Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2026-01-06 04:34:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

ip6: Update clone, rename, and network

Browse Source
This commit is contained in:
tschettervictor
2025-06-02 19:35:55 -06:00
parent fc2eeaa834
commit 1a8e142b15
4 changed files with 194 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

213
usr/local/share/bastille/clone.sh
View File

@@ -109,24 +109,37 @@ fi
validate_ip() { validate_ip() {
local IP="${1}" local _ip="${1}"
IP6_MODE="disable" local _ip6="$(echo ${_ip} | grep -E '^(([a-fA-F0-9:]+$)|([a-fA-F0-9:]+\/[0-9]{1,3}$)|SLAAC)')"
ip6=$(echo "${IP}" | grep -E '^(([a-fA-F0-9:]+$)|([a-fA-F0-9:]+\/[0-9]{1,3}$))')
if [ -n "${ip6}" ]; then
info "\nValid: (${ip6})."
IP6_MODE="new"
elif { [ "${IP}" = "0.0.0.0" ] || [ "${IP}" = "DHCP" ]; } && [ "$(bastille config ${TARGET} get vnet)" = "enabled" ]; then
info "\nValid: (${IP})."
if [ -n "${_ip6}" ]; then
if [ "${_ip6}" = "SLAAC" ]; then
if [ "$(bastille config ${TARGET} get vnet)" != "enabled" ]; then
error_exit "[ERROR]: Unsupported IP option for standard jail: (${_ip6})."
fi
else
info "\nValid: (${_ip6})."
IP6_ADDR="${_ip6}"
fi
elif [ "${_ip}" = "inherit" ] || [ "${_ip}" = "ip_hostname" ]; then
if [ "$(bastille config ${TARGET} get vnet)" = "enabled" ]; then
error_exit "[ERROR]: Unsupported IP option for VNET jail: (${_ip})."
else
info "\nValid: (${_ip})."
IP4_ADDR="${_ip}"
IP6_ADDR="${_ip}"
fi
elif [ "${_ip}" = "0.0.0.0" ] || [ "${_ip}" = "DHCP" ] || [ "${_ip}" = "SYNCDHCP" ]; then
if [ "$(bastille config ${TARGET} get vnet)" = "enabled" ]; then
info "\nValid: (${_ip})."
IP4_ADDR="${_ip}"
else
error_exit "[ERROR]: Unsupported IP option for standard jail: (${_ip})."
fi
else else
local IFS local IFS
if echo "${IP}" | grep -Eq '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))?$'; then if echo "${_ip}" | grep -Eq '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))?$'; then
TEST_IP=$(echo "${IP}" | cut -d / -f1) TEST_IP=$(echo "${_ip}" | cut -d / -f1)
IFS=. IFS=.
set ${TEST_IP} set ${TEST_IP}
for quad in 1 2 3 4; do for quad in 1 2 3 4; do
@@ -138,15 +151,26 @@ validate_ip() {
if ifconfig | grep -qwF "${TEST_IP}"; then if ifconfig | grep -qwF "${TEST_IP}"; then
warn "\nWarning: IP address already in use (${TEST_IP})." warn "\nWarning: IP address already in use (${TEST_IP})."
else else
info "\nValid: (${IP})." info "\nValid: (${_ip})."
IP4_ADDR="${_ip}"
fi fi
else else
error_exit "Invalid: (${IP})." error_exit "Invalid: (${_ip})."
