Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2025-12-22 18:21:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

only persist rdr rule if it can be properly loaded, else exit

Browse Source
This commit is contained in:
tschettervictor
2024-12-12 16:55:56 -07:00
committed by GitHub
parent 449a0ae8e1
commit 606d8da0de
1 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
usr/local/share/bastille/rdr.sh
View File

@@ -162,7 +162,7 @@ load_rdr_rule() {
if ! ( pfctl -a "rdr/${JAIL_NAME}" -Psn 2>/dev/null; if ! ( pfctl -a "rdr/${JAIL_NAME}" -Psn 2>/dev/null;
printf '%s\nrdr pass on $%s inet proto %s from %s to %s port %s -> %s port %s\n' "$if" "${bastille_network_pf_ext_if}" "$proto" "$src" "$dst" "$host_port" "$JAIL_IP" "$jail_port" ) \ printf '%s\nrdr pass on $%s inet proto %s from %s to %s port %s -> %s port %s\n' "$if" "${bastille_network_pf_ext_if}" "$proto" "$src" "$dst" "$host_port" "$JAIL_IP" "$jail_port" ) \
| pfctl -a "rdr/${JAIL_NAME}" -f-; then | pfctl -a "rdr/${JAIL_NAME}" -f-; then
error_notify "Failed to create IPv4 rdr rule \"${1} ${src} ${dst} ${proto} ${host_port} ${jail_port}\"" error_exit "Failed to create IPv4 rdr rule \"${1} ${src} ${dst} ${proto} ${host_port} ${jail_port}\""
else else
info "[${JAIL_NAME}]:" info "[${JAIL_NAME}]:"
info "Redirecting IPv4:" info "Redirecting IPv4:"
@@ -173,7 +173,7 @@ if [ -n "$JAIL_IP6" ]; then
if ! ( pfctl -a "rdr/${JAIL_NAME}" -Psn; if ! ( pfctl -a "rdr/${JAIL_NAME}" -Psn;
printf '%s\nrdr pass on $%s inet proto %s to port %s -> %s port %s\n' "$if" "${bastille_network_pf_ext_if}" "$proto" "$src" "$dst" "$host_port" "$JAIL_IP6" "$jail_port" ) \ printf '%s\nrdr pass on $%s inet proto %s to port %s -> %s port %s\n' "$if" "${bastille_network_pf_ext_if}" "$proto" "$src" "$dst" "$host_port" "$JAIL_IP6" "$jail_port" ) \
| pfctl -a "rdr/${JAIL_NAME}" -f-; then | pfctl -a "rdr/${JAIL_NAME}" -f-; then
error_notify "Failed to create IPv6 rdr rule \"${1} ${src} ${dst} ${proto} ${host_port} ${jail_port}\"" error_exit "Failed to create IPv6 rdr rule \"${1} ${src} ${dst} ${proto} ${host_port} ${jail_port}\""
else else
info "[${JAIL_NAME}]:" info "[${JAIL_NAME}]:"
info "Redirecting IPv6:" info "Redirecting IPv6:"
@@ -197,7 +197,7 @@ log=$@
if ! ( pfctl -a "rdr/${JAIL_NAME}" -Psn; if ! ( pfctl -a "rdr/${JAIL_NAME}" -Psn;
printf '%s\nrdr pass %s on $%s inet proto %s from %s to %s port %s -> %s port %s\n' "$if" "$log" "${bastille_network_pf_ext_if}" "$proto" "$src" "$dst" "$host_port" "$JAIL_IP" "$jail_port" ) \ printf '%s\nrdr pass %s on $%s inet proto %s from %s to %s port %s -> %s port %s\n' "$if" "$log" "${bastille_network_pf_ext_if}" "$proto" "$src" "$dst" "$host_port" "$JAIL_IP" "$jail_port" ) \
| pfctl -a "rdr/${JAIL_NAME}" -f-; then | pfctl -a "rdr/${JAIL_NAME}" -f-; then
error_notify "Failed to create logged IPv4 rdr rule \"${if_name} ${src} ${dst} ${proto} ${host_port} ${jail_port}\"" error_exit "Failed to create logged IPv4 rdr rule \"${if_name} ${src} ${dst} ${proto} ${host_port} ${jail_port}\""
