Fix pfctl being invoked when NAT is not used + change ip var to ip4 for future ip6 implementation

2025-12-30 17:30:24 +01:00 · 2024-12-10 14:51:29 -07:00
parent 0625eafed2
commit aa17f5c4f9
1 changed files with 4 additions and 4 deletions
--- a/usr/local/share/bastille/stop.sh
+++ b/usr/local/share/bastille/stop.sh
@@ -52,10 +52,10 @@ for _jail in ${JAILS}; do
    ## test if running
    if [ "$(/usr/sbin/jls name | awk "/^${_jail}$/")" ]; then
        ## Capture ip4.addr address while still running
-        _ip="$(/usr/sbin/jls -j ${_jail} ip4.addr)"
+        _ip4="$( bastille config ${_jail} get ip4.addr )"

        # Check if pfctl is present
-        if which -s pfctl; then
+        if [ which -s pfctl ] && [ "${_ip4}" != "not set" ]; then
            if [ "$(bastille rdr ${_jail} list)" ]; then
                bastille rdr ${_jail} clear
            fi
@@ -73,9 +73,9 @@ for _jail in ${JAILS}; do
        jail -f "${bastille_jailsdir}/${_jail}/jail.conf" -r "${_jail}"

        ## remove (captured above) ip4.addr from firewall table
-        if [ -n "${bastille_network_loopback}" -a ! -z "${_ip}" ]; then
+        if [ -n "${bastille_network_loopback}" ] && [ "${_ip4}" != "not set" ]; then
            if grep -qw "interface.*=.*${bastille_network_loopback}" "${bastille_jailsdir}/${_jail}/jail.conf"; then
-                pfctl -q -t "${bastille_network_pf_table}" -T delete "${_ip}"
+                pfctl -q -t "${bastille_network_pf_table}" -T delete "${_ip4}"
            fi
        fi
    fi