Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2025-12-24 11:12:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

allow specifying IP to redirect traffic to

Browse Source 
This is for the folks who have multiple IP addresses on a single interface.
This commit is contained in:
tschettervictor
2024-12-10 18:45:06 -07:00
committed by GitHub
parent eb65800a0c
commit 622d84b6be
1 changed files with 21 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
usr/local/share/bastille/rdr.sh
View File

@@ -99,8 +99,8 @@ check_jail_validity() {
# function: write rule to rdr.conf
persist_rdr_rule() {
if ! grep -qs "$IF_NAME $1 $2 $3" "${bastille_jailsdir}/${JAIL_NAME}/rdr.conf"; then
echo "$IF_NAME $1 $2 $3" >> "${bastille_jailsdir}/${JAIL_NAME}/rdr.conf"
if ! grep -qs "$IF_NAME $RDR_DST $1 $2 $3" "${bastille_jailsdir}/${JAIL_NAME}/rdr.conf"; then
echo "$IF_NAME $RDR_DST $1 $2 $3" >> "${bastille_jailsdir}/${JAIL_NAME}/rdr.conf"
fi
}
@@ -108,25 +108,28 @@ persist_rdr_log_rule() {
proto=$1;host_port=$2;jail_port=$3;
shift 3;
log=$@;
if ! grep -qs "$IF_NAME $proto $host_port $jail_port $log" "${bastille_jailsdir}/${JAIL_NAME}/rdr.conf"; then
echo "$IF_NAME $proto $host_port $jail_port $log" >> "${bastille_jailsdir}/${JAIL_NAME}/rdr.conf"
if ! grep -qs "$IF_NAME $RDR_DST $proto $host_port $jail_port $log" "${bastille_jailsdir}/${JAIL_NAME}/rdr.conf"; then
echo "$IF_NAME $RDR_DST $proto $host_port $jail_port $log" >> "${bastille_jailsdir}/${JAIL_NAME}/rdr.conf"
fi
}
# function: load rdr rule via pfctl
load_rdr_rule() {
( pfctl -a "rdr/${JAIL_NAME}" -Psn;
printf '%s\nrdr pass on $%s inet proto %s to port %s -> %s port %s\n' "$EXT_IF" "${bastille_network_pf_ext_if}" "$1" "$2" "$JAIL_IP" "$3" ) \
printf '%s\nrdr pass on $%s inet proto %s from any to %s port %s -> %s port %s\n' "$EXT_IF" "${bastille_network_pf_ext_if}" "$1" "$RDR_DST" "$2" "$JAIL_IP" "$3" ) \
| pfctl -a "rdr/${JAIL_NAME}" -f-
if [ -n "$JAIL_IP6" ]; then
( pfctl -a "rdr/${JAIL_NAME}" -Psn;
printf '%s\nrdr pass on $%s inet proto %s to port %s -> %s port %s\n' "$EXT_IF" "${bastille_network_pf_ext_if}" "$1" "$2" "$JAIL_IP6" "$3" ) \
printf '%s\nrdr pass on $%s inet proto %s from any to %s port %s -> %s port %s\n' "$EXT_IF" "${bastille_network_pf_ext_if}" "$1" "$RDR_DST" "$2" "$JAIL_IP6" "$3" ) \
| pfctl -a "rdr/${JAIL_NAME}" -f-
fi
local interface="$( echo $EXT_IF | awk -F'"' '{print $2}')"
info "[${JAIL_NAME}]:"
info "Redirecting: ${1} port ${2} to ${3} on ${interface}"
if [ "${RDR_DST}" != "any" ]; then
info "Redirecting: ${1} port ${2} to ${3} on ${interface}:${RDR_DST}"
else
info "Redirecting: ${1} port ${2} to ${3} on ${interface}"
fi
}
# function: load rdr rule with log via pfctl
@@ -149,11 +152,19 @@ info "Redirecting: ${1} port ${2} to ${3} on ${interface}"
while [ $# -gt 0 ]; do
# Check if interface was specified, and use it instead of default
# Set default RDR rule to "any to any"
RDR_DST="any"
if ifconfig | grep -wo "${1}"; then
IF_NAME="${1}"
EXT_IF=ext_if=\"${1}\"
IF_NAME="${1}"
EXT_IF=ext_if=\"${1}\"
shift
# Check if IP was specified for given interface
if ifconfig | grep -o "inet ${1}"; then
RDR_DST="${1}"
shift
fi
fi
case "$1" in
list)
if [ "${TARGET}" = 'ALL' ]; then