Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2025-12-21 17:52:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1124 from BastilleBSD/ip6_fix

Browse Source
This commit is contained in:
tschettervictor
2025-06-04 14:18:08 -06:00
committed by GitHub
parent 45e3dcf1db 655416cce9
commit 2fd8a642f4
5 changed files with 254 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files

181
usr/local/share/bastille/clone.sh
View File

@@ -109,44 +109,66 @@ fi
validate_ip() {
local IP="${1}"
IP6_MODE="disable"
ip6=$(echo "${IP}" | grep -E '^(([a-fA-F0-9:]+$)|([a-fA-F0-9:]+\/[0-9]{1,3}$))')
if [ -n "${ip6}" ]; then
info "\nValid: (${ip6})."
IP6_MODE="new"
elif { [ "${IP}" = "0.0.0.0" ] || [ "${IP}" = "DHCP" ]; } && [ "$(bastille config ${TARGET} get vnet)" = "enabled" ]; then
info "\nValid: (${IP})."
local _ip="${1}"
local _ip6="$(echo ${_ip} | grep -E '^(([a-fA-F0-9:]+$)|([a-fA-F0-9:]+\/[0-9]{1,3}$)|SLAAC)')"
if [ -n "${_ip6}" ]; then
if [ "${_ip6}" = "SLAAC" ] && [ "$(bastille config ${TARGET} get vnet)" != "enabled" ]; then
error_exit "[ERROR]: Unsupported IP option for standard jail: (${_ip6})."
fi
info "\nValid: (${_ip6})."
IP6_ADDR="${_ip6}"
elif [ "${_ip}" = "inherit" ] || [ "${_ip}" = "ip_hostname" ]; then
if [ "$(bastille config ${TARGET} get vnet)" = "enabled" ]; then
error_exit "[ERROR]: Unsupported IP option for VNET jail: (${_ip})."
else
info "\nValid: (${_ip})."
IP4_ADDR="${_ip}"
IP6_ADDR="${_ip}"
fi
elif [ "${_ip}" = "0.0.0.0" ] || [ "${_ip}" = "DHCP" ] || [ "${_ip}" = "SYNCDHCP" ]; then
if [ "$(bastille config ${TARGET} get vnet)" = "enabled" ]; then
info "\nValid: (${_ip})."
IP4_ADDR="${_ip}"
else
error_exit "[ERROR]: Unsupported IP option for standard jail: (${_ip})."
fi
else
local IFS
if echo "${IP}" | grep -Eq '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))?$'; then
TEST_IP=$(echo "${IP}" | cut -d / -f1)
if echo "${_ip}" | grep -Eq '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))?$'; then
TEST_IP=$(echo "${_ip}" | cut -d / -f1)
IFS=.
set ${TEST_IP}
for quad in 1 2 3 4; do
if eval [ \$$quad -gt 255 ]; then
error_exit "Invalid: (${TEST_IP})"
error_continue "Invalid: (${TEST_IP})"
fi
done
if ifconfig | grep -qwF "${TEST_IP}"; then
warn "\nWarning: IP address already in use (${TEST_IP})."
IP4_ADDR="${_ip}"
else
info "\nValid: (${IP})."
info "\nValid: (${_ip})."
IP4_ADDR="${_ip}"
fi
else
error_exit "Invalid: (${IP})."
error_continue "Invalid: (${_ip})."
