Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2025-12-23 10:40:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

start: Do not add IP to firewall table if it is in the same subnet

Browse Source
This commit is contained in:
tschettervictor
2025-02-20 09:47:36 -07:00
committed by GitHub
parent a1e58f4131
commit 1245b0e30e
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
usr/local/share/bastille/start.sh
View File

@@ -108,7 +108,10 @@ for _jail in ${JAILS}; do
if ifconfig | grep -qwF "${_ip}"; then if ifconfig | grep -qwF "${_ip}"; then
warn "Warning: IP address (${_ip}) already in use, continuing..." warn "Warning: IP address (${_ip}) already in use, continuing..."
fi fi
pfctl -q -t "${bastille_network_pf_table}" -T add "${_ip}" ## add ip to firewall table if it is not reachable through local interface (assumes NAT/rdr is needed)
if route -n get ${_ip} | grep "gateway" >/dev/null; then
pfctl -q -t "${bastille_network_pf_table}" -T add "${_ip}"
fi
else else
error_continue "Error: ${_if} interface does not exist." error_continue "Error: ${_if} interface does not exist."
fi fi
@@ -128,7 +131,10 @@ for _jail in ${JAILS}; do
if ifconfig | grep -qwF "${_ip}"; then if ifconfig | grep -qwF "${_ip}"; then
warn "Warning: IP address (${_ip}) already in use, continuing..." warn "Warning: IP address (${_ip}) already in use, continuing..."
fi fi
pfctl -q -t "${bastille_network_pf_table}" -T add "${_ip}" ## add ip to firewall table if it is not reachable through local interface (assumes NAT/rdr is needed)
if route -n get ${_ip} | grep "gateway" >/dev/null; then
pfctl -q -t "${bastille_network_pf_table}" -T add "${_ip}"
fi
else else
error_continue "Error: ${_if} interface does not exist." error_continue "Error: ${_if} interface does not exist."
fi fi