Merge pull request #641 from BastilleBSD/setup_vnet

add support for bastille_vnet devfs.rules in bastille setup
2025-12-24 19:22:26 +01:00 · 2023-11-25 17:21:49 -07:00
parent 32d67aea40 dd60e7f175
commit bce28bf89a
1 changed files with 13 additions and 0 deletions
--- a/usr/local/share/bastille/setup.sh
+++ b/usr/local/share/bastille/setup.sh
@@ -57,6 +57,19 @@ configure_vnet() {

    info "Bringing up new interface: bastille1"
    service netif cloneup
+
+    if [ ! -f /etc/devfs.rules ]; then
+        info "Creating bastille_vnet devfs.rules"
+        cat << EOF > /etc/devfs.rules
+[bastille_vnet=13]
+add include \$devfsrules_hide_all
+add include \$devfsrules_unhide_basic
+add include \$devfsrules_unhide_login
+add include \$devfsrules_jail
+add include \$devfsrules_jail_vnet
+add path 'bpf*' unhide
+EOF
+    fi
 }

 # Configure pf firewall