fi
fi
}
validate_ips() {
IP4_ADDR=""
IP6_ADDR=""
for ip in ${IP}; do
validate_ip "${ip}"
done
}
update_jailconf() {
# Update jail.conf
@@ -181,9 +203,9 @@ update_jailconf() {
_ip="$(echo ${_ip} | awk -F"|" '{print $2}')"
fi
if [ "${_interface}" != "not set" ]; then
sed -i '' "s#.*ip4.addr = .*# ip4.addr = ${_interface}|${IP};#" "${JAIL_CONFIG}"
sed -i '' "s#.*ip4.addr = .*# ip4.addr = ${_interface}|${IP4_ADDR};#" "${JAIL_CONFIG}"
else
sed -i '' "\#ip4.addr = .*# s#${_ip}#${IP}#" "${JAIL_CONFIG}"
sed -i '' "\#ip4.addr = .*# s#${_ip}#${IP4_ADDR}#" "${JAIL_CONFIG}"
fi
sed -i '' "\#ip4.addr += .*# s#${_ip}#127.0.0.1#" "${JAIL_CONFIG}"
done
@@ -196,12 +218,11 @@ update_jailconf() {
_ip="$(echo ${_ip} | awk -F"|" '{print $2}')"
fi
if [ "${_interface}" != "not set" ]; then
sed -i '' "s#.*${_interface} = .*# ip6.addr = ${_interface}|${IP};/" "${JAIL_CONFIG}"
sed -i '' "s#.*${_interface} = .*# ip6.addr = ${_interface}|${IP6_ADDR};/" "${JAIL_CONFIG}"
else
sed -i '' "\#ip6.addr = .*# s#${_ip}#${IP}#" "${JAIL_CONFIG}"
sed -i '' "\#ip6.addr = .*# s#${_ip}#${IP6_ADDR}#" "${JAIL_CONFIG}"
fi
sed -i '' "\#ip6.addr += .*# s#${_ip}#127.0.0.1#" "${JAIL_CONFIG}"
sed -i '' "s#ip6 = .*#ip6 = ${IP6_MODE};#" "${JAIL_CONFIG}"
sed -i '' "\#ip6.addr += .*# s#${_ip}#::1#" "${JAIL_CONFIG}"
done
fi
fi
@@ -272,25 +293,24 @@ update_jailconf_vnet() {
sed -i '' "s|${_new_jail_epair} ether.*:.*:.*:.*:.*:.*b\";|${_new_jail_epair} ether ${macaddr}b\";|" "${_jail_conf}"
fi
# Replace epair description
sed -i '' "/${_new_host_epair}/ s|vnet host interface for Bastille jail ${TARGET}|vnet host interface for Bastille jail ${NEWNAME}|g" "${_jail_conf}"
# Update /etc/rc.conf
local _jail_vnet="$(grep ${_target_jail_epair} "${_rc_conf}" | grep -Eo -m 1 "vnet[0-9]+")"
local _jail_vnet_vlan="$(grep "vlans_${_jail_vnet}" "${_rc_conf}" | sed 's/.*=//g')"
sed -i '' "s|${_target_jail_epair}_name|${_new_jail_epair}_name|" "${_rc_conf}"
# IP4
if [ -n "${IP4_ADDR}" ]; then
if grep "vnet0" "${_rc_conf}" | grep -q "${_new_jail_epair}_name"; then
if [ -n "${_jail_vnet_vlan}" ]; then
if [ "${IP}" = "0.0.0.0" ] || [ "${IP}" = "DHCP" ]; then
if [ "${IP4_ADDR}" = "0.0.0.0" ] || [ "${IP4_ADDR}" = "DHCP" ] || [ "${IP4_ADDR}" = "SYNCDHCP" ]; then
sysrc -f "${_rc_conf}" ifconfig_vnet0_${_jail_vnet_vlan}="SYNCDHCP"
else
sysrc -f "${_rc_conf}" ifconfig_vnet0_${_jail_vnet_vlan}="inet ${IP}"
sysrc -f "${_rc_conf}" ifconfig_vnet0_${_jail_vnet_vlan}="inet ${IP4_ADDR}"
fi
else
if [ "${IP}" = "0.0.0.0" ] || [ "${IP}" = "DHCP" ]; then
if [ "${IP4_ADDR}" = "0.0.0.0" ] || [ "${IP4_ADDR}" = "DHCP" ] || [ "${IP4_ADDR}" = "SYNCDHCP" ]; then
sysrc -f "${_rc_conf}" ifconfig_vnet0="SYNCDHCP"
else
sysrc -f "${_rc_conf}" ifconfig_vnet0="inet ${IP}"
sysrc -f "${_rc_conf}" ifconfig_vnet0="inet ${IP4_ADDR}"
fi
fi
else