fi fi
fi fi
} }
validate_ips() {
IP4_ADDR=""
IP6_ADDR=""
for ip in ${IP}; do
validate_ip "${ip}"
done
}
update_jailconf() { update_jailconf() {
# Update jail.conf # Update jail.conf
@@ -181,9 +205,9 @@ update_jailconf() {
_ip="$(echo ${_ip} | awk -F"|" '{print $2}')" _ip="$(echo ${_ip} | awk -F"|" '{print $2}')"
fi fi
if [ "${_interface}" != "not set" ]; then if [ "${_interface}" != "not set" ]; then
sed -i '' "s#.*ip4.addr = .*# ip4.addr = ${_interface}|${IP};#" "${JAIL_CONFIG}" sed -i '' "s#.*ip4.addr = .*# ip4.addr = ${_interface}|${IP4_ADDR};#" "${JAIL_CONFIG}"
else else
sed -i '' "\#ip4.addr = .*# s#${_ip}#${IP}#" "${JAIL_CONFIG}" sed -i '' "\#ip4.addr = .*# s#${_ip}#${IP4_ADDR}#" "${JAIL_CONFIG}"
fi fi
sed -i '' "\#ip4.addr += .*# s#${_ip}#127.0.0.1#" "${JAIL_CONFIG}" sed -i '' "\#ip4.addr += .*# s#${_ip}#127.0.0.1#" "${JAIL_CONFIG}"
done done
@@ -196,12 +220,11 @@ update_jailconf() {
_ip="$(echo ${_ip} | awk -F"|" '{print $2}')" _ip="$(echo ${_ip} | awk -F"|" '{print $2}')"
fi fi
if [ "${_interface}" != "not set" ]; then if [ "${_interface}" != "not set" ]; then
sed -i '' "s#.*${_interface} = .*# ip6.addr = ${_interface}|${IP};/" "${JAIL_CONFIG}" sed -i '' "s#.*${_interface} = .*# ip6.addr = ${_interface}|${IP6_ADDR};/" "${JAIL_CONFIG}"
else else
sed -i '' "\#ip6.addr = .*# s#${_ip}#${IP}#" "${JAIL_CONFIG}" sed -i '' "\#ip6.addr = .*# s#${_ip}#${IP6_ADDR}#" "${JAIL_CONFIG}"
fi fi
sed -i '' "\#ip6.addr += .*# s#${_ip}#127.0.0.1#" "${JAIL_CONFIG}" sed -i '' "\#ip6.addr += .*# s#${_ip}#::1#" "${JAIL_CONFIG}"
sed -i '' "s#ip6 = .*#ip6 = ${IP6_MODE};#" "${JAIL_CONFIG}"
done done
fi fi
fi fi
@@ -272,34 +295,52 @@ update_jailconf_vnet() {
sed -i '' "s|${_new_jail_epair} ether.*:.*:.*:.*:.*:.*b\";|${_new_jail_epair} ether ${macaddr}b\";|" "${_jail_conf}" sed -i '' "s|${_new_jail_epair} ether.*:.*:.*:.*:.*:.*b\";|${_new_jail_epair} ether ${macaddr}b\";|" "${_jail_conf}"
fi fi
# Replace epair description
sed -i '' "/${_new_host_epair}/ s|vnet host interface for Bastille jail ${TARGET}|vnet host interface for Bastille jail ${NEWNAME}|g" "${_jail_conf}"
# Update /etc/rc.conf # Update /etc/rc.conf
local _jail_vnet="$(grep ${_target_jail_epair} "${_rc_conf}" | grep -Eo -m 1 "vnet[0-9]+")" local _jail_vnet="$(grep ${_target_jail_epair} "${_rc_conf}" | grep -Eo -m 1 "vnet[0-9]+")"
local _jail_vnet_vlan="$(grep "vlans_${_jail_vnet}" "${_rc_conf}" | sed 's/.*=//g')" local _jail_vnet_vlan="$(grep "vlans_${_jail_vnet}" "${_rc_conf}" | sed 's/.*=//g')"
sed -i '' "s|${_target_jail_epair}_name|${_new_jail_epair}_name|" "${_rc_conf}" sed -i '' "s|${_target_jail_epair}_name|${_new_jail_epair}_name|" "${_rc_conf}"
if grep "vnet0" "${_rc_conf}" | grep -q "${_new_jail_epair}_name"; then # IP4
if [ -n "${_jail_vnet_vlan}" ]; then if [ -n "${IP4_ADDR}" ]; then
if [ "${IP}" = "0.0.0.0" ] || [ "${IP}" = "DHCP" ]; then if grep "vnet0" "${_rc_conf}" | grep -q "${_new_jail_epair}_name"; then
