From 622d84b6be69f6f505ca31ab708e262da425f30a Mon Sep 17 00:00:00 2001
From: tschettervictor <85497460+tschettervictor@users.noreply.github.com>
Date: Tue, 10 Dec 2024 18:45:06 -0700
Subject: [PATCH] allow specifying IP to redirect traffic to

This is for the folks who have multiple IP addresses on a single interface.
---
 usr/local/share/bastille/rdr.sh | 31 +++++++++++++++++++++----------
 1 file changed, 21 insertions(+), 10 deletions(-)

diff --git a/usr/local/share/bastille/rdr.sh b/usr/local/share/bastille/rdr.sh
index 24733628..666d0666 100644
--- a/usr/local/share/bastille/rdr.sh
+++ b/usr/local/share/bastille/rdr.sh
@@ -99,8 +99,8 @@ check_jail_validity() {
 
 # function: write rule to rdr.conf
 persist_rdr_rule() {
-if ! grep -qs "$IF_NAME $1 $2 $3" "${bastille_jailsdir}/${JAIL_NAME}/rdr.conf"; then
-    echo "$IF_NAME $1 $2 $3" >> "${bastille_jailsdir}/${JAIL_NAME}/rdr.conf"
+if ! grep -qs "$IF_NAME $RDR_DST $1 $2 $3" "${bastille_jailsdir}/${JAIL_NAME}/rdr.conf"; then
+    echo "$IF_NAME $RDR_DST $1 $2 $3" >> "${bastille_jailsdir}/${JAIL_NAME}/rdr.conf"
 fi
 }
 
@@ -108,25 +108,28 @@ persist_rdr_log_rule() {
 proto=$1;host_port=$2;jail_port=$3;
 shift 3;
 log=$@;
-if ! grep -qs "$IF_NAME $proto $host_port $jail_port $log" "${bastille_jailsdir}/${JAIL_NAME}/rdr.conf"; then
-    echo "$IF_NAME $proto $host_port $jail_port $log" >> "${bastille_jailsdir}/${JAIL_NAME}/rdr.conf"
+if ! grep -qs "$IF_NAME $RDR_DST $proto $host_port $jail_port $log" "${bastille_jailsdir}/${JAIL_NAME}/rdr.conf"; then
+    echo "$IF_NAME $RDR_DST $proto $host_port $jail_port $log" >> "${bastille_jailsdir}/${JAIL_NAME}/rdr.conf"
 fi
 }
 
-
 # function: load rdr rule via pfctl
 load_rdr_rule() {
 ( pfctl -a "rdr/${JAIL_NAME}" -Psn;
-  printf '%s\nrdr pass on $%s inet proto %s to port %s -> %s port %s\n' "$EXT_IF" "${bastille_network_pf_ext_if}" "$1" "$2" "$JAIL_IP" "$3" ) \
+  printf '%s\nrdr pass on $%s inet proto %s from any to %s port %s -> %s port %s\n' "$EXT_IF" "${bastille_network_pf_ext_if}" "$1" "$RDR_DST" "$2" "$JAIL_IP" "$3" ) \
       | pfctl -a "rdr/${JAIL_NAME}" -f-
 if [ -n "$JAIL_IP6" ]; then
   ( pfctl -a "rdr/${JAIL_NAME}" -Psn;
-  printf '%s\nrdr pass on $%s inet proto %s to port %s -> %s port %s\n' "$EXT_IF" "${bastille_network_pf_ext_if}" "$1" "$2" "$JAIL_IP6" "$3" ) \
+  printf '%s\nrdr pass on $%s inet proto %s from any to %s port %s -> %s port %s\n' "$EXT_IF" "${bastille_network_pf_ext_if}" "$1" "$RDR_DST" "$2" "$JAIL_IP6" "$3" ) \
     | pfctl -a "rdr/${JAIL_NAME}" -f-
 fi
 local interface="$( echo $EXT_IF | awk -F'"' '{print $2}')"
 info "[${JAIL_NAME}]:"
-info "Redirecting: ${1} port ${2} to ${3} on ${interface}"
+if [ "${RDR_DST}" != "any" ]; then
+  info "Redirecting: ${1} port ${2} to ${3} on ${interface}:${RDR_DST}"
+else
+  info "Redirecting: ${1} port ${2} to ${3} on ${interface}"
+fi
 }
 
 # function: load rdr rule with log via pfctl
@@ -149,11 +152,19 @@ info "Redirecting: ${1} port ${2} to ${3} on ${interface}"
 
 while [ $# -gt 0 ]; do
     # Check if interface was specified, and use it instead of default
+    # Set default RDR rule to "any to any"
+    RDR_DST="any"
     if ifconfig | grep -wo "${1}"; then
-        IF_NAME="${1}"
-        EXT_IF=ext_if=\"${1}\"
+      IF_NAME="${1}"
+      EXT_IF=ext_if=\"${1}\"
+      shift
+      # Check if IP was specified for given interface
+      if ifconfig | grep -o "inet ${1}"; then
+        RDR_DST="${1}"
         shift
+      fi
     fi
+
     case "$1" in
         list)
             if [ "${TARGET}" = 'ALL' ]; then