@@ -300,6 +320,25 @@ update_jailconf_vnet() {
sysrc -f "${_rc_conf}" ifconfig_${_jail_vnet}="SYNCDHCP"
fi
fi
fi
# IP6
if [ -n "${IP6_ADDR}" ]; then
if grep "vnet0" "${_rc_conf}" | grep -q "${_new_jail_epair}_name"; then
if [ "${IP6_ADDR}" = "SLAAC" ]; then
sysrc -f "${_rc_conf}" ifconfig_vnet0_ipv6="inet6 -ifdisabled accept_rtadv"
else
sysrc -f "${_rc_conf}" ifconfig_vnet0_ipv6="inet6 -ifdisabled ${IP6_ADDR}"
fi
else
if [ "${IP6_ADDR}" = "SLAAC" ]; then
sysrc -f "${_rc_conf}" ifconfig_${_jail_vnet}_ipv6="inet6 -ifdisabled accept_rtadv"
fi
fi
fi
# Replace epair description
sed -i '' "/${_new_host_epair}/ s|${_jail_vnet} host interface for Bastille jail ${TARGET}|${_jail_vnet} host interface for Bastille jail ${NEWNAME}|g" "${_jail_conf}"
break
fi
done
@@ -329,18 +368,20 @@ update_jailconf_vnet() {
# Update /etc/rc.conf
sed -i '' "s|ifconfig_e0b_${_if}_name|ifconfig_e0b_${_jail_if}_name|" "${_rc_conf}"
if grep "vnet0" "${_rc_conf}" | grep -q ${_jail_if}; then
# IP4
if [ -n "${IP4_ADDR}" ]; then
if grep "vnet0" "${_rc_conf}" | grep -q "${_new_jail_epair}_name"; then
if [ -n "${_jail_vnet_vlan}" ]; then
if [ "${IP}" = "0.0.0.0" ] || [ "${IP}" = "DHCP" ]; then
if [ "${IP4_ADDR}" = "0.0.0.0" ] || [ "${IP4_ADDR}" = "DHCP" ] || [ "${IP4_ADDR}" = "SYNCDHCP" ]; then
sysrc -f "${_rc_conf}" ifconfig_vnet0_${_jail_vnet_vlan}="SYNCDHCP"
else
sysrc -f "${_rc_conf}" ifconfig_vnet0_${_jail_vnet_vlan}="inet ${IP}"
sysrc -f "${_rc_conf}" ifconfig_vnet0_${_jail_vnet_vlan}="inet ${IP4_ADDR}"
fi
else
if [ "${IP}" = "0.0.0.0" ] || [ "${IP}" = "DHCP" ]; then
if [ "${IP4_ADDR}" = "0.0.0.0" ] || [ "${IP4_ADDR}" = "DHCP" ] || [ "${IP4_ADDR}" = "SYNCDHCP" ]; then
sysrc -f "${_rc_conf}" ifconfig_vnet0="SYNCDHCP"
else
sysrc -f "${_rc_conf}" ifconfig_vnet0="inet ${IP}"
sysrc -f "${_rc_conf}" ifconfig_vnet0="inet ${IP4_ADDR}"
fi
fi
else
@@ -350,6 +391,22 @@ update_jailconf_vnet() {
sysrc -f "${_rc_conf}" ifconfig_${_jail_vnet}="SYNCDHCP"
fi
fi
fi
# IP6
if [ -n "${IP6_ADDR}" ]; then
if grep "vnet0" "${_rc_conf}" | grep -q "${_new_jail_epair}_name"; then
if [ "${IP6_ADDR}" = "SLAAC" ]; then
sysrc -f "${_rc_conf}" ifconfig_vnet0_ipv6="inet6 -ifdisabled accept_rtadv"
else
sysrc -f "${_rc_conf}" ifconfig_vnet0_ipv6="inet6 -ifdisabled ${IP6_ADDR}"
fi
else
sysrc -f "${_rc_conf}" ifconfig_${_jail_vnet}_ipv6="inet6 -ifdisabled accept_rtadv"
fi
fi
# Replace epair description
sed -i '' "/${_jail_if}/ s|${_jail_vnet} host interface for Bastille jail ${TARGET}|${_jail_vnet} host interface for Bastille jail ${NEWNAME}|g" "${_jail_conf}"
break
fi
done
@@ -375,18 +432,20 @@ update_jailconf_vnet() {
# Update /etc/rc.conf
sed -i '' "s|ifconfig_ng0_${_if}_name|ifconfig_ng0_${_jail_if}_name|" "${_rc_conf}"
if grep "vnet0" "${_rc_conf}" | grep -q ${_jail_if}; then
# IP4
if [ -n "${IP4_ADDR}" ]; then