sysrc -f "${_rc_conf}" ifconfig_vnet0_${_jail_vnet_vlan}="SYNCDHCP" if [ -n "${_jail_vnet_vlan}" ]; then
if [ "${IP4_ADDR}" = "0.0.0.0" ] || [ "${IP4_ADDR}" = "DHCP" ] || [ "${IP4_ADDR}" = "SYNCDHCP" ]; then
sysrc -f "${_rc_conf}" ifconfig_vnet0_${_jail_vnet_vlan}="SYNCDHCP"
else
sysrc -f "${_rc_conf}" ifconfig_vnet0_${_jail_vnet_vlan}="inet ${IP4_ADDR}"
fi
else else
sysrc -f "${_rc_conf}" ifconfig_vnet0_${_jail_vnet_vlan}="inet ${IP}" if [ "${IP4_ADDR}" = "0.0.0.0" ] || [ "${IP4_ADDR}" = "DHCP" ] || [ "${IP4_ADDR}" = "SYNCDHCP" ]; then
sysrc -f "${_rc_conf}" ifconfig_vnet0="SYNCDHCP"
else
sysrc -f "${_rc_conf}" ifconfig_vnet0="inet ${IP4_ADDR}"
fi
fi fi
else else
if [ "${IP}" = "0.0.0.0" ] || [ "${IP}" = "DHCP" ]; then if [ -n "${_jail_vnet_vlan}" ]; then
sysrc -f "${_rc_conf}" ifconfig_vnet0="SYNCDHCP" sysrc -f "${_rc_conf}" ifconfig_${_jail_vnet}_${_jail_vnet_vlan}="SYNCDHCP"
else else
sysrc -f "${_rc_conf}" ifconfig_vnet0="inet ${IP}" sysrc -f "${_rc_conf}" ifconfig_${_jail_vnet}="SYNCDHCP"
fi fi
fi fi
else
if [ -n "${_jail_vnet_vlan}" ]; then
sysrc -f "${_rc_conf}" ifconfig_${_jail_vnet}_${_jail_vnet_vlan}="SYNCDHCP"
else
sysrc -f "${_rc_conf}" ifconfig_${_jail_vnet}="SYNCDHCP"
fi
fi fi
# IP6
if [ -n "${IP6_ADDR}" ]; then
if grep "vnet0" "${_rc_conf}" | grep -q "${_new_jail_epair}_name"; then
if [ "${IP6_ADDR}" = "SLAAC" ]; then
sysrc -f "${_rc_conf}" ifconfig_vnet0_ipv6="inet6 -ifdisabled accept_rtadv"
else
sysrc -f "${_rc_conf}" ifconfig_vnet0_ipv6="inet6 -ifdisabled ${IP6_ADDR}"
fi
else
if [ "${IP6_ADDR}" = "SLAAC" ]; then
sysrc -f "${_rc_conf}" ifconfig_${_jail_vnet}_ipv6="inet6 -ifdisabled accept_rtadv"
fi
fi
fi
# Replace epair description
sed -i '' "/${_new_host_epair}/ s|${_jail_vnet} host interface for Bastille jail ${TARGET}|${_jail_vnet} host interface for Bastille jail ${NEWNAME}|g" "${_jail_conf}"
break break
fi fi
done done
@@ -329,27 +370,48 @@ update_jailconf_vnet() {
# Update /etc/rc.conf # Update /etc/rc.conf
sed -i '' "s|ifconfig_e0b_${_if}_name|ifconfig_e0b_${_jail_if}_name|" "${_rc_conf}" sed -i '' "s|ifconfig_e0b_${_if}_name|ifconfig_e0b_${_jail_if}_name|" "${_rc_conf}"
if grep "vnet0" "${_rc_conf}" | grep -q ${_jail_if}; then # IP4
if [ -n "${_jail_vnet_vlan}" ]; then if [ -n "${IP4_ADDR}" ]; then
if [ "${IP}" = "0.0.0.0" ] || [ "${IP}" = "DHCP" ]; then if grep "vnet0" "${_rc_conf}" | grep -q "${_new_jail_epair}_name"; then
sysrc -f "${_rc_conf}" ifconfig_vnet0_${_jail_vnet_vlan}="SYNCDHCP" if [ -n "${_jail_vnet_vlan}" ]; then
if [ "${IP4_ADDR}" = "0.0.0.0" ] || [ "${IP4_ADDR}" = "DHCP" ] || [ "${IP4_ADDR}" = "SYNCDHCP" ]; then
sysrc -f "${_rc_conf}" ifconfig_vnet0_${_jail_vnet_vlan}="SYNCDHCP"
else
sysrc -f "${_rc_conf}" ifconfig_vnet0_${_jail_vnet_vlan}="inet ${IP4_ADDR}"
fi
else else
