Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2025-12-19 08:40:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Permit outgoing connections during stop action

Browse Source
This commit is contained in:
Eric A. Borisch
2022-02-24 09:33:47 -06:00
committed by Eric A. Borisch
parent ff7de9167a
commit 24eb03c2e6
1 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
usr/local/share/bastille/stop.sh
View File

@@ -49,12 +49,8 @@ fi
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
## test if running ## test if running
if [ "$(/usr/sbin/jls name | awk "/^${_jail}$/")" ]; then if [ "$(/usr/sbin/jls name | awk "/^${_jail}$/")" ]; then
## remove ip4.addr from firewall table:jails ## Capture ip4.addr address while still running
if [ -n "${bastille_network_loopback}" ]; then _ip="$(/usr/sbin/jls -j ${_jail} ip4.addr)"
if grep -qw "interface.*=.*${bastille_network_loopback}" "${bastille_jailsdir}/${_jail}/jail.conf"; then
pfctl -q -t jails -T delete "$(/usr/sbin/jls -j ${_jail} ip4.addr)"
fi
fi
# Check if pfctl is present # Check if pfctl is present
if which -s pfctl; then if which -s pfctl; then
@@ -73,6 +69,13 @@ for _jail in ${JAILS}; do
## stop container ## stop container
info "[${_jail}]:" info "[${_jail}]:"
jail -f "${bastille_jailsdir}/${_jail}/jail.conf" -r "${_jail}" jail -f "${bastille_jailsdir}/${_jail}/jail.conf" -r "${_jail}"
## remove (captured above) ip4.addr from firewall table:jails
if [ -n "${bastille_network_loopback}" -a ! -z "${_ip}" ]; then
if grep -qw "interface.*=.*${bastille_network_loopback}" "${bastille_jailsdir}/${_jail}/jail.conf"; then
pfctl -q -t jails -T delete "${_ip}"
fi
fi
fi fi
echo echo
done done