if grep "vnet0" "${_rc_conf}" | grep -q "${_new_jail_epair}_name"; then
if [ -n "${_jail_vnet_vlan}" ]; then
if [ "${IP}" = "0.0.0.0" ] || [ "${IP}" = "DHCP" ]; then
if [ "${IP4_ADDR}" = "0.0.0.0" ] || [ "${IP4_ADDR}" = "DHCP" ] || [ "${IP4_ADDR}" = "SYNCDHCP" ]; then
sysrc -f "${_rc_conf}" ifconfig_vnet0_${_jail_vnet_vlan}="SYNCDHCP"
else
sysrc -f "${_rc_conf}" ifconfig_vnet0_${_jail_vnet_vlan}="inet ${IP}"
sysrc -f "${_rc_conf}" ifconfig_vnet0_${_jail_vnet_vlan}="inet ${IP4_ADDR}"
fi
else
if [ "${IP}" = "0.0.0.0" ] || [ "${IP}" = "DHCP" ]; then
if [ "${IP4_ADDR}" = "0.0.0.0" ] || [ "${IP4_ADDR}" = "DHCP" ] || [ "${IP4_ADDR}" = "SYNCDHCP" ]; then
sysrc -f "${_rc_conf}" ifconfig_vnet0="SYNCDHCP"
else
sysrc -f "${_rc_conf}" ifconfig_vnet0="inet ${IP}"
sysrc -f "${_rc_conf}" ifconfig_vnet0="inet ${IP4_ADDR}"
fi
fi
else
@@ -396,6 +455,19 @@ update_jailconf_vnet() {
sysrc -f "${_rc_conf}" ifconfig_${_jail_vnet}="SYNCDHCP"
fi
fi
fi
# IP6
if [ -n "${IP6_ADDR}" ]; then
if grep "vnet0" "${_rc_conf}" | grep -q "${_new_jail_epair}_name"; then
if [ "${IP6_ADDR}" = "SLAAC" ]; then
sysrc -f "${_rc_conf}" ifconfig_vnet0_ipv6="inet6 -ifdisabled accept_rtadv"
else
sysrc -f "${_rc_conf}" ifconfig_vnet0_ipv6="inet6 -ifdisabled ${IP6_ADDR}"
fi
else
sysrc -f "${_rc_conf}" ifconfig_${_jail_vnet}_ipv6="inet6 -ifdisabled accept_rtadv"
fi
fi
break
fi
done
@@ -425,11 +497,36 @@ clone_jail() {
fi
if [ -n "${IP}" ]; then
validate_ip "${IP}"
validate_ips
else
usage
fi
# Validate proper IP settings
if [ "$(bastille config ${TARGET} get vnet)" != "not set" ]; then
# VNET
if grep -Eoq "ifconfig_vnet0=" "${bastille_jailsdir}/${TARGET}/root/etc/rc.conf"; then
if [ -z "${IP4_ADDR}" ]; then
error_exit "[ERROR]: IPv4 not set. Retry with a proper IPv4 address."
fi
fi
if grep -Eoq "ifconfig_vnet0_ipv6=" "${bastille_jailsdir}/${TARGET}/root/etc/rc.conf"; then
if [ -z "${IP6_ADDR}" ]; then
error_exit "[ERROR]: IPv6 not set. Retry with a proper IPv6 address."
fi
fi
else
if [ "$(bastille config ${TARGET} get ip4.addr)" != "not set" ]; then
if [ -z "${IP4_ADDR}" ]; then
error_exit "[ERROR]: IPv4 not set. Retry with a proper IPv4 address."
fi
elif [ "$(bastille config ${TARGET} get ip6.addr)" != "not set" ]; then
if [ -z "${IP6_ADDR}" ]; then
error_exit "[ERROR]: IPv6 not set. Retry with a proper IPv6 address."
fi
fi
fi
if [ -n "${bastille_zfs_zpool}" ]; then
# Replicate the existing container
DATE=$(date +%F-%H%M%S)

55
usr/local/share/bastille/create.sh
View File

@@ -66,6 +66,7 @@ validate_name() {
local NAME_VERIFY=${NAME}
local NAME_SANITY="$(echo "${NAME_VERIFY}" | tr -c -d 'a-zA-Z0-9-_')"
# Make sure NAME has only allowed characters
if [ -n "$(echo "${NAME_SANITY}" | awk "/^[-_].*$/" )" ]; then
error_exit "[ERROR]: Jail names may not begin with (-|_) characters!"