sysrc -f "${_rc_conf}" ifconfig_vnet0_${_jail_vnet_vlan}="inet ${IP}" if [ "${IP4_ADDR}" = "0.0.0.0" ] || [ "${IP4_ADDR}" = "DHCP" ] || [ "${IP4_ADDR}" = "SYNCDHCP" ]; then
sysrc -f "${_rc_conf}" ifconfig_vnet0="SYNCDHCP"
else
sysrc -f "${_rc_conf}" ifconfig_vnet0="inet ${IP4_ADDR}"
fi
fi fi
else else
if [ "${IP}" = "0.0.0.0" ] || [ "${IP}" = "DHCP" ]; then if [ -n "${_jail_vnet_vlan}" ]; then
sysrc -f "${_rc_conf}" ifconfig_vnet0="SYNCDHCP" sysrc -f "${_rc_conf}" ifconfig_${_jail_vnet}_${_jail_vnet_vlan}="SYNCDHCP"
else else
sysrc -f "${_rc_conf}" ifconfig_vnet0="inet ${IP}" sysrc -f "${_rc_conf}" ifconfig_${_jail_vnet}="SYNCDHCP"
fi fi
fi fi
else
if [ -n "${_jail_vnet_vlan}" ]; then
sysrc -f "${_rc_conf}" ifconfig_${_jail_vnet}_${_jail_vnet_vlan}="SYNCDHCP"
else
sysrc -f "${_rc_conf}" ifconfig_${_jail_vnet}="SYNCDHCP"
fi
fi fi
# IP6
if [ -n "${IP6_ADDR}" ]; then
if grep "vnet0" "${_rc_conf}" | grep -q "${_new_jail_epair}_name"; then
if [ "${IP6_ADDR}" = "SLAAC" ]; then
sysrc -f "${_rc_conf}" ifconfig_vnet0_ipv6="inet6 -ifdisabled accept_rtadv"
else
sysrc -f "${_rc_conf}" ifconfig_vnet0_ipv6="inet6 -ifdisabled ${IP6_ADDR}"
fi
else
if [ "${IP6_ADDR}" = "SLAAC" ]; then
sysrc -f "${_rc_conf}" ifconfig_${_jail_vnet}_ipv6="inet6 -ifdisabled accept_rtadv"
fi
fi
fi
# Replace epair description
sed -i '' "/${_jail_if}/ s|${_jail_vnet} host interface for Bastille jail ${TARGET}|${_jail_vnet} host interface for Bastille jail ${NEWNAME}|g" "${_jail_conf}"
break break
fi fi
done done
@@ -375,25 +437,42 @@ update_jailconf_vnet() {
# Update /etc/rc.conf # Update /etc/rc.conf
sed -i '' "s|ifconfig_ng0_${_if}_name|ifconfig_ng0_${_jail_if}_name|" "${_rc_conf}" sed -i '' "s|ifconfig_ng0_${_if}_name|ifconfig_ng0_${_jail_if}_name|" "${_rc_conf}"
if grep "vnet0" "${_rc_conf}" | grep -q ${_jail_if}; then # IP4
if [ -n "${_jail_vnet_vlan}" ]; then if [ -n "${IP4_ADDR}" ]; then
if [ "${IP}" = "0.0.0.0" ] || [ "${IP}" = "DHCP" ]; then if grep "vnet0" "${_rc_conf}" | grep -q "${_new_jail_epair}_name"; then
sysrc -f "${_rc_conf}" ifconfig_vnet0_${_jail_vnet_vlan}="SYNCDHCP" if [ -n "${_jail_vnet_vlan}" ]; then
if [ "${IP4_ADDR}" = "0.0.0.0" ] || [ "${IP4_ADDR}" = "DHCP" ] || [ "${IP4_ADDR}" = "SYNCDHCP" ]; then
sysrc -f "${_rc_conf}" ifconfig_vnet0_${_jail_vnet_vlan}="SYNCDHCP"
else
sysrc -f "${_rc_conf}" ifconfig_vnet0_${_jail_vnet_vlan}="inet ${IP4_ADDR}"
fi
else else
sysrc -f "${_rc_conf}" ifconfig_vnet0_${_jail_vnet_vlan}="inet ${IP}" if [ "${IP4_ADDR}" = "0.0.0.0" ] || [ "${IP4_ADDR}" = "DHCP" ] || [ "${IP4_ADDR}" = "SYNCDHCP" ]; then
sysrc -f "${_rc_conf}" ifconfig_vnet0="SYNCDHCP"
else
sysrc -f "${_rc_conf}" ifconfig_vnet0="inet ${IP4_ADDR}"
fi
fi fi
else else
if [ "${IP}" = "0.0.0.0" ] || [ "${IP}" = "DHCP" ]; then if [ -n "${_jail_vnet_vlan}" ]; then
sysrc -f "${_rc_conf}" ifconfig_vnet0="SYNCDHCP" sysrc -f "${_rc_conf}" ifconfig_${_jail_vnet}_${_jail_vnet_vlan}="SYNCDHCP"