else else
info "[${JAIL_NAME}]:" info "[${JAIL_NAME}]:"
info "Redirecting logged IPv4:" info "Redirecting logged IPv4:"
@@ -208,7 +208,7 @@ if [ -n "$JAIL_IP6" ]; then
if ! ( pfctl -a "rdr/${JAIL_NAME}" -Psn; if ! ( pfctl -a "rdr/${JAIL_NAME}" -Psn;
printf '%s\nrdr pass %s on $%s inet proto %s from %s to %s port %s -> %s port %s\n' "$if" "$log" "${bastille_network_pf_ext_if}" "$proto" "$src" "$dst" "$host_port" "$JAIL_IP6" "$jail_port" ) \ printf '%s\nrdr pass %s on $%s inet proto %s from %s to %s port %s -> %s port %s\n' "$if" "$log" "${bastille_network_pf_ext_if}" "$proto" "$src" "$dst" "$host_port" "$JAIL_IP6" "$jail_port" ) \
| pfctl -a "rdr/${JAIL_NAME}" -f-; then | pfctl -a "rdr/${JAIL_NAME}" -f-; then
error_notify "Failed to create logged IPv6 rdr rule \"${if_name} ${src} ${dst} ${proto} ${host_port} ${jail_port}\"" error_exit "Failed to create logged IPv6 rdr rule \"${if_name} ${src} ${dst} ${proto} ${host_port} ${jail_port}\""
else else
info "[${JAIL_NAME}]:" info "[${JAIL_NAME}]:"
info "Redirecting logged IPv6:" info "Redirecting logged IPv6:"
@@ -282,8 +282,8 @@ while [ $# -gt 0 ]; do
usage usage
elif [ $# -eq 3 ]; then elif [ $# -eq 3 ]; then
check_jail_validity check_jail_validity
persist_rdr_rule $RDR_IF $RDR_SRC $RDR_DST $1 $2 $3
load_rdr_rule $RDR_IF $RDR_SRC $RDR_DST $1 $2 $3 load_rdr_rule $RDR_IF $RDR_SRC $RDR_DST $1 $2 $3
persist_rdr_rule $RDR_IF $RDR_SRC $RDR_DST $1 $2 $3
shift "$#" shift "$#"
else else
case "$4" in case "$4" in
@@ -298,16 +298,16 @@ while [ $# -gt 0 ]; do
done done
if [ $2 == "(" ] && [ $last == ")" ] ; then if [ $2 == "(" ] && [ $last == ")" ] ; then
check_jail_validity check_jail_validity
persist_rdr_log_rule $RDR_IF $RDR_SRC $RDR_DST $proto $host_port $jail_port "$@"
load_rdr_log_rule $RDR_IF $RDR_SRC $RDR_DST $proto $host_port $jail_port "$@" load_rdr_log_rule $RDR_IF $RDR_SRC $RDR_DST $proto $host_port $jail_port "$@"
persist_rdr_log_rule $RDR_IF $RDR_SRC $RDR_DST $proto $host_port $jail_port "$@"
shift $# shift $#
else else
usage usage
fi fi
elif [ $# -eq 1 ]; then elif [ $# -eq 1 ]; then
check_jail_validity check_jail_validity
persist_rdr_log_rule $RDR_IF $RDR_SRC $RDR_DST $proto $host_port $jail_port "$@"
load_rdr_log_rule $RDR_IF $RDR_SRC $RDR_DST $proto $host_port $jail_port "$@" load_rdr_log_rule $RDR_IF $RDR_SRC $RDR_DST $proto $host_port $jail_port "$@"
persist_rdr_log_rule $RDR_IF $RDR_SRC $RDR_DST $proto $host_port $jail_port "$@"
shift 1 shift 1
else else
usage usage
@@ -322,13 +322,13 @@ while [ $# -gt 0 ]; do
*) *)
if [ $# -eq 6 ]; then if [ $# -eq 6 ]; then
check_jail_validity check_jail_validity
persist_rdr_rule "$@"
load_rdr_rule "$@" load_rdr_rule "$@"
persist_rdr_rule "$@"
shift $# shift $#
elif [ $# -ge 7 ] && [ "${7}" = "log" ]; then elif [ $# -ge 7 ] && [ "${7}" = "log" ]; then
check_jail_validity check_jail_validity
persist_rdr_log_rule "$@"
load_rdr_log_rule "$@" load_rdr_log_rule "$@"
persist_rdr_log_rule "$@"
shift $# shift $#
else else
usage usage