elif [ "${NAME_VERIFY}" != "${NAME_SANITY}" ]; then
@@ -77,20 +78,26 @@ validate_name() {
validate_ip() {
_ip="${1}"
_ip6=$(echo "${_ip}" | grep -E '^(([a-fA-F0-9:]+$)|([a-fA-F0-9:]+\/[0-9]{1,3}$)|SLAAC)')
local _ip="${1}"
local _ip6="$(echo ${_ip} | grep -E '^(([a-fA-F0-9:]+$)|([a-fA-F0-9:]+\/[0-9]{1,3}$)|SLAAC)')"
if [ -n "${_ip6}" ]; then
info "\nValid: (${_ip6})."
ipx_addr="ip6.addr"
# This is only used in this function to set IPX_DEFINITION
local ipx_addr="ip6.addr"
else
if [ "${_ip}" = "inherit" ] || [ "${_ip}" = "ip_hostname" ]; then
if [ -n "${VNET_JAIL}" ]; then
error_exit "[ERROR]: Unsupported IP option for standard jail: (${_ip})."
else
if [ "${_ip}" = "inherit" ] || [ "${_ip}" = "ip_hostname" ] || [ "${_ip}" = "DHCP" ] || [ "${_ip}" = "SYNCDHCP" ]; then
info "\nValid: (${_ip})."
fi
elif [ "${_ip}" = "DHCP" ] || [ "${_ip}" = "SYNCDHCP" ] || [ "${_ip}" = "0.0.0.0" ]; then
if [ -z "${VNET_JAIL}" ]; then
error_exit "[ERROR]: Unsupported IP option for VNET jail: (${_ip})."
else
info "\nValid: (${_ip})."
fi
else
local IFS
if echo "${_ip}" | grep -Eq '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))?$'; then
@@ -151,7 +158,17 @@ validate_ip() {
IP6_DEFINITION=""
IP6_MODE="disable"
fi
elif echo "${_ip}" | grep -qvE '(SLAAC|DHCP|0[.]0[.]0[.]0)'; then
elif [ "${_ip}" = "DHCP" ] || [ "${_ip}" = "SLAAC" ] || [ "${_ip}" = "0.0.0.0" ]; then
if [ -n "${VNET_JAIL}" ]; then
if [ "${ipx_addr}" = "ip4.addr" ]; then
IP4_ADDR="${_ip}"
elif [ "${ipx_addr}" = "ip6.addr" ]; then
IP6_ADDR="${_ip}"
fi
else
error_exit "[ERROR]: Unsupported IP option for standard jail: (${_ip})."
fi
else
if [ "${ipx_addr}" = "ip4.addr" ]; then
IP4_ADDR="${_ip}"
IP4_DEFINITION="${ipx_addr} = ${bastille_jail_conf_interface}|${_ip};"
@@ -621,15 +638,16 @@ create_jail() {
if [ -n "${VNET_JAIL}" ]; then
if [ -n "${bastille_template_vnet}" ]; then
## rename interface to generic vnet0
uniq_epair=$(grep vnet.interface "${bastille_jailsdir}/${NAME}/jail.conf" | awk '{print $3}' | sed 's/;//; s/-/_/g')
_gateway=''
_gateway6=''
_ifconfig_inet=''
_ifconfig_inet6=''
if echo "${IP}" | grep -qE '(0[.]0[.]0[.]0|DHCP)'; then
# Determine default gateway option
if echo "${IP}" | grep -qE '(0[.]0[.]0[.]0|DHCP|SYNCDHCP)'; then
# Enable DHCP if requested
_ifconfig_inet=SYNCDHCP
else
@@ -642,12 +660,14 @@ create_jail() {
_gateway="$(netstat -4rn | awk '/default/ {print $2}')"
fi
fi
# Add IPv4 address (this is empty if DHCP is used)
if [ -n "${IP4_ADDR}" ]; then
_ifconfig_inet="${_ifconfig_inet} inet ${IP4_ADDR}"
fi
# Enable IPv6 if used
if [ "${IP6_MODE}" != "disable" ]; then
if [ -n "${IP6_ADDR}" ]; then
_ifconfig_inet6='inet6 -ifdisabled'
if echo "${IP}" | grep -qE 'SLAAC'; then
# Enable SLAAC if requested
@@ -661,13 +681,16 @@ create_jail() {
fi
fi
fi
# Add IPv6 address (this is empty if SLAAC is used)
if [ -n "${IP6_ADDR}" ]; then
_ifconfig_inet6="${_ifconfig_inet6} ${IP6_ADDR}"
fi