else else
sysrc -f "${_rc_conf}" ifconfig_vnet0="inet ${IP}" sysrc -f "${_rc_conf}" ifconfig_${_jail_vnet}="SYNCDHCP"
fi fi
fi fi
else fi
if [ -n "${_jail_vnet_vlan}" ]; then # IP6
sysrc -f "${_rc_conf}" ifconfig_${_jail_vnet}_${_jail_vnet_vlan}="SYNCDHCP" if [ -n "${IP6_ADDR}" ]; then
if grep "vnet0" "${_rc_conf}" | grep -q "${_new_jail_epair}_name"; then
if [ "${IP6_ADDR}" = "SLAAC" ]; then
sysrc -f "${_rc_conf}" ifconfig_vnet0_ipv6="inet6 -ifdisabled accept_rtadv"
else
sysrc -f "${_rc_conf}" ifconfig_vnet0_ipv6="inet6 -ifdisabled ${IP6_ADDR}"
fi
else else
sysrc -f "${_rc_conf}" ifconfig_${_jail_vnet}="SYNCDHCP" if [ "${IP6_ADDR}" = "SLAAC" ]; then
sysrc -f "${_rc_conf}" ifconfig_${_jail_vnet}_ipv6="inet6 -ifdisabled accept_rtadv"
fi
fi fi
fi fi
break break
@@ -425,7 +504,7 @@ clone_jail() {
fi fi
if [ -n "${IP}" ]; then if [ -n "${IP}" ]; then
validate_ip "${IP}" validate_ips
else else
usage usage
fi fi

14
usr/local/share/bastille/create.sh
View File

@@ -83,21 +83,21 @@ validate_ip() {
if [ -n "${_ip6}" ]; then if [ -n "${_ip6}" ]; then
info "\nValid: (${_ip6})." info "\nValid: (${_ip6})."
# This is only used in this function to set IPX_DEFINITION # This is only used in this function to set IPX_DEFINITION
local ipx_addr="ip6.addr" local ipx_addr="ip6.addr"
else else
if [ "${_ip}" = "inherit" ] || [ "${_ip}" = "ip_hostname" ]; then if [ "${_ip}" = "inherit" ] || [ "${_ip}" = "ip_hostname" ]; then
if [ -n "${VNET_JAIL}" ]; then if [ -n "${VNET_JAIL}" ]; then
error_exit "[ERROR]: Unsupported IP option for standard jail: (${_ip})." error_exit "[ERROR]: Unsupported IP option for standard jail: (${_ip})."
else else
info "\nValid: (${_ip})." info "\nValid: (${_ip})."
fi fi
elif [ "${_ip}" = "DHCP" ] || [ "${_ip}" = "SYNCDHCP" ] || [ "${_ip}" = "0.0.0.0" ]; then elif [ "${_ip}" = "DHCP" ] || [ "${_ip}" = "SYNCDHCP" ] || [ "${_ip}" = "0.0.0.0" ]; then
if [ -z "${VNET_JAIL}" ]; then if [ -z "${VNET_JAIL}" ]; then
error_exit "[ERROR]: Unsupported IP option for VNET jail: (${_ip})." error_exit "[ERROR]: Unsupported IP option for VNET jail: (${_ip})."
else else
info "\nValid: (${_ip})." info "\nValid: (${_ip})."
fi fi
else else
local IFS local IFS
if echo "${_ip}" | grep -Eq '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))?$'; then if echo "${_ip}" | grep -Eq '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))?$'; then

61
usr/local/share/bastille/network.sh
View File

@@ -177,15 +177,15 @@ fi
validate_ip() { validate_ip() {
IP6_ENABLE=0
local ip="${1}" local ip="${1}"
local ip6="$( echo "${ip}" 2>/dev/null | grep -E '^(([a-fA-F0-9:]+$)|([a-fA-F0-9:]+\/[0-9]{1,3}$)|SLAAC)' )" local ip6="$( echo "${ip}" 2>/dev/null | grep -E '^(([a-fA-F0-9:]+$)|([a-fA-F0-9:]+\/[0-9]{1,3}$)|SLAAC)' )"
if [ -n "${ip6}" ]; then if [ -n "${ip6}" ]; then
info "\nValid: (${ip6})." info "\nValid: (${ip6})."
