Merge branch 'master' into setup-linux

2026-03-25 02:05:11 +01:00 · 2025-11-27 17:22:12 -07:00
parent 9f0b5f1cdb b573fc978e
commit 661b20e26d
1 changed files with 24 additions and 19 deletions
--- a/usr/local/share/bastille/setup.sh
+++ b/usr/local/share/bastille/setup.sh
@@ -158,26 +158,31 @@ configure_netgraph() {

        # Ensure jib script is in place for VNET jails
        if [ ! "$(command -v jng)" ]; then
-            if [ -f /usr/share/examples/jails/jng ] && [ ! -f /usr/local/bin/jng ]; then
+            if [ -f "/usr/share/examples/jails/jng" ] && [ ! -f "/usr/local/bin/jng" ]; then
                install -m 0544 /usr/share/examples/jails/jng /usr/local/bin/jng
            fi
        fi
-        sysrc -f "${BASTILLE_CONFIG}" bastille_network_vnet_type="netgraph"
+
+        NETGRAPH_MODS="netgraph ng_netflow ng_ksocket ng_ether ng_bridge ng_eiface ng_socket"
+        CONFIG_PARAMS="netgraph_load ng_netflow_load ng_ksocket_load ng_ether_load ng_bridge_load ng_eiface_load ng_socket_load"
        info "\nConfiguring netgraph modules..."
-        kldload netgraph
-        kldload ng_netflow
-        kldload ng_ksocket
-        kldload ng_ether
-        kldload ng_bridge
-        kldload ng_eiface
-        kldload ng_socket
-        sysrc -f /boot/loader.conf netgraph_load="YES"
-        sysrc -f /boot/loader.conf ng_netflow_load="YES"
-        sysrc -f /boot/loader.conf ng_ksocket_load="YES"
-        sysrc -f /boot/loader.conf ng_ether_load="YES"
-        sysrc -f /boot/loader.conf ng_bridge_load="YES"
-        sysrc -f /boot/loader.conf ng_eiface_load="YES"
-        sysrc -f /boot/loader.conf ng_socket_load="YES"
+
+        # Load requried netgraph kernel modules
+        for _ng_kmod in ${NETGRAPH_MODS}; do
+            if ! kldstat -qm ${_ng_kmod}; then
+                kldload ${_ng_kmod}
+            fi
+        done
+
+        # Write required netgraph params to config file
+        for _conf_param in ${CONFIG_PARAMS}; do
+            if ! sysrc -f /boot/loader.conf -qc ${_conf_param}=YES; then
+                sysrc -f /boot/loader.conf ${_conf_param}="YES"
+            fi
+        done
+
+        # Set bastille_network_vnet_type to netgraph
+        sysrc -f "${BASTILLE_CONFIG}" bastille_network_vnet_type="netgraph"
        info "\nNetgraph has been successfully configured!"
    else
        info "\nNetgraph has already been configured!"
@@ -306,20 +311,20 @@ configure_vnet() {
    # Ensure proper jail helper script
    if [ "${bastille_network_vnet_type}" = "if_bridge" ]; then
        if [ ! "$(command -v jib)" ]; then
-            if [ -f /usr/share/examples/jails/jib ] && [ ! -f /usr/local/bin/jib ]; then
+            if [ -f "/usr/share/examples/jails/jib" ] && [ ! -f "/usr/local/bin/jib" ]; then
                install -m 0544 /usr/share/examples/jails/jib /usr/local/bin/jib
            fi
        fi
    elif [ "${bastille_network_vnet_type}" = "netgraph" ]; then
        if [ ! "$(command -v jng)" ]; then
-            if [ -f /usr/share/examples/jails/jng ] && [ ! -f /usr/local/bin/jng ]; then
+            if [ -f "/usr/share/examples/jails/jng" ] && [ ! -f "/usr/local/bin/jng" ]; then
                install -m 0544 /usr/share/examples/jails/jng /usr/local/bin/jng
            fi
        fi
    fi

    # Create default VNET ruleset
-    if [ ! -f /etc/devfs.rules ] || ! grep -oq "bastille_vnet=13" /etc/devfs.rules; then
+    if [ ! -f "/etc/devfs.rules" ] || ! grep -oq "bastille_vnet=13" /etc/devfs.rules; then
        info "\nCreating bastille_vnet devfs.rules"
        cat << EOF > /etc/devfs.rules
 [bastille_vnet=13]