Fix for issue #403
This commit is contained in:
Daniel Ziltener
@@ -47,37 +47,42 @@ if [ $# -lt 2 ]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
TARGET="${1}"
|
TARGET="${1}"
|
||||||
|
JAIL_NAME=""
|
||||||
|
JAIL_IP=""
|
||||||
|
EXT_IF=""
|
||||||
shift
|
shift
|
||||||
|
|
||||||
# Can only redirect to single jail
|
check_jail_validity() {
|
||||||
if [ "${TARGET}" = 'ALL' ]; then
|
# Can only redirect to single jail
|
||||||
|
if [ "${TARGET}" = 'ALL' ]; then
|
||||||
error_exit "Can only redirect to a single jail."
|
error_exit "Can only redirect to a single jail."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check if jail name is valid
|
# Check if jail name is valid
|
||||||
JAIL_NAME=$(jls -j "${TARGET}" name 2>/dev/null)
|
JAIL_NAME=$(jls -j "${TARGET}" name 2>/dev/null)
|
||||||
if [ -z "${JAIL_NAME}" ]; then
|
if [ -z "${JAIL_NAME}" ]; then
|
||||||
error_exit "Jail not found: ${TARGET}"
|
error_exit "Jail not found: ${TARGET}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check if jail ip4 address (ip4.addr) is valid (non-VNET only)
|
# Check if jail ip4 address (ip4.addr) is valid (non-VNET only)
|
||||||
if [ "$(bastille config $TARGET get vnet)" != 'enabled' ]; then
|
if [ "$(bastille config $TARGET get vnet)" != 'enabled' ]; then
|
||||||
JAIL_IP=$(jls -j "${TARGET}" ip4.addr 2>/dev/null)
|
JAIL_IP=$(jls -j "${TARGET}" ip4.addr 2>/dev/null)
|
||||||
if [ -z "${JAIL_IP}" -o "${JAIL_IP}" = "-" ]; then
|
if [ -z "${JAIL_IP}" -o "${JAIL_IP}" = "-" ]; then
|
||||||
error_exit "Jail IP not found: ${TARGET}"
|
error_exit "Jail IP not found: ${TARGET}"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check if rdr-anchor is defined in pf.conf
|
# Check if rdr-anchor is defined in pf.conf
|
||||||
if ! (pfctl -sn | grep rdr-anchor | grep 'rdr/\*' >/dev/null); then
|
if ! (pfctl -sn | grep rdr-anchor | grep 'rdr/\*' >/dev/null); then
|
||||||
error_exit "rdr-anchor not found in pf.conf"
|
error_exit "rdr-anchor not found in pf.conf"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check if ext_if is defined in pf.conf
|
# Check if ext_if is defined in pf.conf
|
||||||
EXT_IF=$(grep '^[[:space:]]*ext_if[[:space:]]*=' /etc/pf.conf)
|
EXT_IF=$(grep '^[[:space:]]*ext_if[[:space:]]*=' /etc/pf.conf)
|
||||||
if [ -z "${EXT_IF}" ]; then
|
if [ -z "${EXT_IF}" ]; then
|
||||||
error_exit "ext_if not defined in pf.conf"
|
error_exit "ext_if not defined in pf.conf"
|
||||||
fi
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
# function: write rule to rdr.conf
|
# function: write rule to rdr.conf
|
||||||
persist_rdr_rule() {
|
persist_rdr_rule() {
|
||||||
@@ -96,17 +101,34 @@ load_rdr_rule() {
|
|||||||
while [ $# -gt 0 ]; do
|
while [ $# -gt 0 ]; do
|
||||||
case "$1" in
|
case "$1" in
|
||||||
list)
|
list)
|
||||||
|
if [ "${TARGET}" = 'ALL' ]; then
|
||||||
|
for JAIL_NAME in $(ls "${bastille_jailsdir}" | sed "s/\n//g"); do
|
||||||
|
echo "${JAIL_NAME} redirects:"
|
||||||
pfctl -a "rdr/${JAIL_NAME}" -Psn 2>/dev/null
|
pfctl -a "rdr/${JAIL_NAME}" -Psn 2>/dev/null
|
||||||
|
done
|
||||||
|
else
|
||||||
|
check_jail_validity
|
||||||
|
pfctl -a "rdr/${JAIL_NAME}" -Psn 2>/dev/null
|
||||||
|
fi
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
clear)
|
clear)
|
||||||
|
if [ "${TARGET}" = 'ALL' ]; then
|
||||||
|
for JAIL_NAME in $(ls "${bastille_jailsdir}" | sed "s/\n//g"); do
|
||||||
|
echo "${JAIL_NAME} redirects:"
|
||||||
pfctl -a "rdr/${JAIL_NAME}" -Fn
|
pfctl -a "rdr/${JAIL_NAME}" -Fn
|
||||||
|
done
|
||||||
|
else
|
||||||
|
check_jail_validity
|
||||||
|
pfctl -a "rdr/${JAIL_NAME}" -Fn
|
||||||
|
fi
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
tcp|udp)
|
tcp|udp)
|
||||||
if [ $# -lt 3 ]; then
|
if [ $# -lt 3 ]; then
|
||||||
usage
|
usage
|
||||||
fi
|
fi
|
||||||
|
check_jail_validity
|
||||||
persist_rdr_rule $1 $2 $3
|
persist_rdr_rule $1 $2 $3
|
||||||
load_rdr_rule $1 $2 $3
|
load_rdr_rule $1 $2 $3
|
||||||
shift 3
|
shift 3
|
||||||
|
|||||||
Reference in New Issue
Block a user