IP6_ENABLE=1 IP6_ADDR="${ip6}"
elif [ "${ip}" = "0.0.0.0" ] || [ "${ip}" = "DHCP" ]; then elif [ "${ip}" = "0.0.0.0" ] || [ "${ip}" = "DHCP" ] || [ "${ip}" = "SYNCDHCP" ]; then
info "\nValid: (${ip})." info "\nValid: (${ip})."
IP4_ADDR="${ip}"
else else
local IFS local IFS
if echo "${ip}" 2>/dev/null | grep -Eq '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))?$'; then if echo "${ip}" 2>/dev/null | grep -Eq '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))?$'; then
@@ -198,6 +198,7 @@ validate_ip() {
fi fi
done done
info "\nValid: (${ip})." info "\nValid: (${ip})."
IP4_ADDR="${ip}"
else else
error_exit "Invalid: (${ip})." error_exit "Invalid: (${ip})."
fi fi
@@ -303,12 +304,18 @@ EOF
# Add config to /etc/rc.conf # Add config to /etc/rc.conf
sysrc -f "${_jail_rc_config}" ifconfig_${jail_epair}_name="${_if_vnet}" sysrc -f "${_jail_rc_config}" ifconfig_${jail_epair}_name="${_if_vnet}"
if [ -n "${_ip}" ]; then if [ -n "${IP6_ADDR}" ]; then
if [ "${IP6_ADDR}" = "SLAAC" ]; then
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}_ipv6="inet6 -ifdisabled accept_rtadv"
else
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}_ipv6="inet6 -ifdisabled ${IP6_ADDR}"
fi
elif [ -n "${IP4_ADDR}" ]; then
# If 0.0.0.0 set DHCP, else set static IP address # If 0.0.0.0 set DHCP, else set static IP address
if [ "${_ip}" = "0.0.0.0" ] || [ "${_ip}" = "DHCP" ]; then if [ "${_ip}" = "0.0.0.0" ] || [ "${_ip}" = "DHCP" ] || [ "${_ip}" = "SYNCDHCP" ]; then
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}="SYNCDHCP" sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}="SYNCDHCP"
else else
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}="inet ${_ip}" sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}="inet ${IP4_ADDR}"
fi fi
fi fi
@@ -350,16 +357,22 @@ EOF
fi fi
# Add config to /etc/rc.conf # Add config to /etc/rc.conf
sysrc -f "${_jail_rc_config}" ifconfig_e0b_${_jail_if}_name="${_if_vnet}" sysrc -f "${_jail_rc_config}" ifconfig_e0b_${_jail_if}_name="${_if_vnet}"
if [ -n "${_ip}" ]; then if [ -n "${IP6_ADDR}" ]; then
if [ "${IP6_ADDR}" = "SLAAC" ]; then
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}_ipv6="inet6 -ifdisabled accept_rtadv"
else
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}_ipv6="inet6 -ifdisabled ${IP6_ADDR}"
fi
elif [ -n "${IP4_ADDR}" ]; then
# If 0.0.0.0 set DHCP, else set static IP address # If 0.0.0.0 set DHCP, else set static IP address
if [ "${_ip}" = "0.0.0.0" ] || [ "${_ip}" = "DHCP" ]; then if [ "${_ip}" = "0.0.0.0" ] || [ "${_ip}" = "DHCP" ] || [ "${_ip}" = "SYNCDHCP" ]; then
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}="SYNCDHCP" sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}="SYNCDHCP"
else else
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}="inet ${_ip}" sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}="inet ${IP4_ADDR}"
fi fi
fi fi
echo "Added VNET interface: \"${_if}\"" echo "Added VNET interface: \"${_if}\""
elif [ "${bastille_network_vnet_type}" = "netgraph" ]; then elif [ "${bastille_network_vnet_type}" = "netgraph" ]; then
for _num in $(seq 0 "${_bastille_if_num_range}"); do for _num in $(seq 0 "${_bastille_if_num_range}"); do
if ! echo "${_bastille_if_list}" | grep -oqswx "${_num}"; then if ! echo "${_bastille_if_list}" | grep -oqswx "${_num}"; then
@@ -392,16 +405,17 @@ EOF
fi fi
