Merge pull request #769 from tschettervictor/patch-6

Fix pfctl being invoked when NAT is not used + change ip var to ip4
2026-03-26 18:56:33 +01:00 · 2024-12-27 11:04:11 -08:00
parent 5837a256da caba006cac
commit 7d3ca7b21b
2 changed files with 9 additions and 9 deletions
--- a/usr/local/share/bastille/start.sh
+++ b/usr/local/share/bastille/start.sh
@@ -79,14 +79,14 @@ for _jail in ${JAILS}; do
        fi

        ## warn if matching configured (but not online) ip4.addr, ignore if there's no ip4.addr entry
-        ip=$(bastille config "${_jail}" get ip4.addr)
-        if [ -n "${ip}" ]; then
-            if ifconfig | grep -wF "${ip}" >/dev/null; then
-                error_notify "Error: IP address (${ip}) already in use."
+        _ip4=$(bastille config "${_jail}" get ip4.addr)
+        if [ "${_ip4}" != "not set" ]; then
+            if ifconfig | grep -wF "${_ip4}" >/dev/null; then
+                error_notify "Error: IP address (${_ip4}) already in use."
                continue
            fi
            ## add ip4.addr to firewall table
-            pfctl -q -t "${bastille_network_pf_table}" -T add "${ip}"
+            pfctl -q -t "${bastille_network_pf_table}" -T add "${_ip4}"
        fi

        ## start the container
--- a/usr/local/share/bastille/stop.sh
+++ b/usr/local/share/bastille/stop.sh
@@ -52,10 +52,10 @@ for _jail in ${JAILS}; do
    ## test if running
    if [ "$(/usr/sbin/jls name | awk "/^${_jail}$/")" ]; then
        ## Capture ip4.addr address while still running
-        _ip="$(/usr/sbin/jls -j ${_jail} ip4.addr)"
+        _ip4="$(bastille config ${_jail} get ip4.addr)"

        # Check if pfctl is present
-        if which -s pfctl; then
+        if [ "${_ip4}" != "not set" ]; then
            if [ "$(bastille rdr ${_jail} list)" ]; then
                bastille rdr ${_jail} clear
            fi
@@ -73,9 +73,9 @@ for _jail in ${JAILS}; do
        jail -f "${bastille_jailsdir}/${_jail}/jail.conf" -r "${_jail}"

        ## remove (captured above) ip4.addr from firewall table
-        if [ -n "${bastille_network_loopback}" ] && [ ! -z "${_ip}" ]; then
+        if [ -n "${bastille_network_loopback}" ] && [ "${_ip4}" != "not set" ]; then
            if grep -qw "interface.*=.*${bastille_network_loopback}" "${bastille_jailsdir}/${_jail}/jail.conf"; then
-                pfctl -q -t "${bastille_network_pf_table}" -T delete "${_ip}"
+                pfctl -q -t "${bastille_network_pf_table}" -T delete "${_ip4}"
            fi
        fi
    fi