From 3f4816fd8a3576aa464929c28affadd1bda68b5c Mon Sep 17 00:00:00 2001 From: tschettervictor Date: Sat, 13 Dec 2025 15:33:11 -0700 Subject: [PATCH] create: fix IP$_ADDR IP6_ADDR --- usr/local/share/bastille/create.sh | 61 +++++++++++++++--------------- 1 file changed, 31 insertions(+), 30 deletions(-) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 917ee1c5..afbdf758 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -225,13 +225,19 @@ validate_ip() { error_exit "[ERROR]: Unsupported IP option for standard jail: (${ip})." fi else - if [ "${ipx_addr}" = "ip4.addr" ]; then - IP4_ADDR="${ip}" - IP4_DEFINITION="${ipx_addr} = ${bastille_jail_conf_interface}|${ip};" - elif [ "${ipx_addr}" = "ip6.addr" ]; then - IP6_ADDR="${ip}" - IP6_DEFINITION="${ipx_addr} = ${bastille_jail_conf_interface}|${ip};" - IP6_MODE="new" + if [ "${VNET_JAIL}" -eq 1 ]; then + if [ "${ipx_addr}" = "ip4.addr" ]; then + IP4_ADDR="${ip4}" + elif [ "${ipx_addr}" = "ip6.addr" ]; then + IP6_ADDR="${ip6}" + fi + else + if [ "${ipx_addr}" = "ip4.addr" ]; then + IP4_DEFINITION="${ipx_addr} = ${bastille_jail_conf_interface}|${ip};" + elif [ "${ipx_addr}" = "ip6.addr" ]; then + IP6_DEFINITION="${ipx_addr} = ${bastille_jail_conf_interface}|${ip};" + IP6_MODE="new" + fi fi fi } @@ -692,33 +698,33 @@ create_jail() { ifconfig_inet="" ifconfig_inet6="" - # Check for DHCP - if echo "${IP}" | grep -qE '(0[.]0[.]0[.]0|DHCP|SYNCDHCP)'; then - ifconfig_inet="SYNCDHCP" - else - # Set Gateway - if [ -n "${OPT_GATEWAY}" ]; then - gateway="${OPT_GATEWAY}" - elif [ -n "${bastille_network_gateway}" ]; then - gateway="${bastille_network_gateway}" + # Enable IPv4 if set + if [ -n "${IP4_ADDR}" ]; then + if echo "${IP4_ADDR}" | grep -qE '(0[.]0[.]0[.]0|DHCP|SYNCDHCP)'; then + ifconfig_inet="SYNCDHCP" else - gateway="$(netstat -4rn | awk '/default/ {print $2}')" + # Set IP and Gateway + ifconfig_inet="inet ${IP4_ADDR}" + if [ -n "${OPT_GATEWAY}" ]; then + gateway="${OPT_GATEWAY}" + elif [ -n "${bastille_network_gateway}" ]; then + gateway="${bastille_network_gateway}" + else + gateway="$(netstat -4rn | awk '/default/ {print $2}')" + fi + fi fi - # Add IPv4 address (this is empty if DHCP is used) - if [ -n "${IP4_ADDR}" ]; then - ifconfig_inet="inet ${IP4_ADDR}" - fi - - # Enable IPv6 if used + # Enable IPv6 if set if [ -n "${IP6_ADDR}" ]; then ifconfig_inet6="inet6 -ifdisabled" - if echo "${IP}" | grep -qE 'SLAAC'; then + if echo "${IP6_ADDR}" | grep -qE 'SLAAC'; then # Enable SLAAC if requested ifconfig_inet6="${ifconfig_inet6} accept_rtadv" else - # Set Gateway + # Set IP and Gateway + ifconfig_inet6="${ifconfig_inet6} ${IP6_ADDR}" if [ -n "${bastille_network_gateway6}" ]; then gateway6="${bastille_network_gateway6}" else @@ -727,11 +733,6 @@ create_jail() { fi fi - # Add IPv6 address (this is empty if SLAAC is used) - if [ -n "${IP6_ADDR}" ]; then - ifconfig_inet6="${ifconfig_inet6} ${IP6_ADDR}" - fi - # We need to pass IP4 and IP6 separately ifconfig="${ifconfig_inet}" ifconfig6="${ifconfig_inet6}"