# Add config to /etc/rc.conf # Add config to /etc/rc.conf
sysrc -f "${_jail_rc_config}" ifconfig_jng_${_jail_if}_name="${_if_vnet}" sysrc -f "${_jail_rc_config}" ifconfig_jng_${_jail_if}_name="${_if_vnet}"
if [ -n "${_ip}" ]; then if [ -n "${_ip}" ]; then
# If 0.0.0.0 set DHCP, else set static IP address # If 0.0.0.0 set DHCP, else set static IP address
if [ "${_ip}" = "0.0.0.0" ] || [ "${_ip}" = "DHCP" ]; then if [ "${_ip}" = "0.0.0.0" ] || [ "${_ip}" = "DHCP" ]; then
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}="SYNCDHCP" sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}="SYNCDHCP"
else else
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}="inet ${_ip}" sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}="inet ${_ip}"
fi fi
fi fi
echo "Added VNET interface: \"${_if}\"" echo "Added VNET interface: \"${_if}\""
fi fi
elif [ "${PASSTHROUGH}" -eq 1 ]; then elif [ "${PASSTHROUGH}" -eq 1 ]; then
# Remove ending brace (it is added again with the netblock) # Remove ending brace (it is added again with the netblock)
sed -i '' '/}/d' "${_jail_config}" sed -i '' '/}/d' "${_jail_config}"
@@ -412,19 +426,24 @@ EOF
} }
EOF EOF
# Add config to /etc/rc.conf # Add config to /etc/rc.conf
if [ -n "${_ip}" ]; then if [ -n "${IP6_ADDR}" ]; then
# If 0.0.0.0 set DHCP, else set static IP address if [ "${IP6_ADDR}" = "SLAAC" ]; then
if [ "${_ip}" = "0.0.0.0" ] || [ "${_ip}" = "DHCP" ]; then sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}_ipv6="inet6 -ifdisabled accept_rtadv"
sysrc -f "${_jail_rc_config}" ifconfig_${_if}="SYNCDHCP"
else else
sysrc -f "${_jail_rc_config}" ifconfig_${_if}="inet ${_ip}" sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}_ipv6="inet6 -ifdisabled ${IP6_ADDR}"
fi fi
fi elif [ -n "${IP4_ADDR}" ]; then
# If 0.0.0.0 set DHCP, else set static IP address
if [ "${_ip}" = "0.0.0.0" ] || [ "${_ip}" = "DHCP" ] || [ "${_ip}" = "SYNCDHCP" ]; then
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}="SYNCDHCP"
else
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}="inet ${IP4_ADDR}"
fi
fi
echo "Added Passthrough interface: \"${_if}\"" echo "Added Passthrough interface: \"${_if}\""
elif [ "${CLASSIC}" -eq 1 ]; then elif [ "${CLASSIC}" -eq 1 ]; then
if [ "${IP6_ENABLE}" -eq 1 ]; then if [ -n "${IP6_ADDR}" ]; then
sed -i '' "s/interface = .*/&\n ip6.addr += ${_if}|${_ip};/" ${_jail_config} sed -i '' "s/interface = .*/&\n ip6.addr += ${_if}|${_ip};/" ${_jail_config}
else else
sed -i '' "s/interface = .*/&\n ip4.addr += ${_if}|${_ip};/" ${_jail_config} sed -i '' "s/interface = .*/&\n ip4.addr += ${_if}|${_ip};/" ${_jail_config}

2
usr/local/share/bastille/rename.sh
View File

@@ -168,7 +168,7 @@ update_jailconf_vnet() {
sed -i '' "s|${_target_jail_epair} ether|${_new_jail_epair} ether|g" "${_jail_conf}" sed -i '' "s|${_target_jail_epair} ether|${_new_jail_epair} ether|g" "${_jail_conf}"
# Replace epair description # Replace epair description
sed -i '' "s|vnet host interface for Bastille jail ${TARGET}|vnet host interface for Bastille jail ${NEWNAME}|g" "${_jail_conf}" sed -i '' "s|${_new_host_epair} host interface for Bastille jail ${TARGET}|${_new_host_epair} host interface for Bastille jail ${NEWNAME}|g" "${_jail_conf}"
# Replace epair name in /etc/rc.conf # Replace epair name in /etc/rc.conf
sed -i '' "/ifconfig/ s|${_target_jail_epair}|${_new_jail_epair}|g" "${_rc_conf}" sed -i '' "/ifconfig/ s|${_target_jail_epair}|${_new_jail_epair}|g" "${_rc_conf}"