BastilleBSD/bastille
2
0
Fork 0
Code Pull Requests Actions Packages Releases Activity

Update README

Browse Source
This commit is contained in:
pc
2020-02-01 16:12:20 +00:00
parent e408254448
commit fe16a25cee
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@@ -159,21 +159,24 @@ container at `10.17.89.45`.
Finally, enable and (re)start the firewall: Finally, enable and (re)start the firewall:
## dynamic rdr anchor (see below) ## dynamic rdr
rdr-anchor "rdr/*"
The `rdr-anchor "rdr/*"` anables dynamic rdr rules to be setup using the The `rdr-anchor "rdr/*"` enables dynamic rdr rules to be setup using the
`bastille rdr` command at runtime - eg. `bastille rdr` command at runtime - eg.
```
bastille rdr <jail> --tcp 2001 22 # Redirects tcp port 2001 on host to 22 on jail bastille rdr <jail> --tcp 2001 22 # Redirects tcp port 2001 on host to 22 on jail
bastille rdr <jail> --udp 2053 53 # Same for udp bastille rdr <jail> --udp 2053 53 # Same for udp
bastille rdr <jail> --list # List dynamic rdr rules bastille rdr <jail> --list # List dynamic rdr rules
bastille rdr <jail> --clear # Clear dynamic rdr rules bastille rdr <jail> --clear # Clear dynamic rdr rules
```
Note that if you are rediirecting ports where the host is also listening Note that if you are rediirecting ports where the host is also listening
(eg. ssh) you should make sure that the host service is not listening on (eg. ssh) you should make sure that the host service is not listening on
the cloned interface - eg. for ssh set sshd_flags in rc.conf the cloned interface - eg. for ssh set sshd_flags in rc.conf
## Enable pf rules
```shell ```shell
ishmael ~ # sysrc pf_enable="YES" ishmael ~ # sysrc pf_enable="YES"
ishmael ~ # service pf restart ishmael ~ # service pf restart