr/releases/download/v0.2.0.995/Radarr.develop.0.2.0.995.linux.tar.gz -o /usr/local/share"
Returns: Certificate verification failed

I got around this by adding: fetch --no-verify-peer

Lastly, can we use media:media credentials on all iocages so they all match and all have the same permissions to write/read to the same folders?
If so would I just have to change:
iocage exec radarr chown -R media:media /usr/local/share/Radarr /config
Because I tried this and just got an error :(

Lastly iocage exec radarr rm /usr/local/share/Radarr.*.linux.tar.gz
Didnt work, I had to go into the jail and do it manually, no biggie just thought I'd mention it.

Very thoughtful and concise "recipe" for getting these apps working under jails. The firewall rules and setup are particularly helpful.

The code is mostly good...
But the documentation and commenting is lacking...

I get what needs to be done/changed, but I fully understand other users' their comments about not getting it.

It's also lacking on the "after installation" instructions side...

I'm working on completely restructering it into a more user friendly format and i'm gratefull for these instructions because they where quite easy to make into actual scripts.

More info about how you can use them differently:
https://github.com/Ornias1993/jailman

For what I used, the code is organized and works, so thumbs up for that. The only thing that is missing is a simple screenshot of the pool/dataset layout that your guide is based on. This would help illustrate the design for the inexperienced FreeNAS users. Perhaps doing so will provide the clarity that others are seeking.

Concise and great guide for the "not-so-new" FreeNAS owner venturing up into 11.

Great succinct guide. No fluff, just the good stuff. Added a config for NZBGet at the end using some bits from your other sections. If you want to add it feel free. Thanks!

really good guide for those who use iocage or can work out from these commands how to do this in a jail.

ipfw rules do not work, see output here:

root@freenas:~ # iocage exec transmission service ipfw start
Flushed all rules.
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 deny ip from any to ::1
00500 deny ip from ::1 to any
00600 allow ipv6-icmp from :: to ff02::/16
00700 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 allow ipv6-icmp from any to any ip6 icmp6types 1
01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
03000 allow ip from 192.168.1.100 to 192.168.1.0/24 keep-state :default
03000 allow ip from 192.168.1.0/24 to 192.168.1.0 keep-state :default
04000 allow ip from 192.168.1.100 to 104.254.90.194 keep-state :default
05000 allow ip from any to any via tun*
65534 deny ip from any to any
Firewall rules loaded.

Very comprehensive and helpful. A few issues with transmission settings and ipfw rules though.

Transmission: If you don't set transmission_chown="NO", then transmission resets the mounted dataset ownership to root:wheel on start of service, which you don't want.

IPFW: When the openvpn is up, can't access transmission web from LAN. Transmission web is only accessible when openvpn is down. No solution updated for this yet so far.
I've been using this ipfw script which seems to work as a killswitch for openvpn.

#!/bin/bash
# Flush out the list before we begin
ipfw -q -f flush

# Set rules command prefix
cmd="ipfw -q add"
vpn="tun0"

# allow all local traffic on the loopback interface
$cmd 00001 allow all from any to any via lo0

# allow any connection to/from VPN interface
$cmd 00010 allow all from any to any via $vpn

# allow connection to/from LAN by Transmission
$cmd 00101 allow all from me to 10.11.102.0/24 uid transmission
$cmd 00102 allow all from 10.11.102.0/24 to me uid transmission

# deny any Transmission connection outside LAN that does not use VPN
$cmd 00103 deny all from any to any uid transmission