Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2025-12-18 16:21:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Permit outgoing connections during stop action

Browse Source
This commit is contained in:
Eric A. Borisch
2022-02-24 09:33:47 -06:00
committed by Eric A. Borisch
parent ff7de9167a
commit 24eb03c2e6
1 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
usr/local/share/bastille/stop.sh
View File

@@ -49,12 +49,8 @@ fi
for _jail in ${JAILS}; do
## test if running
if [ "$(/usr/sbin/jls name | awk "/^${_jail}$/")" ]; then
## remove ip4.addr from firewall table:jails
if [ -n "${bastille_network_loopback}" ]; then
if grep -qw "interface.*=.*${bastille_network_loopback}" "${bastille_jailsdir}/${_jail}/jail.conf"; then
pfctl -q -t jails -T delete "$(/usr/sbin/jls -j ${_jail} ip4.addr)"
fi
fi
## Capture ip4.addr address while still running
_ip="$(/usr/sbin/jls -j ${_jail} ip4.addr)"
# Check if pfctl is present
if which -s pfctl; then
@@ -73,6 +69,13 @@ for _jail in ${JAILS}; do
## stop container
info "[${_jail}]:"
jail -f "${bastille_jailsdir}/${_jail}/jail.conf" -r "${_jail}"
## remove (captured above) ip4.addr from firewall table:jails
if [ -n "${bastille_network_loopback}" -a ! -z "${_ip}" ]; then
if grep -qw "interface.*=.*${bastille_network_loopback}" "${bastille_jailsdir}/${_jail}/jail.conf"; then
pfctl -q -t jails -T delete "${_ip}"
fi
fi
fi
echo
done