# Join together IPv4 and IPv6 parts of ifconfig
_ifconfig="${_ifconfig_inet} ${_ifconfig_inet6}"
bastille template "${NAME}" ${bastille_template_vnet} --arg EPAIR="${uniq_epair}" --arg GATEWAY="${_gateway}" --arg GATEWAY6="${_gateway6}" --arg IFCONFIG="${_ifconfig}"
# We need to pass IP4 and IP6 separately
_ifconfig="${_ifconfig_inet}"
_ifconfig6="${_ifconfig_inet6}"
bastille template "${NAME}" ${bastille_template_vnet} --arg EPAIR="${uniq_epair}" --arg GATEWAY="${_gateway}" --arg GATEWAY6="${_gateway6}" --arg IFCONFIG="${_ifconfig}" --arg IFCONFIG6="${_ifconfig6}"
# Add VLAN ID if it was given
if [ -n "${VLAN_ID}" ]; then

53
usr/local/share/bastille/network.sh
View File

@@ -177,15 +177,15 @@ fi
validate_ip() {
IP6_ENABLE=0
local ip="${1}"
local ip6="$( echo "${ip}" 2>/dev/null | grep -E '^(([a-fA-F0-9:]+$)|([a-fA-F0-9:]+\/[0-9]{1,3}$)|SLAAC)' )"
if [ -n "${ip6}" ]; then
info "\nValid: (${ip6})."
IP6_ENABLE=1
elif [ "${ip}" = "0.0.0.0" ] || [ "${ip}" = "DHCP" ]; then
IP6_ADDR="${ip6}"
elif [ "${ip}" = "0.0.0.0" ] || [ "${ip}" = "DHCP" ] || [ "${ip}" = "SYNCDHCP" ]; then
info "\nValid: (${ip})."
IP4_ADDR="${ip}"
else
local IFS
if echo "${ip}" 2>/dev/null | grep -Eq '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))?$'; then
@@ -198,6 +198,7 @@ validate_ip() {
fi
done
info "\nValid: (${ip})."
IP4_ADDR="${ip}"
else
error_exit "Invalid: (${ip})."
fi
@@ -303,12 +304,18 @@ EOF
# Add config to /etc/rc.conf
sysrc -f "${_jail_rc_config}" ifconfig_${jail_epair}_name="${_if_vnet}"
if [ -n "${_ip}" ]; then
if [ -n "${IP6_ADDR}" ]; then
if [ "${IP6_ADDR}" = "SLAAC" ]; then
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}_ipv6="inet6 -ifdisabled accept_rtadv"
else
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}_ipv6="inet6 -ifdisabled ${IP6_ADDR}"
fi
elif [ -n "${IP4_ADDR}" ]; then
# If 0.0.0.0 set DHCP, else set static IP address
if [ "${_ip}" = "0.0.0.0" ] || [ "${_ip}" = "DHCP" ]; then
if [ "${_ip}" = "0.0.0.0" ] || [ "${_ip}" = "DHCP" ] || [ "${_ip}" = "SYNCDHCP" ]; then
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}="SYNCDHCP"
else
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}="inet ${_ip}"
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}="inet ${IP4_ADDR}"
fi
fi
@@ -350,16 +357,22 @@ EOF
fi
# Add config to /etc/rc.conf
sysrc -f "${_jail_rc_config}" ifconfig_e0b_${_jail_if}_name="${_if_vnet}"
if [ -n "${_ip}" ]; then
if [ -n "${IP6_ADDR}" ]; then
if [ "${IP6_ADDR}" = "SLAAC" ]; then
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}_ipv6="inet6 -ifdisabled accept_rtadv"
else
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}_ipv6="inet6 -ifdisabled ${IP6_ADDR}"
fi
elif [ -n "${IP4_ADDR}" ]; then
# If 0.0.0.0 set DHCP, else set static IP address
if [ "${_ip}" = "0.0.0.0" ] || [ "${_ip}" = "DHCP" ]; then
if [ "${_ip}" = "0.0.0.0" ] || [ "${_ip}" = "DHCP" ] || [ "${_ip}" = "SYNCDHCP" ]; then
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}="SYNCDHCP"
else
