From be6885eb3e005631f5dccae59de332936cbcb10f Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Sun, 2 Mar 2025 17:47:18 -0700 Subject: [PATCH] stop: Do not attempt any pf actions if it has not been configured --- usr/local/share/bastille/stop.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/usr/local/share/bastille/stop.sh b/usr/local/share/bastille/stop.sh index faafe4cc..124cef24 100644 --- a/usr/local/share/bastille/stop.sh +++ b/usr/local/share/bastille/stop.sh @@ -91,7 +91,7 @@ for _jail in ${JAILS}; do check_target_is_running "${_jail}" || error_continue "Jail is already stopped." # Remove RDR rules - if [ "$(bastille config ${_jail} get vnet)" != "enabled" ]; then + if [ "$(bastille config ${_jail} get vnet)" != "enabled" ] && [ -f "${bastille_pf_conf}" ]; then _ip4="$(bastille config ${_jail} get ip4.addr | sed 's/,/ /g')" _ip6="$(bastille config ${_jail} get ip6.addr | sed 's/,/ /g')" if [ "${_ip4}" != "not set" ] || [ "${_ip6}" != "not set" ]; then @@ -114,17 +114,17 @@ for _jail in ${JAILS}; do jail ${OPTION} -f "${bastille_jailsdir}/${_jail}/jail.conf" -r "${_jail}" # Remove (captured above) IPs from firewall table - if [ "${_ip4}" != "not set" ]; then + if [ "${_ip4}" != "not set" ] && [ -f "${bastille_pf_conf}" ]; then for _ip in ${_ip4}; do if echo "${_ip}" | grep -q "|"; then _ip="$(echo ${_ip} | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')" else _ip="$(echo ${_ip} | sed -E 's#/[0-9]+$##g')" fi - pfctl -q -t "${bastille_network_pf_table}" -T delete "${_ip}" + pfctl -q -t "${bastille_network_pf_table}" -T delete "${_ip}" done fi - if [ "${_ip6}" != "not set" ]; then + if [ "${_ip6}" != "not set" ] && [ -f "${bastille_pf_conf}" ]; then for _ip in ${_ip6}; do if echo "${_ip}" | grep -q "|"; then _ip="$(echo ${_ip} | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')"