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}="inet ${_ip}"
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}="inet ${IP4_ADDR}"
fi
fi
echo "Added VNET interface: \"${_if}\""
elif [ "${bastille_network_vnet_type}" = "netgraph" ]; then
for _num in $(seq 0 "${_bastille_if_num_range}"); do
if ! echo "${_bastille_if_list}" | grep -oqswx "${_num}"; then
@@ -402,6 +415,7 @@ EOF
fi
echo "Added VNET interface: \"${_if}\""
fi
elif [ "${PASSTHROUGH}" -eq 1 ]; then
# Remove ending brace (it is added again with the netblock)
sed -i '' '/}/d' "${_jail_config}"
@@ -412,19 +426,24 @@ EOF
}
EOF
# Add config to /etc/rc.conf
if [ -n "${_ip}" ]; then
# If 0.0.0.0 set DHCP, else set static IP address
if [ "${_ip}" = "0.0.0.0" ] || [ "${_ip}" = "DHCP" ]; then
sysrc -f "${_jail_rc_config}" ifconfig_${_if}="SYNCDHCP"
if [ -n "${IP6_ADDR}" ]; then
if [ "${IP6_ADDR}" = "SLAAC" ]; then
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}_ipv6="inet6 -ifdisabled accept_rtadv"
else
sysrc -f "${_jail_rc_config}" ifconfig_${_if}="inet ${_ip}"
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}_ipv6="inet6 -ifdisabled ${IP6_ADDR}"
fi
elif [ -n "${IP4_ADDR}" ]; then
# If 0.0.0.0 set DHCP, else set static IP address
if [ "${_ip}" = "0.0.0.0" ] || [ "${_ip}" = "DHCP" ] || [ "${_ip}" = "SYNCDHCP" ]; then
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}="SYNCDHCP"
else
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}="inet ${IP4_ADDR}"
fi
fi
echo "Added Passthrough interface: \"${_if}\""
elif [ "${CLASSIC}" -eq 1 ]; then
if [ "${IP6_ENABLE}" -eq 1 ]; then
if [ -n "${IP6_ADDR}" ]; then
sed -i '' "s/interface = .*/&\n ip6.addr += ${_if}|${_ip};/" ${_jail_config}
else
sed -i '' "s/interface = .*/&\n ip4.addr += ${_if}|${_ip};/" ${_jail_config}

2
usr/local/share/bastille/rename.sh
View File

@@ -168,7 +168,7 @@ update_jailconf_vnet() {
sed -i '' "s|${_target_jail_epair} ether|${_new_jail_epair} ether|g" "${_jail_conf}"
# Replace epair description
sed -i '' "s|vnet host interface for Bastille jail ${TARGET}|vnet host interface for Bastille jail ${NEWNAME}|g" "${_jail_conf}"
sed -i '' "s|${_new_host_epair} host interface for Bastille jail ${TARGET}|${_new_host_epair} host interface for Bastille jail ${NEWNAME}|g" "${_jail_conf}"
# Replace epair name in /etc/rc.conf
sed -i '' "/ifconfig/ s|${_target_jail_epair}|${_new_jail_epair}|g" "${_rc_conf}"

5
usr/local/share/bastille/templates/default/vnet/Bastillefile
View File

@@ -2,9 +2,14 @@ ARG EPAIR
ARG GATEWAY
ARG GATEWAY6
ARG IFCONFIG="SYNCDHCP"
ARG IFCONFIG6
SYSRC ifconfig_${EPAIR}_name=vnet0
SYSRC ifconfig_vnet0="${IFCONFIG}"
# Apply IFCONFIG6 if set
CMD if [ -n "${IFCONFIG6}" ]; then /usr/sbin/sysrc ifconfig_vnet0_ipv6="${IFCONFIG6}"; fi
# GATEWAY will be empty for a DHCP config. -- cwells
CMD if [ -n "${GATEWAY}" ]; then /usr/sbin/sysrc defaultrouter="${GATEWAY}"; fi
CMD if [ -n "${GATEWAY6}" ]; then /usr/sbin/sysrc ipv6_defaultrouter="${GATEWAY6}"; fi